From 05a6b8aa42e0c3d34dd9f4512a8e631c7c28f05b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Timoth=C3=A9e=20Floure?= Date: Fri, 15 May 2020 07:57:16 +0200 Subject: [PATCH 001/164] Import __matterbridge type from ungleich's dot-cdist --- .../files/matterbridge.service.sh | 18 ++++ type/__matterbridge/man.rst | 56 ++++++++++ type/__matterbridge/manifest | 101 ++++++++++++++++++ type/__matterbridge/parameter/required | 2 + type/__matterbridge/singleton | 0 5 files changed, 177 insertions(+) create mode 100755 type/__matterbridge/files/matterbridge.service.sh create mode 100644 type/__matterbridge/man.rst create mode 100755 type/__matterbridge/manifest create mode 100644 type/__matterbridge/parameter/required create mode 100644 type/__matterbridge/singleton diff --git a/type/__matterbridge/files/matterbridge.service.sh b/type/__matterbridge/files/matterbridge.service.sh new file mode 100755 index 0000000..9dbd1cb --- /dev/null +++ b/type/__matterbridge/files/matterbridge.service.sh @@ -0,0 +1,18 @@ +#!/bin/sh + +cat <`_ + + +AUTHORS +------- +Timothée Floure + + +COPYING +------- +Copyright \(C) 2020 Timothée Floure. You can redistribute it +and/or modify it under the terms of the GNU General Public License as +published by the Free Software Foundation, either version 3 of the +License, or (at your option) any later version. diff --git a/type/__matterbridge/manifest b/type/__matterbridge/manifest new file mode 100755 index 0000000..56f470a --- /dev/null +++ b/type/__matterbridge/manifest @@ -0,0 +1,101 @@ +#!/bin/sh -e +# +# 2020 Timothée Floure (timothee.floure@ungleich.ch) +# +# This file is part of cdist. +# +# cdist is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# cdist is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with cdist. If not, see . +# + +os=$(cat "$__global/explorer/os") +case "$os" in + debian) + # This type assume systemd for service installation. + ;; + *) + printf "Your operating system (%s) is currently not supported by this type (%s)\n" "$os" "${__type##*/}" >&2 + printf "Please contribute an implementation for it if you can.\n" >&2 + exit 1 + ;; +esac + +# Required parameters. +VERSION=$(cat "$__object/parameter/version") +if [ -f "$__object/parameter/config" ]; then + CONFIG="$(cat "$__object/parameter/config")" + if [ "$CONFIG" = "-" ]; then + CONFIG=$(cat "$__object/stdin") + fi +fi + +# Hardcoded values used in templates. +export BINARY_PATH=/usr/local/bin/matterbridge +export CONFIG_PATH=/etc/matterbridge/matterbridge.toml +export USER=matterbridge +export GROUP=$USER + +# Internal variables. +artefact="matterbridge-$VERSION-linux-64bit" +checksum_file="checksums.txt" +release_download_url=https://github.com/42wim/matterbridge/releases/download +binary_url="$release_download_url/v$VERSION/$artefact" +checksum_file_url="$release_download_url/v$VERSION/$checksum_file" +config_dir=$(dirname $CONFIG_PATH) +systemd_unit_path='/etc/systemd/system/matterbridge.service' + +# Check if curl is available. +if [ ! -x "$(which curl)" ]; then + echo "curl is required for this type, but could not be found. Exiting." &>2 + exit 1 +fi + +# Initialize working directory. +mkdir -p "$__object/files" + +# Download and check matterbridge binary. +curl -L $binary_url -o "$__object/files/$artefact" +curl -Ls $checksum_file_url | grep $artefact > "$__object/files/$checksum_file" +ls $__object/files/ >&2 +cat $__object/files/checksums.txt >&2 +(cd "$__object/files"; sha256sum --check $checksum_file) +if [ $? -ne 0 ]; then + echo "Matterbridge binary checksum failed." >&2 + exit 1 +fi + +# Create service user. +__user $USER --home "/var/lib/$USER" + +# Deploy matterbridge binary. +require="__user/$USER" __file "$BINARY_PATH" \ + --source "$__object/files/$artefact" \ + --owner "$USER" --mode 755 + +# Generate and deploy configuration file. +"$__type/files/matterbridge.service.sh" > "$__object/files/matterbridge.service" + +require="__user/$USER" __directory "$config_dir" \ + --owner "$USER" --mode 0755 --parents \ + +require="__directory/$config_dir" __file "$CONFIG_PATH" \ + --owner "$USER" \ + --mode 0640 \ + --source "$CONFIG" + +__file "$systemd_unit_path" \ + --source "$__object/files/matterbridge.service" + +# Deal with init system. +require="__file/$systemd_unit_path" __start_on_boot matterbridge +require="__file/$BINARY_PATH __file/$CONFIG_PATH __file/$systemd_unit_path" __service matterbridge --action restart diff --git a/type/__matterbridge/parameter/required b/type/__matterbridge/parameter/required new file mode 100644 index 0000000..ed5d8b3 --- /dev/null +++ b/type/__matterbridge/parameter/required @@ -0,0 +1,2 @@ +version +config diff --git a/type/__matterbridge/singleton b/type/__matterbridge/singleton new file mode 100644 index 0000000..e69de29 From 43562ff09c7ab44f42e37893df5dc48af1b1e15e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Timoth=C3=A9e=20Floure?= Date: Fri, 15 May 2020 08:08:45 +0200 Subject: [PATCH 002/164] Make __matterbridge shellcheck-friendly --- type/__matterbridge/manifest | 13 +++++-------- 1 file changed, 5 insertions(+), 8 deletions(-) diff --git a/type/__matterbridge/manifest b/type/__matterbridge/manifest index 56f470a..ef02112 100755 --- a/type/__matterbridge/manifest +++ b/type/__matterbridge/manifest @@ -55,8 +55,8 @@ config_dir=$(dirname $CONFIG_PATH) systemd_unit_path='/etc/systemd/system/matterbridge.service' # Check if curl is available. -if [ ! -x "$(which curl)" ]; then - echo "curl is required for this type, but could not be found. Exiting." &>2 +if ! command -v curl; then + echo "curl is required for this type, but could not be found. Exiting." >&2 exit 1 fi @@ -64,12 +64,9 @@ fi mkdir -p "$__object/files" # Download and check matterbridge binary. -curl -L $binary_url -o "$__object/files/$artefact" -curl -Ls $checksum_file_url | grep $artefact > "$__object/files/$checksum_file" -ls $__object/files/ >&2 -cat $__object/files/checksums.txt >&2 -(cd "$__object/files"; sha256sum --check $checksum_file) -if [ $? -ne 0 ]; then +curl -L "$binary_url" -o "$__object/files/$artefact" +curl -Ls "$checksum_file_url" | grep "$artefact" > "$__object/files/$checksum_file" +if ! (cd "$__object/files"; sha256sum --check $checksum_file); then echo "Matterbridge binary checksum failed." >&2 exit 1 fi From 6b1e055d3dcc91b6aabdcaab39552821a230008a Mon Sep 17 00:00:00 2001 From: Evilham Date: Wed, 27 May 2020 18:34:06 +0200 Subject: [PATCH 003/164] [__root_mail_dma] Add new role to manage local root mail. This type has been tested in FreeBSD and Debian-like systems (Debian, Devuan, Ubuntu). --- type/__root_mail_dma/files/aliases | 68 ++++++++ type/__root_mail_dma/gencode-remote | 20 +++ type/__root_mail_dma/man.rst | 83 ++++++++++ type/__root_mail_dma/manifest | 153 ++++++++++++++++++ type/__root_mail_dma/parameter/boolean | 1 + type/__root_mail_dma/parameter/optional | 1 + type/__root_mail_dma/parameter/required | 1 + .../parameter/required_multiple | 1 + type/__root_mail_dma/singleton | 0 9 files changed, 328 insertions(+) create mode 100644 type/__root_mail_dma/files/aliases create mode 100755 type/__root_mail_dma/gencode-remote create mode 100644 type/__root_mail_dma/man.rst create mode 100755 type/__root_mail_dma/manifest create mode 100644 type/__root_mail_dma/parameter/boolean create mode 100644 type/__root_mail_dma/parameter/optional create mode 100644 type/__root_mail_dma/parameter/required create mode 100644 type/__root_mail_dma/parameter/required_multiple create mode 100644 type/__root_mail_dma/singleton diff --git a/type/__root_mail_dma/files/aliases b/type/__root_mail_dma/files/aliases new file mode 100644 index 0000000..d341318 --- /dev/null +++ b/type/__root_mail_dma/files/aliases @@ -0,0 +1,68 @@ +# Based off FreeBSD's /etc/aliases +# +# >>>>>>>>>> The program "newaliases" must be run after +# >> NOTE >> this file is updated for any changes to +# >>>>>>>>>> show through to sendmail. +# +# +# See also RFC 2142, `MAILBOX NAMES FOR COMMON SERVICES, ROLES +# AND FUNCTIONS', May 1997 +# http://tools.ietf.org/html/rfc2142 + +# Pretty much everything else in this file points to "root", so +# you would do well in either reading root's mailbox or forwarding +# root's email from here. + +# root: me@my.domain + + +# Basic system aliases -- these MUST be present +MAILER-DAEMON: postmaster +postmaster: root + +# General redirections for pseudo accounts +_dhcp: root +_pflogd: root +auditdistd: root +bin: root +bind: root +daemon: root +games: root +hast: root +kmem: root +mailnull: postmaster +man: root +news: root +nobody: root +operator: root +pop: root +proxy: root +smmsp: postmaster +sshd: root +system: root +toor: root +tty: root +usenet: news +uucp: root + +# Well-known aliases -- these should be filled in! +manager: root +dumper: root + +# BUSINESS-RELATED MAILBOX NAMES +info: root +marketing: root +sales: root +support: root + +# NETWORK OPERATIONS MAILBOX NAMES +abuse: root +noc: root +security: root + +# SUPPORT MAILBOX NAMES FOR SPECIFIC INTERNET SERVICES +ftp: root +ftp-bugs: ftp +hostmaster: root +webmaster: root +www: webmaster diff --git a/type/__root_mail_dma/gencode-remote b/type/__root_mail_dma/gencode-remote new file mode 100755 index 0000000..2961c09 --- /dev/null +++ b/type/__root_mail_dma/gencode-remote @@ -0,0 +1,20 @@ +#!/bin/sh -e + +if [ -f "${__object}/parameter/send-test-email" ]; then + SEND_EMAIL="YES" +fi + +if [ "${SEND_EMAIL}" != "YES" ]; then + exit 0 +fi + +cat <`_ +- `DragonFly Handbook MTA `_ + + +AUTHORS +------- +Evilham + + +COPYING +------- +Copyright \(C) 2020 Evilham. You can redistribute it +and/or modify it under the terms of the GNU General Public License as +published by the Free Software Foundation, either version 3 of the +License, or (at your option) any later version. diff --git a/type/__root_mail_dma/manifest b/type/__root_mail_dma/manifest new file mode 100755 index 0000000..abcaa5b --- /dev/null +++ b/type/__root_mail_dma/manifest @@ -0,0 +1,153 @@ +#!/bin/sh -e + +os="$(cat "${__global}/explorer/os")" + +root_email="$(tr '\n' ',' < "${__object}/parameter/root-email" | sed -E 's/,+$//')" +smart_host="$(cat "${__object}/parameter/smart-host")" + +if [ -f "${__object}/parameter/mailname" ]; then + mailname="$(cat "${__object}/parameter/mailname")" +else + # default mailname behaviour is different in certain systems + case ${os} in + debian|devuan|ubuntu) + # Debian-like default to /etc/mailname + mailname="/etc/mailname" + ;; + *) + # Otherwise let's use the hostname + mailname="${__target_host}" + ;; + esac +fi + +aliases_file=/etc/mail/aliases +case ${os} in + debian|devuan|ubuntu) + # Debian-like requires installing DMA + __package dma + # Moving forward without DMA doesn't make much sense + export require="__package/dma" + aliases_file=/etc/aliases + ;; + freebsd) + # Disable sendmail + stop if necessary + __key_value \ + --file "/etc/rc.conf" \ + --comment "# Disable sendmail " \ + --key "sendmail_enable" \ + --delimiter "=" \ + --value "NONE" \ + --onchange "service sendmail onestop || true" \ + "sendmail_enable" + # Setup mailwrapper accordingly + __file /etc/mail/mailer.conf \ + --mode 0644 \ + --source '-' < /dev/stderr < Date: Fri, 29 May 2020 17:33:23 +0200 Subject: [PATCH 004/164] Rename __root_mail_dma to __dma to prepare for new types --- type/{__root_mail_dma => __dma}/files/aliases | 0 type/{__root_mail_dma => __dma}/gencode-remote | 0 type/{__root_mail_dma => __dma}/man.rst | 6 +++--- type/{__root_mail_dma => __dma}/manifest | 0 type/{__root_mail_dma => __dma}/parameter/boolean | 0 type/{__root_mail_dma => __dma}/parameter/optional | 0 type/{__root_mail_dma => __dma}/parameter/required | 0 type/{__root_mail_dma => __dma}/parameter/required_multiple | 0 type/{__root_mail_dma => __dma}/singleton | 0 9 files changed, 3 insertions(+), 3 deletions(-) rename type/{__root_mail_dma => __dma}/files/aliases (100%) rename type/{__root_mail_dma => __dma}/gencode-remote (100%) rename type/{__root_mail_dma => __dma}/man.rst (94%) rename type/{__root_mail_dma => __dma}/manifest (100%) rename type/{__root_mail_dma => __dma}/parameter/boolean (100%) rename type/{__root_mail_dma => __dma}/parameter/optional (100%) rename type/{__root_mail_dma => __dma}/parameter/required (100%) rename type/{__root_mail_dma => __dma}/parameter/required_multiple (100%) rename type/{__root_mail_dma => __dma}/singleton (100%) diff --git a/type/__root_mail_dma/files/aliases b/type/__dma/files/aliases similarity index 100% rename from type/__root_mail_dma/files/aliases rename to type/__dma/files/aliases diff --git a/type/__root_mail_dma/gencode-remote b/type/__dma/gencode-remote similarity index 100% rename from type/__root_mail_dma/gencode-remote rename to type/__dma/gencode-remote diff --git a/type/__root_mail_dma/man.rst b/type/__dma/man.rst similarity index 94% rename from type/__root_mail_dma/man.rst rename to type/__dma/man.rst index ecf2885..a10c6c2 100644 --- a/type/__root_mail_dma/man.rst +++ b/type/__dma/man.rst @@ -1,9 +1,9 @@ -cdist-type__root_mail_dma(7) +cdist-type__dma(7) ============================ NAME ---- -cdist-type__root_mail_dma - Setup root email with the DragonFly Mail Agent +cdist-type__dma - Setup the DragonFly Mail Agent as the MTA. DESCRIPTION @@ -57,7 +57,7 @@ EXAMPLES # Send root email to both our BOFH and the nice-admin. # That way they can figure things out together. - __root_mail_dma \ + __dma \ --root-email bofh@domain.tld \ --root-email nice-admin@domain.tld \ --smart-host mx1.domain.tld \ diff --git a/type/__root_mail_dma/manifest b/type/__dma/manifest similarity index 100% rename from type/__root_mail_dma/manifest rename to type/__dma/manifest diff --git a/type/__root_mail_dma/parameter/boolean b/type/__dma/parameter/boolean similarity index 100% rename from type/__root_mail_dma/parameter/boolean rename to type/__dma/parameter/boolean diff --git a/type/__root_mail_dma/parameter/optional b/type/__dma/parameter/optional similarity index 100% rename from type/__root_mail_dma/parameter/optional rename to type/__dma/parameter/optional diff --git a/type/__root_mail_dma/parameter/required b/type/__dma/parameter/required similarity index 100% rename from type/__root_mail_dma/parameter/required rename to type/__dma/parameter/required diff --git a/type/__root_mail_dma/parameter/required_multiple b/type/__dma/parameter/required_multiple similarity index 100% rename from type/__root_mail_dma/parameter/required_multiple rename to type/__dma/parameter/required_multiple diff --git a/type/__root_mail_dma/singleton b/type/__dma/singleton similarity index 100% rename from type/__root_mail_dma/singleton rename to type/__dma/singleton From a491e8739efb6753d52ede2ee58ba5a93247d1b4 Mon Sep 17 00:00:00 2001 From: Dennis Camera Date: Fri, 29 May 2020 17:33:40 +0200 Subject: [PATCH 005/164] Add __dma_auth type --- type/__dma_auth/gencode-remote | 20 +++++++++++++ type/__dma_auth/man.rst | 53 ++++++++++++++++++++++++++++++++++ type/__dma_auth/manifest | 30 +++++++++++++++++++ 3 files changed, 103 insertions(+) create mode 100755 type/__dma_auth/gencode-remote create mode 100644 type/__dma_auth/man.rst create mode 100755 type/__dma_auth/manifest diff --git a/type/__dma_auth/gencode-remote b/type/__dma_auth/gencode-remote new file mode 100755 index 0000000..77ad9d2 --- /dev/null +++ b/type/__dma_auth/gencode-remote @@ -0,0 +1,20 @@ +#!/bin/sh -e +# +# 2020 Dennis Camera (dennis.camera@ssrq-sds-fds.ch) +# +# This file is part of cdist. +# +# cdist is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# cdist is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with cdist. If not, see . +# + diff --git a/type/__dma_auth/man.rst b/type/__dma_auth/man.rst new file mode 100644 index 0000000..cd4f647 --- /dev/null +++ b/type/__dma_auth/man.rst @@ -0,0 +1,53 @@ +cdist-type__dma_auth(7) +======================= + +NAME +---- +cdist-type__dma_auth - TODO + + +DESCRIPTION +----------- +This space intentionally left blank. + + +REQUIRED PARAMETERS +------------------- +None. + + +OPTIONAL PARAMETERS +------------------- +None. + + +BOOLEAN PARAMETERS +------------------ +None. + + +EXAMPLES +-------- + +.. code-block:: sh + + # TODO + __dma_auth + + +SEE ALSO +-------- +:strong:`TODO`\ (7) + + +AUTHORS +------- +Dennis Camera + + +COPYING +------- +Copyright \(C) 2020 Dennis Camera. You can redistribute it +and/or modify it under the terms of the GNU General Public License as +published by the Free Software Foundation, either version 3 of the +License, or (at your option) any later version. diff --git a/type/__dma_auth/manifest b/type/__dma_auth/manifest new file mode 100755 index 0000000..e0c809a --- /dev/null +++ b/type/__dma_auth/manifest @@ -0,0 +1,30 @@ +#!/bin/sh -e +# +# 2020 Dennis Camera (dennis.camera@ssrq-sds-fds.ch) +# +# This file is part of cdist. +# +# cdist is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# cdist is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with cdist. If not, see . +# + + +os=$(cat "$__global/explorer/os") + +case "$os" in + *) + printf "Your operating system (%s) is currently not supported by this type (%s)\n" "$os" "${__type##*/}" >&2 + printf "Please contribute an implementation for it if you can.\n" >&2 + exit 1 + ;; +esac From 98496aa8e5c8463b59263f20daa162bed9b63dfa Mon Sep 17 00:00:00 2001 From: Dennis Camera Date: Fri, 29 May 2020 17:33:52 +0200 Subject: [PATCH 006/164] Add __mail_alias type --- type/__mail_alias/gencode-remote | 20 ++++++++++++ type/__mail_alias/man.rst | 53 ++++++++++++++++++++++++++++++++ type/__mail_alias/manifest | 30 ++++++++++++++++++ 3 files changed, 103 insertions(+) create mode 100755 type/__mail_alias/gencode-remote create mode 100644 type/__mail_alias/man.rst create mode 100755 type/__mail_alias/manifest diff --git a/type/__mail_alias/gencode-remote b/type/__mail_alias/gencode-remote new file mode 100755 index 0000000..77ad9d2 --- /dev/null +++ b/type/__mail_alias/gencode-remote @@ -0,0 +1,20 @@ +#!/bin/sh -e +# +# 2020 Dennis Camera (dennis.camera@ssrq-sds-fds.ch) +# +# This file is part of cdist. +# +# cdist is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# cdist is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with cdist. If not, see . +# + diff --git a/type/__mail_alias/man.rst b/type/__mail_alias/man.rst new file mode 100644 index 0000000..d9563a6 --- /dev/null +++ b/type/__mail_alias/man.rst @@ -0,0 +1,53 @@ +cdist-type__mail_alias(7) +========================= + +NAME +---- +cdist-type__mail_alias - TODO + + +DESCRIPTION +----------- +This space intentionally left blank. + + +REQUIRED PARAMETERS +------------------- +None. + + +OPTIONAL PARAMETERS +------------------- +None. + + +BOOLEAN PARAMETERS +------------------ +None. + + +EXAMPLES +-------- + +.. code-block:: sh + + # TODO + __mail_alias + + +SEE ALSO +-------- +:strong:`TODO`\ (7) + + +AUTHORS +------- +Dennis Camera + + +COPYING +------- +Copyright \(C) 2020 Dennis Camera. You can redistribute it +and/or modify it under the terms of the GNU General Public License as +published by the Free Software Foundation, either version 3 of the +License, or (at your option) any later version. diff --git a/type/__mail_alias/manifest b/type/__mail_alias/manifest new file mode 100755 index 0000000..e0c809a --- /dev/null +++ b/type/__mail_alias/manifest @@ -0,0 +1,30 @@ +#!/bin/sh -e +# +# 2020 Dennis Camera (dennis.camera@ssrq-sds-fds.ch) +# +# This file is part of cdist. +# +# cdist is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# cdist is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with cdist. If not, see . +# + + +os=$(cat "$__global/explorer/os") + +case "$os" in + *) + printf "Your operating system (%s) is currently not supported by this type (%s)\n" "$os" "${__type##*/}" >&2 + printf "Please contribute an implementation for it if you can.\n" >&2 + exit 1 + ;; +esac From 3adc4f160998776033934d65ba22f1666c9e0b4b Mon Sep 17 00:00:00 2001 From: Dennis Camera Date: Sat, 30 May 2020 17:24:26 +0200 Subject: [PATCH 007/164] [type/__mail_alias] Implement type --- type/__mail_alias/explorer/aliases | 59 ++++++++++ .../{manifest => explorer/aliases_file} | 38 ++++-- type/__mail_alias/gencode-remote | 108 ++++++++++++++++++ type/__mail_alias/man.rst | 21 +++- type/__mail_alias/parameter/default/state | 1 + type/__mail_alias/parameter/optional | 1 + type/__mail_alias/parameter/optional_multiple | 1 + 7 files changed, 215 insertions(+), 14 deletions(-) create mode 100755 type/__mail_alias/explorer/aliases rename type/__mail_alias/{manifest => explorer/aliases_file} (56%) mode change 100755 => 100644 create mode 100644 type/__mail_alias/parameter/default/state create mode 100644 type/__mail_alias/parameter/optional create mode 100644 type/__mail_alias/parameter/optional_multiple diff --git a/type/__mail_alias/explorer/aliases b/type/__mail_alias/explorer/aliases new file mode 100755 index 0000000..ce1a439 --- /dev/null +++ b/type/__mail_alias/explorer/aliases @@ -0,0 +1,59 @@ +#!/bin/sh -e +# +# 2020 Dennis Camera (dennis.camera at ssrq-sds-fds.ch) +# +# This file is part of cdist. +# +# cdist is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# cdist is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with cdist. If not, see . +# +# Find aliases for a given name and print the aliases line separated + +aliases_file=$("${__type_explorer}/aliases_file") +test -r "${aliases_file}" || exit 0 + +name=$__object_id + +awk -F ':[[:blank:]]*' ' +function print_aliases (aliases, matches) { + split(aliases, matches, /,[[:blank:]]*/) + for (i in matches) { + gsub(/^[[:blank:]]*|[[:blank:]]*$/, "", matches[i]) + print matches[i] + } +} + +/^#/ { + # comment + select = 0; cont = 0; next +} + +{ + cont = ($0 ~ /\\$/) + if (cont) sub(/[[:blank:]]*\\$/, "", $0) +} + +/^[[:blank:]]/ || cont { + # continuation line + if (select) print_aliases($0) + next +} + +$1 == ENVIRON["__object_id"] { + select = 1 + print_aliases($2) + next +} + +{ select = 0 } +' "${aliases_file}" diff --git a/type/__mail_alias/manifest b/type/__mail_alias/explorer/aliases_file old mode 100755 new mode 100644 similarity index 56% rename from type/__mail_alias/manifest rename to type/__mail_alias/explorer/aliases_file index e0c809a..f7c4596 --- a/type/__mail_alias/manifest +++ b/type/__mail_alias/explorer/aliases_file @@ -1,6 +1,6 @@ #!/bin/sh -e # -# 2020 Dennis Camera (dennis.camera@ssrq-sds-fds.ch) +# 2020 Dennis Camera (dennis.camera at ssrq-sds-fds.ch) # # This file is part of cdist. # @@ -17,14 +17,36 @@ # You should have received a copy of the GNU General Public License # along with cdist. If not, see . # +# This explorer tries to find the correct aliases file. +found() { echo "$*"; exit 0; } -os=$(cat "$__global/explorer/os") +check_file() { + if test -f "$1" + then + found "$1" + fi +} -case "$os" in - *) - printf "Your operating system (%s) is currently not supported by this type (%s)\n" "$os" "${__type##*/}" >&2 - printf "Please contribute an implementation for it if you can.\n" >&2 - exit 1 - ;; +case $("$__explorer/os") +in + (freebsd|openbsd|solaris) + check_file /etc/mail/aliases + + # default + found /etc/mail/aliases + ;; + (debian|devuan|ubuntu) + check_file /etc/aliases + + # default + found /etc/aliases + ;; + (*) + check_file /etc/mail/aliases + check_file /etc/aliases + + # default + found /etc/mail/aliases + ;; esac diff --git a/type/__mail_alias/gencode-remote b/type/__mail_alias/gencode-remote index 77ad9d2..a93dff2 100755 --- a/type/__mail_alias/gencode-remote +++ b/type/__mail_alias/gencode-remote @@ -18,3 +18,111 @@ # along with cdist. If not, see . # +state_should=$(cat "${__object}/parameter/state") + +case $state_should +in + (present) + if cmp "${__object}/explorer/aliases" "${__object}/parameter/alias" + then + # all good! + exit 0 + fi + + echo "set aliases" >>"$__messages_out" + mode=1 + ;; + (absent) + # nothing to do if no aliases found. + test -s "${__object}/explorer/aliases" || exit 0 + + echo "delete aliases" >>"$__messages_out" + mode=0 + ;; + (*) + printf 'Invalid --state given: %s\n' "$state_should" >&2 + exit 1 +esac + +aliases_file=$(cat "${__object}/explorer/aliases_file") + +if test -z "${aliases_file}" +then + echo 'Could not determine aliases file path.' >&2 + exit 1 +fi + +# "export" variables to remote +printf 'mode=%u\n' "${mode}" +printf "aliases_file='%s'\n" "${aliases_file}" + +cat <<'EOF' +awk -F ':[[:blank:]]*' -v mode="${mode}" ' +function sepafter(f, default, _) { + _ = substr($0, length($f) + 1, index(substr($0, length($f)+1), $(f+1)) - 1) + if (_) return _ + else return default +} + +function write_aliases() { + if (aliases_written) return + + printf "%s%s", ENVIRON["__object_id"], sepafter(1, ": ") + while ((getline < aliases_should_file) > 0) { + if (aliases_written) printf ", " + printf "%s", $0 + aliases_written = 1 + } + printf "\n" + close(aliases_should_file) +} + +BEGIN { + aliases_should_file = (ENVIRON["__object"] "/parameter/alias") +} + +/^#/ { + # comment + select = 0; cont = 0 + print + next +} + +{ + cont = ($0 ~ /\\$/) + if (cont) sub(/[[:blank:]]*\\$/, "", $0) +} + +/^[[:blank:]]/ || cont { + # continuation line + if (select) next +} + +$1 == ENVIRON["__object_id"] { + in_list = 1 + if (mode) write_aliases() + next +} + +{ + in_list = 0 + print +} + +END { + # if the last line as an alias definition, the separator will be reused + if (mode && !aliases_written) write_aliases() +} +' <"${aliases_file}" >"${aliases_file}.tmp" || { + echo 'Generating new aliases file failed!' >&2 + exit 1 +} + +if ! cmp "${aliases_file}" "${aliases_file}.tmp" +then + mv "${aliases_file}.tmp" "${aliases_file}" + newaliases +else + rm "${aliases_file}.tmp" +fi +EOF diff --git a/type/__mail_alias/man.rst b/type/__mail_alias/man.rst index d9563a6..d6c7873 100644 --- a/type/__mail_alias/man.rst +++ b/type/__mail_alias/man.rst @@ -3,12 +3,12 @@ cdist-type__mail_alias(7) NAME ---- -cdist-type__mail_alias - TODO +cdist-type__mail_alias - Manage mail aliases. DESCRIPTION ----------- -This space intentionally left blank. +This cdist type allows you to configure mail aliases (/etc/mail/aliases). REQUIRED PARAMETERS @@ -18,7 +18,14 @@ None. OPTIONAL PARAMETERS ------------------- -None. +state + 'present' or 'absent', defaults to 'present' +alias + the aliases where mail for the given user should be redirected to. + This parameter can be specified multiple times to redirect to more than one + recipient. + See the `aliases(5)` man page for the different forms this parameter can + take.. BOOLEAN PARAMETERS @@ -31,13 +38,15 @@ EXAMPLES .. code-block:: sh - # TODO - __mail_alias + # Redirect root mail to a "real" email address + __mail_alias root --alias admin@example.com + # Disable redirection of mail for joe + __mail_alias joe --state absent SEE ALSO -------- -:strong:`TODO`\ (7) +:strong:`aliases`\ (5) AUTHORS diff --git a/type/__mail_alias/parameter/default/state b/type/__mail_alias/parameter/default/state new file mode 100644 index 0000000..e7f6134 --- /dev/null +++ b/type/__mail_alias/parameter/default/state @@ -0,0 +1 @@ +present diff --git a/type/__mail_alias/parameter/optional b/type/__mail_alias/parameter/optional new file mode 100644 index 0000000..ff72b5c --- /dev/null +++ b/type/__mail_alias/parameter/optional @@ -0,0 +1 @@ +state diff --git a/type/__mail_alias/parameter/optional_multiple b/type/__mail_alias/parameter/optional_multiple new file mode 100644 index 0000000..d077ed8 --- /dev/null +++ b/type/__mail_alias/parameter/optional_multiple @@ -0,0 +1 @@ +alias From a5f3f3cdafe77f5aae075d1a0c053a9a36475463 Mon Sep 17 00:00:00 2001 From: Dennis Camera Date: Sat, 30 May 2020 18:27:13 +0200 Subject: [PATCH 008/164] [type/__dma_auth] Implement type --- type/__dma_auth/{manifest => explorer/logins} | 29 ++++++--- type/__dma_auth/gencode-remote | 62 +++++++++++++++++++ type/__dma_auth/man.rst | 27 +++++--- type/__dma_auth/parameter/default/state | 1 + type/__dma_auth/parameter/optional | 2 + type/__dma_auth/parameter/required | 2 + 6 files changed, 106 insertions(+), 17 deletions(-) rename type/__dma_auth/{manifest => explorer/logins} (55%) mode change 100755 => 100644 create mode 100644 type/__dma_auth/parameter/default/state create mode 100644 type/__dma_auth/parameter/optional create mode 100644 type/__dma_auth/parameter/required diff --git a/type/__dma_auth/manifest b/type/__dma_auth/explorer/logins old mode 100755 new mode 100644 similarity index 55% rename from type/__dma_auth/manifest rename to type/__dma_auth/explorer/logins index e0c809a..0ed6bc1 --- a/type/__dma_auth/manifest +++ b/type/__dma_auth/explorer/logins @@ -1,6 +1,6 @@ #!/bin/sh -e # -# 2020 Dennis Camera (dennis.camera@ssrq-sds-fds.ch) +# 2020 Dennis Camera (dennis.camera at ssrq-sds-fds.ch) # # This file is part of cdist. # @@ -17,14 +17,25 @@ # You should have received a copy of the GNU General Public License # along with cdist. If not, see . # +# This explorer lines matching user + server in /etc/dma/auth.conf and reports +# their cksum. +test -r /etc/dma/auth.conf || exit 0 -os=$(cat "$__global/explorer/os") +if test -f "${__object}/parameter/login" +then + login=$(cat "${__object}/parameter/login") +else + login=$__object_id +fi +server=$(cat "${__object}/parameter/server") -case "$os" in - *) - printf "Your operating system (%s) is currently not supported by this type (%s)\n" "$os" "${__type##*/}" >&2 - printf "Please contribute an implementation for it if you can.\n" >&2 - exit 1 - ;; -esac +regex=$(printf '^%s|%s:' "$login" "$server") + +grep -e "${regex}" /etc/dma/auth.conf \ +| while read -r line + do + echo "${line}" \ + | cksum - \ + | cut -d ' ' -f 1 + done diff --git a/type/__dma_auth/gencode-remote b/type/__dma_auth/gencode-remote index 77ad9d2..0951c16 100755 --- a/type/__dma_auth/gencode-remote +++ b/type/__dma_auth/gencode-remote @@ -18,3 +18,65 @@ # along with cdist. If not, see . # +logins=$(cat "${__object}/explorer/logins") +state_should=$(cat "${__object}/parameter/state") + +if test -f "${__object}/parameter/login" +then + login=$(cat "${__object}/parameter/login") +else + login=$__object_id +fi +password=$(cat "${__object}/parameter/password") +server=$(cat "${__object}/parameter/server") + +case $state_should +in + (present) + conf_line=$(printf '%s|%s:%s\n' "${login}" "${server}" "${password}") + cksum_should=$(echo "${conf_line}" | cksum - | cut -d ' ' -f 1) + if echo "$logins" | grep -qxF "${cksum_should}" + then + # correct line already present -> nothing to do + exit 0 + fi + + mode=1 + ;; + (absent) + if test -z "$logins" + then + # no logins present -> nothing to do + exit 0 + fi + + # NOTE: password is not needed to delete + conf_line=$(printf '%s|%s:%s\n' "${login}" "${server}" "") + + mode=0 + ;; + (*) + printf 'Invalid --state: %s' "${state_should}" >&2 + exit 1 + ;; +esac + +cat </etc/dma/auth.conf.tmp \ +&& mv /etc/dma/auth.conf.tmp /etc/dma/auth.conf +EOF diff --git a/type/__dma_auth/man.rst b/type/__dma_auth/man.rst index cd4f647..bd077d6 100644 --- a/type/__dma_auth/man.rst +++ b/type/__dma_auth/man.rst @@ -3,23 +3,29 @@ cdist-type__dma_auth(7) NAME ---- -cdist-type__dma_auth - TODO +cdist-type__dma_auth - Configure SMTP logins for the DragonFly Mail Agent MTA. DESCRIPTION ----------- -This space intentionally left blank. +This cdist type allows you to set up credentials to log in to remote SMTP +servers. REQUIRED PARAMETERS ------------------- -None. +password + The user's password (in plain text.) +server + The SMTP server on which the login is valid. OPTIONAL PARAMETERS ------------------- -None. - +login + The user's LOGIN name on the SMTP server. Defaults to `__object_id`. +state + Either `present` or `absent`. Defaults to `present`. BOOLEAN PARAMETERS ------------------ @@ -31,13 +37,18 @@ EXAMPLES .. code-block:: sh - # TODO - __dma_auth + # Set the password for smarthost + __dma_auth joe --server smarthost --password hunter2 + # Set credentials for user at an external provider + __dma_auth paul@example.com --server mail.provider.com --password letmein + + # Delete credentials for example.com + __dma_auth paul --server example.com --state absent SEE ALSO -------- -:strong:`TODO`\ (7) +:strong:`cdist-type__dma`\ (7), :strong:`dma`\ (8) AUTHORS diff --git a/type/__dma_auth/parameter/default/state b/type/__dma_auth/parameter/default/state new file mode 100644 index 0000000..e7f6134 --- /dev/null +++ b/type/__dma_auth/parameter/default/state @@ -0,0 +1 @@ +present diff --git a/type/__dma_auth/parameter/optional b/type/__dma_auth/parameter/optional new file mode 100644 index 0000000..c35dbef --- /dev/null +++ b/type/__dma_auth/parameter/optional @@ -0,0 +1,2 @@ +login +state diff --git a/type/__dma_auth/parameter/required b/type/__dma_auth/parameter/required new file mode 100644 index 0000000..8f1a1c9 --- /dev/null +++ b/type/__dma_auth/parameter/required @@ -0,0 +1,2 @@ +password +server From 988f277ad63c8c3b465b5e31571e470009c6ee9a Mon Sep 17 00:00:00 2001 From: Dennis Camera Date: Sat, 30 May 2020 22:07:20 +0200 Subject: [PATCH 009/164] [type/__mail_alias] Fixes (mostly mawk compatibility) --- type/__mail_alias/explorer/aliases | 12 +++++------- type/__mail_alias/explorer/aliases_file | 0 type/__mail_alias/gencode-remote | 11 ++++++----- 3 files changed, 11 insertions(+), 12 deletions(-) mode change 100644 => 100755 type/__mail_alias/explorer/aliases_file diff --git a/type/__mail_alias/explorer/aliases b/type/__mail_alias/explorer/aliases index ce1a439..66940d5 100755 --- a/type/__mail_alias/explorer/aliases +++ b/type/__mail_alias/explorer/aliases @@ -22,13 +22,11 @@ aliases_file=$("${__type_explorer}/aliases_file") test -r "${aliases_file}" || exit 0 -name=$__object_id - -awk -F ':[[:blank:]]*' ' -function print_aliases (aliases, matches) { - split(aliases, matches, /,[[:blank:]]*/) +awk -F ':[ \t]*' ' +function print_aliases(aliases, matches) { + split(aliases, matches, /,[ \t]*/) for (i in matches) { - gsub(/^[[:blank:]]*|[[:blank:]]*$/, "", matches[i]) + gsub(/^[ \t]*|[ \t]*$/, "", matches[i]) print matches[i] } } @@ -40,7 +38,7 @@ function print_aliases (aliases, matches) { { cont = ($0 ~ /\\$/) - if (cont) sub(/[[:blank:]]*\\$/, "", $0) + if (cont) sub(/[ \t]*\\$/, "", $0) } /^[[:blank:]]/ || cont { diff --git a/type/__mail_alias/explorer/aliases_file b/type/__mail_alias/explorer/aliases_file old mode 100644 new mode 100755 diff --git a/type/__mail_alias/gencode-remote b/type/__mail_alias/gencode-remote index a93dff2..7778536 100755 --- a/type/__mail_alias/gencode-remote +++ b/type/__mail_alias/gencode-remote @@ -23,7 +23,7 @@ state_should=$(cat "${__object}/parameter/state") case $state_should in (present) - if cmp "${__object}/explorer/aliases" "${__object}/parameter/alias" + if cmp -s "${__object}/explorer/aliases" "${__object}/parameter/alias" then # all good! exit 0 @@ -57,7 +57,8 @@ printf 'mode=%u\n' "${mode}" printf "aliases_file='%s'\n" "${aliases_file}" cat <<'EOF' -awk -F ':[[:blank:]]*' -v mode="${mode}" ' +test -f "${aliases_file}" || touch "${aliases_file}" +awk -F ':[ \t]*' -v mode="${mode}" ' function sepafter(f, default, _) { _ = substr($0, length($f) + 1, index(substr($0, length($f)+1), $(f+1)) - 1) if (_) return _ @@ -90,10 +91,10 @@ BEGIN { { cont = ($0 ~ /\\$/) - if (cont) sub(/[[:blank:]]*\\$/, "", $0) + if (cont) sub(/[ \t]*\\$/, "", $0) } -/^[[:blank:]]/ || cont { +/^[ \t]/ || cont { # continuation line if (select) next } @@ -118,7 +119,7 @@ END { exit 1 } -if ! cmp "${aliases_file}" "${aliases_file}.tmp" +if ! cmp -s "${aliases_file}" "${aliases_file}.tmp" then mv "${aliases_file}.tmp" "${aliases_file}" newaliases From 59059a200a27cd750794439544e3aa5a45b65f09 Mon Sep 17 00:00:00 2001 From: Dennis Camera Date: Sun, 31 May 2020 11:57:54 +0200 Subject: [PATCH 010/164] [type/__dma_auth] Use host as key --- .../__dma_auth/explorer/{logins => auth_conf} | 48 +++++++++-------- type/__dma_auth/explorer/authusers | 51 +++++++++++++++++++ type/__dma_auth/gencode-remote | 26 +++++----- type/__dma_auth/man.rst | 16 +++--- type/__dma_auth/parameter/optional | 2 +- type/__dma_auth/parameter/required | 2 +- 6 files changed, 102 insertions(+), 43 deletions(-) rename type/__dma_auth/explorer/{logins => auth_conf} (54%) mode change 100644 => 100755 create mode 100755 type/__dma_auth/explorer/authusers diff --git a/type/__dma_auth/explorer/logins b/type/__dma_auth/explorer/auth_conf old mode 100644 new mode 100755 similarity index 54% rename from type/__dma_auth/explorer/logins rename to type/__dma_auth/explorer/auth_conf index 0ed6bc1..cef0aca --- a/type/__dma_auth/explorer/logins +++ b/type/__dma_auth/explorer/auth_conf @@ -17,25 +17,33 @@ # You should have received a copy of the GNU General Public License # along with cdist. If not, see . # -# This explorer lines matching user + server in /etc/dma/auth.conf and reports -# their cksum. +# This explorer determines the path of dma's auth.conf file -test -r /etc/dma/auth.conf || exit 0 +# No dma.conf -> use default +test -f /etc/dma/dma.conf || { + echo /etc/dma/auth.conf + exit 0 +} +test -r /etc/dma/dma.conf || { + echo 'Cannot read /etc/dma/dma.conf' >&2 + exit 1 +} -if test -f "${__object}/parameter/login" -then - login=$(cat "${__object}/parameter/login") -else - login=$__object_id -fi -server=$(cat "${__object}/parameter/server") - -regex=$(printf '^%s|%s:' "$login" "$server") - -grep -e "${regex}" /etc/dma/auth.conf \ -| while read -r line - do - echo "${line}" \ - | cksum - \ - | cut -d ' ' -f 1 - done +# Get AUTHPATH from dma.conf +awk -F'[ \t]' ' +{ + sub(/#.*$/, "", $0) # remove comments + if (!$0) next # ignore empty lines +} +$1 == "AUTHPATH" { + # Store authpath. In dma conf parsing last wins. + if ($2) authpath = substr($0, index($0, " ") + 1) +} +END { + if (authpath) { + print authpath + exit 0 + } else exit 1 +} +' /etc/dma/dma.conf \ +|| echo /etc/dma/auth.conf # default diff --git a/type/__dma_auth/explorer/authusers b/type/__dma_auth/explorer/authusers new file mode 100755 index 0000000..5fc6b4e --- /dev/null +++ b/type/__dma_auth/explorer/authusers @@ -0,0 +1,51 @@ +#!/bin/sh -e +# +# 2020 Dennis Camera (dennis.camera at ssrq-sds-fds.ch) +# +# This file is part of cdist. +# +# cdist is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# cdist is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with cdist. If not, see . +# +# This explorer looks for lines matching the server parameter in dma's auth.conf +# and reports the login and server fields (password is stripped off) + +auth_conf=$("${__type_explorer}/auth_conf") +test -r "${auth_conf}" || exit 0 + +if test -f "${__object}/parameter/server" +then + server=$(cat "${__object}/parameter/server") +else + server=$__object_id +fi + +awk -F'\n' -v server="${server}" ' +BEGIN { + DP = "[: \t]" # copied from dma/conf.c +} + +# skip comments and empty lines +/^#/ || /^$/ { next } + +{ + login = substr($0, 1, index($0, "|") - 1) + host = substr($0, length(login) + 2) + if (match(host, DP)) { + host = substr(host, 1, RSTART - 1) + endpos = length(login) + RSTART + } else endpos = length +} + +host == server { print substr($0, 0, endpos) } +' "${auth_conf}" diff --git a/type/__dma_auth/gencode-remote b/type/__dma_auth/gencode-remote index 0951c16..989e176 100755 --- a/type/__dma_auth/gencode-remote +++ b/type/__dma_auth/gencode-remote @@ -18,24 +18,24 @@ # along with cdist. If not, see . # -logins=$(cat "${__object}/explorer/logins") +authusers=$(cat "${__object}/explorer/authusers") state_should=$(cat "${__object}/parameter/state") -if test -f "${__object}/parameter/login" +if test -f "${__object}/parameter/server" then - login=$(cat "${__object}/parameter/login") + server=$(cat "${__object}/parameter/server") else - login=$__object_id + server=$__object_id fi +login=$(cat "${__object}/parameter/login") password=$(cat "${__object}/parameter/password") -server=$(cat "${__object}/parameter/server") case $state_should in (present) conf_line=$(printf '%s|%s:%s\n' "${login}" "${server}" "${password}") cksum_should=$(echo "${conf_line}" | cksum - | cut -d ' ' -f 1) - if echo "$logins" | grep -qxF "${cksum_should}" + if echo "$authusers" | grep -qxF "${cksum_should}" then # correct line already present -> nothing to do exit 0 @@ -44,11 +44,8 @@ in mode=1 ;; (absent) - if test -z "$logins" - then - # no logins present -> nothing to do - exit 0 - fi + # no logins present -> nothing to do + test -n "$authusers" || exit 0 # NOTE: password is not needed to delete conf_line=$(printf '%s|%s:%s\n' "${login}" "${server}" "") @@ -66,11 +63,14 @@ read -r CONF_LINE <<'EOL' ${conf_line} EOL export CONF_LINE +export mode=${mode} +EOF -awk -F: -v print=$mode ' +cat <<'EOF' +awk -F: -v mode=$mode ' BEGIN { split(ENVIRON["CONF_LINE"], conf, ":") } $1 == conf[1] { - if (print && !found) { + if (mode && !found) { # remove duplicates print ENVIRON["CONF_LINE"] found = 1 diff --git a/type/__dma_auth/man.rst b/type/__dma_auth/man.rst index bd077d6..9c3ad7a 100644 --- a/type/__dma_auth/man.rst +++ b/type/__dma_auth/man.rst @@ -14,16 +14,16 @@ servers. REQUIRED PARAMETERS ------------------- +login + The user's LOGIN name on the SMTP server. password The user's password (in plain text.) -server - The SMTP server on which the login is valid. OPTIONAL PARAMETERS ------------------- -login - The user's LOGIN name on the SMTP server. Defaults to `__object_id`. +server + The SMTP server on which the login is valid. Defaults to `__object_id`. state Either `present` or `absent`. Defaults to `present`. @@ -38,13 +38,13 @@ EXAMPLES .. code-block:: sh # Set the password for smarthost - __dma_auth joe --server smarthost --password hunter2 + __dma_auth smarthost.example.com --login joe --password hunter2 # Set credentials for user at an external provider - __dma_auth paul@example.com --server mail.provider.com --password letmein + __dma_auth mail.provider.com --login paul@example.com --password letmein - # Delete credentials for example.com - __dma_auth paul --server example.com --state absent + # Delete credentials for example.com (for all users) + __dma_auth example.com --login '' --password '' --state absent SEE ALSO -------- diff --git a/type/__dma_auth/parameter/optional b/type/__dma_auth/parameter/optional index c35dbef..3e42ed3 100644 --- a/type/__dma_auth/parameter/optional +++ b/type/__dma_auth/parameter/optional @@ -1,2 +1,2 @@ -login +server state diff --git a/type/__dma_auth/parameter/required b/type/__dma_auth/parameter/required index 8f1a1c9..ae3c622 100644 --- a/type/__dma_auth/parameter/required +++ b/type/__dma_auth/parameter/required @@ -1,2 +1,2 @@ +login password -server From b848fca9299befe36b78624cf622d6df286db053 Mon Sep 17 00:00:00 2001 From: Dennis Camera Date: Sun, 31 May 2020 15:01:40 +0200 Subject: [PATCH 011/164] [type/__dma_auth] Finish code to rewrite auth.conf --- type/__dma_auth/explorer/authusers | 12 +++- type/__dma_auth/gencode-remote | 90 +++++++++++++++++++++--------- 2 files changed, 73 insertions(+), 29 deletions(-) diff --git a/type/__dma_auth/explorer/authusers b/type/__dma_auth/explorer/authusers index 5fc6b4e..db83482 100755 --- a/type/__dma_auth/explorer/authusers +++ b/type/__dma_auth/explorer/authusers @@ -18,7 +18,7 @@ # along with cdist. If not, see . # # This explorer looks for lines matching the server parameter in dma's auth.conf -# and reports the login and server fields (password is stripped off) +# and reports the login and server fields (password is cksummed) auth_conf=$("${__type_explorer}/auth_conf") test -r "${auth_conf}" || exit 0 @@ -47,5 +47,11 @@ BEGIN { } else endpos = length } -host == server { print substr($0, 0, endpos) } -' "${auth_conf}" +host == server { print endpos, $0 } +' "${auth_conf}" \ +| while read pos line + do + printf '%s:%s\n' \ + "$(printf '%s' "$line" | cut -c $((-pos)))" \ + "$(printf '%s' "$line" | cut -c $((pos+2))- | cksum | cut -d' ' -f1)" + done diff --git a/type/__dma_auth/gencode-remote b/type/__dma_auth/gencode-remote index 989e176..d75d611 100755 --- a/type/__dma_auth/gencode-remote +++ b/type/__dma_auth/gencode-remote @@ -18,7 +18,6 @@ # along with cdist. If not, see . # -authusers=$(cat "${__object}/explorer/authusers") state_should=$(cat "${__object}/parameter/state") if test -f "${__object}/parameter/server" @@ -28,27 +27,26 @@ else server=$__object_id fi login=$(cat "${__object}/parameter/login") -password=$(cat "${__object}/parameter/password") case $state_should in (present) - conf_line=$(printf '%s|%s:%s\n' "${login}" "${server}" "${password}") - cksum_should=$(echo "${conf_line}" | cksum - | cut -d ' ' -f 1) - if echo "$authusers" | grep -qxF "${cksum_should}" + line_should=$(printf '%s|%s:%s\n' \ + "${login}" "${server}" \ + "$(cksum "${__object}/parameter/password" | cut -d' ' -f1)") + if grep -qxF "${line_should}" "${__object}/explorer/authusers" then # correct line already present -> nothing to do exit 0 fi + test -n "${login}" || { echo '--login must be non-empty' >&2; exit 1 } + mode=1 ;; (absent) - # no logins present -> nothing to do - test -n "$authusers" || exit 0 - - # NOTE: password is not needed to delete - conf_line=$(printf '%s|%s:%s\n' "${login}" "${server}" "") + # no matching logins present -> nothing to do + test -s "${__object}/explorer/authusers" || exit 0 mode=0 ;; @@ -58,25 +56,65 @@ in ;; esac +auth_conf=$(cat "${__object}/explorer/auth_conf") + +if test -z "${auth_conf}" +then + echo 'Cannot determine path of dma auth.conf' >&2 + exit 1 +fi + cat </etc/dma/auth.conf.tmp \ -&& mv /etc/dma/auth.conf.tmp /etc/dma/auth.conf + +BEGIN { + DP = "[: \t]" # copied from dma/conf.c +} + +# skip comments and empty lines +/^#/ || /^$/ { print; next } + +{ + login = substr($0, 1, index($0, "|") - 1) + host = substr($0, length(login) + 2) + if (match(host, DP)) { + host = substr(host, 1, RSTART - 1) + endpos = length(login) + RSTART + } else endpos = length +} + +host == ENVIRON["server"] { + if (mode) { + if (login == ENVIRON["login"] && !written) { + printf "%s%s\n", substr($0, 1, endpos+1), getpw() + written = 1 + next + } + } else if (!ENVIRON["login"] || login == ENVIRON["login"]) next +} + +{ print } + +END { + if (mode && !written) { + printf "%s|%s:%s\n", ENVIRON["login"], ENVIRON["server"], getpw() + } +} +' <"${auth_conf}" >"${auth_conf}.tmp" \ + && mv "${auth_conf}.tmp" "${auth_conf}" EOF From 3f72ca134108163f3208b709f84037312d460e5c Mon Sep 17 00:00:00 2001 From: Dennis Camera Date: Sun, 31 May 2020 15:18:11 +0200 Subject: [PATCH 012/164] [type/__dma_auth] Send messages --- type/__dma/gencode-remote | 45 +++++++++++++++++++++------------- type/__dma_auth/gencode-remote | 11 ++++++++- 2 files changed, 38 insertions(+), 18 deletions(-) diff --git a/type/__dma/gencode-remote b/type/__dma/gencode-remote index 2961c09..2e3a80d 100755 --- a/type/__dma/gencode-remote +++ b/type/__dma/gencode-remote @@ -1,20 +1,31 @@ #!/bin/sh -e -if [ -f "${__object}/parameter/send-test-email" ]; then - SEND_EMAIL="YES" +if test -f "${__object}/parameter/send-test-email" +then + modified=false + + if grep -q '^__mail_alias/root:' "${__messages_in}" + then + modified=true + elif grep -q '^__dma_auth/' "${__messages_in}" + then + modified=true + elif grep -q '^__dma/' "${__messages_in}" + then + modified=true + fi + + if $modified + then + cat <<-EOF + sendmail root <&2; exit 1 } mode=1 - ;; + + if test -s "${__object}/explorer/authusers" + then + printf 'set authuser %s on %s\n' "${login}" "${server}" >>"${__messages_out}" + else + printf 'add authuser %s on %s\n' "${login}" "${server}" >>"${__messages_out}" + fi + ;; (absent) # no matching logins present -> nothing to do test -s "${__object}/explorer/authusers" || exit 0 mode=0 + + printf 'delete authuser %s on %s\n' "${login}" "${server}" >>"${__messages_out}" ;; (*) printf 'Invalid --state: %s' "${state_should}" >&2 From b87b67597efb8349709e8f5153bb73bb08f39337 Mon Sep 17 00:00:00 2001 From: Dennis Camera Date: Sun, 31 May 2020 15:06:06 +0200 Subject: [PATCH 013/164] [type/__dma] Remove mail aliases functionality --- type/__dma/files/aliases | 68 -------------------------- type/__dma/man.rst | 22 ++------- type/__dma/manifest | 22 +-------- type/__dma/parameter/required_multiple | 1 - 4 files changed, 6 insertions(+), 107 deletions(-) delete mode 100644 type/__dma/files/aliases delete mode 100644 type/__dma/parameter/required_multiple diff --git a/type/__dma/files/aliases b/type/__dma/files/aliases deleted file mode 100644 index d341318..0000000 --- a/type/__dma/files/aliases +++ /dev/null @@ -1,68 +0,0 @@ -# Based off FreeBSD's /etc/aliases -# -# >>>>>>>>>> The program "newaliases" must be run after -# >> NOTE >> this file is updated for any changes to -# >>>>>>>>>> show through to sendmail. -# -# -# See also RFC 2142, `MAILBOX NAMES FOR COMMON SERVICES, ROLES -# AND FUNCTIONS', May 1997 -# http://tools.ietf.org/html/rfc2142 - -# Pretty much everything else in this file points to "root", so -# you would do well in either reading root's mailbox or forwarding -# root's email from here. - -# root: me@my.domain - - -# Basic system aliases -- these MUST be present -MAILER-DAEMON: postmaster -postmaster: root - -# General redirections for pseudo accounts -_dhcp: root -_pflogd: root -auditdistd: root -bin: root -bind: root -daemon: root -games: root -hast: root -kmem: root -mailnull: postmaster -man: root -news: root -nobody: root -operator: root -pop: root -proxy: root -smmsp: postmaster -sshd: root -system: root -toor: root -tty: root -usenet: news -uucp: root - -# Well-known aliases -- these should be filled in! -manager: root -dumper: root - -# BUSINESS-RELATED MAILBOX NAMES -info: root -marketing: root -sales: root -support: root - -# NETWORK OPERATIONS MAILBOX NAMES -abuse: root -noc: root -security: root - -# SUPPORT MAILBOX NAMES FOR SPECIFIC INTERNET SERVICES -ftp: root -ftp-bugs: ftp -hostmaster: root -webmaster: root -www: webmaster diff --git a/type/__dma/man.rst b/type/__dma/man.rst index a10c6c2..af9298e 100644 --- a/type/__dma/man.rst +++ b/type/__dma/man.rst @@ -19,18 +19,9 @@ email server configured in the `smart-host` parameter. REQUIRED PARAMETERS ------------------- smart-host - The destination email server. The addresses passed in `root-email` must be - either local to the `smart-host` or it must be configured to act as a relay - for the host being configured by this type. - - -REQUIRED MULTIPLE PARAMETERS ----------------------------- -root-email - Destination email address. Can be specified multiple times or just once - with each address separated by commas. - This will be setup in `/etc/aliases` as the destination for the local - root mailbox. + The email server used to send email. + It must be configured to act as a relay for the host being configured by + this type so that mail can be sent to users non-local to the smart-host. BOOLEAN PARAMETERS @@ -55,11 +46,7 @@ EXAMPLES .. code-block:: sh - # Send root email to both our BOFH and the nice-admin. - # That way they can figure things out together. __dma \ - --root-email bofh@domain.tld \ - --root-email nice-admin@domain.tld \ --smart-host mx1.domain.tld \ --send-test-email @@ -73,11 +60,12 @@ SEE ALSO AUTHORS ------- Evilham +Dennis Camera COPYING ------- -Copyright \(C) 2020 Evilham. You can redistribute it +Copyright \(C) 2020 Evilham and Dennis Camera. You can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. diff --git a/type/__dma/manifest b/type/__dma/manifest index abcaa5b..e07fbfc 100755 --- a/type/__dma/manifest +++ b/type/__dma/manifest @@ -1,8 +1,7 @@ #!/bin/sh -e -os="$(cat "${__global}/explorer/os")" +os=$(cat "${__global}/explorer/os") -root_email="$(tr '\n' ',' < "${__object}/parameter/root-email" | sed -E 's/,+$//')" smart_host="$(cat "${__object}/parameter/smart-host")" if [ -f "${__object}/parameter/mailname" ]; then @@ -21,14 +20,12 @@ else esac fi -aliases_file=/etc/mail/aliases case ${os} in debian|devuan|ubuntu) # Debian-like requires installing DMA __package dma # Moving forward without DMA doesn't make much sense export require="__package/dma" - aliases_file=/etc/aliases ;; freebsd) # Disable sendmail + stop if necessary @@ -134,20 +131,3 @@ EOF __file /etc/dma/dma.conf --mode 0644 --source '-' < Date: Mon, 1 Jun 2020 17:07:35 +0200 Subject: [PATCH 014/164] [type/__dma] Implement config file updates --- type/__dma/explorer/conf | 30 ++++ type/__dma/gencode-remote | 197 ++++++++++++++++++++++++- type/__dma/man.rst | 24 +++ type/__dma/manifest | 165 ++++++--------------- type/__dma/parameter/default/security | 1 + type/__dma/parameter/optional | 2 + type/__dma/parameter/optional_multiple | 1 + 7 files changed, 302 insertions(+), 118 deletions(-) create mode 100755 type/__dma/explorer/conf create mode 100644 type/__dma/parameter/default/security create mode 100644 type/__dma/parameter/optional_multiple diff --git a/type/__dma/explorer/conf b/type/__dma/explorer/conf new file mode 100755 index 0000000..129e3c3 --- /dev/null +++ b/type/__dma/explorer/conf @@ -0,0 +1,30 @@ +#!/bin/sh -e +# +# 2020 Dennis Camera (dennis.camera at ssrq-sds-fds.ch) +# +# This file is part of cdist. +# +# cdist is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# cdist is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with cdist. If not, see . +# +# This explorer looks for lines matching the server parameter in dma's auth.conf +# and reports the login and server fields (password is cksummed) + +CONF_PATH=/etc/dma # set in Makefile +dma_conf="${CONF_PATH:?}/dma.conf" + +test -f "${dma_conf}" || exit 0 + +grep -v -e '^[ \t]*#\|^$' "${dma_conf}" \ +| sed -e 's/[ \t]*#.*$//' \ +| sort -s -k 1,1 diff --git a/type/__dma/gencode-remote b/type/__dma/gencode-remote index 2e3a80d..1091aeb 100755 --- a/type/__dma/gencode-remote +++ b/type/__dma/gencode-remote @@ -1,5 +1,200 @@ #!/bin/sh -e +CONF_PATH=/etc/dma # set in Makefile + +# Generate config +conf_should=$( + if test -s "${__object}/parameter/smart-host" + then + printf 'SMARTHOST %s\n' "$(cat "${__object}/parameter/smart-host")" + #printf 'AUTHPATH %s\n' "$(cat "${__type}/ + fi + + case $(cat "${__object}/parameter/security") + in + (ssl|tls) + default_smtp_port=465 + echo 'SECURETRANSFER' + ;; + (starttls) + default_smtp_port=587 + echo 'SECURETRANSFER' + echo 'STARTTLS' + ;; + (opportunistic) + default_smtp_port=25 # XXX: correct? + echo 'SECURETRANSFER' + echo 'STARTTLS' + echo 'OPPORTUNISTIC_TLS' + ;; + (insecure) + default_smtp_port=25 + echo 'INSECURE' + ;; + esac + + if test -s "${__object}/parameter/port" + then + printf 'PORT %u\n' "$(cat "${__object}/parameter/port")" + elif test "${default_smtp_port}" -ne 25 + then + printf 'PORT %u\n' "${default_smtp_port}" + fi + + if test -f "${__object}/parameter/masquerade" + then + while read -r line + do + printf 'MASQUERADE %s\n' "${line}" + done <"${__object}/parameter/masquerade" + fi + + +) +conf_should=$(echo "$conf_should" | sort -s -k 1,1) + +config_updated=false +if ! echo "$conf_should" | cmp -s "${__object}/explorer/conf" - +then + # config needs to be updated + echo "dma_conf='${CONF_PATH:?}/dma.conf'" + cat <<'EOF' +awk -F '\n' ' +function comment_line(line) { return match(line, /^[ \t]*#+[ \t]*/) } +function empty_line(line) { return match(line, /^[ \t]*$/) } +function is_word(s) { return s ~ /^[A-Z_]+$/ } + +function first(line, sep) { + if (!sep) sep = SUBSEP + return index(line, sep) ? substr(line, 0, index(line, sep)) : line +} + +function rest(line, sep) { + if (!sep) sep = SUBSEP + if (index(line, sep)) + return substr(line, index(line, sep) + 1) +} + +function conf_pop(word, value) { + if (!(word in conf)) return 0 + if (!value) { + if (index(conf[word], SUBSEP)) # more than one element? + value = substr(conf[word], 0, index(conf[word], SUBSEP)) + else + value = conf[word] + } + + if (index(conf[word], SUBSEP)) { + if (index(conf[word], value SUBSEP) != 1) return 0 + conf[word] = substr(conf[word], length(value) + 2) + } else { + if (conf[word] != value) return 0 + delete conf[word] + } + return value +} + +function print_conf(word, value) { + printf "%s", word + if (value) printf " %s", value + printf "\n" +} + +function print_confs(word, value) { + if (!(word in conf)) return + if (conf[word]) { + while (value = conf_pop(word)) + print_conf(word, value) + } else { + print_conf(word) + delete conf[word] + } +} + +BEGIN { + while (getline < "/dev/stdin") { + word = first($0, " ") + if ((word in conf)) + conf[word] = conf[word] SUBSEP rest($0, " ") + else + conf[word] = rest($0, " ") + } +} + +# first pass, gather information +NR == FNR { + if (comment_line($0)) { + # comment line + word = first(substr($0, RLENGTH + 1), " ") + if (is_word(word)) last_occ["#" word] = FNR + } else { + word = first($0, " ") + if (is_word(word)) last_occ[word] = FNR + } +} + +NR > FNR && FNR == 1 { + # before second pass prepare hashes + + for (k in last_occ) + if (k ~ /^\#/ && (substr(k, 2) in last_occ)) + delete last_occ[k] + + for (k in last_occ) { + line_map[last_occ[k]] = k + } +} + +# second pass, output new config +NR > FNR { + if (comment_line($0) || empty_line($0)) { + # comment or empty line + print + + if ((FNR in line_map)) { + if (line_map[FNR] ~ /^\#/) { + # the "matching" comment line is here + k = substr(line_map[FNR], 2) + if ((k in conf)) print_confs(k) + } + + if (("INSECURE" in conf) && line_map[FNR] ~ /^\#?SECURE$/) { + # INSECURE goes where SECURE comment is + print_confs("INSECURE") + } + } + } else { + sub(/[ \t]*\#.*$/, "", $0) # ignore comments + word = first($0, " ") + + if ((word in conf) && rest($0, " ") == first(conf[word])) { + # keep config options we want + conf_pop(word) + print + } + + if ((FNR in line_map) && line_map[FNR] == word) { + # rest of config options should be here + print_confs(word) + } + } +} + +END { + # print rest of config options + for (word in conf) print_confs(word) +} +' "${dma_conf}" "${dma_conf}" <<'EOF' >"${dma_conf}.tmp" \ + && mv "${dma_conf}.tmp" "${dma_conf}" +EOF + echo "${conf_should}" + echo 'EOF' + + config_updated=true + echo 'config updated' >>"${__messages_out}" +fi + + if test -f "${__object}/parameter/send-test-email" then modified=false @@ -10,7 +205,7 @@ then elif grep -q '^__dma_auth/' "${__messages_in}" then modified=true - elif grep -q '^__dma/' "${__messages_in}" + elif $config_updated then modified=true fi diff --git a/type/__dma/man.rst b/type/__dma/man.rst index af9298e..cb3c35f 100644 --- a/type/__dma/man.rst +++ b/type/__dma/man.rst @@ -39,7 +39,31 @@ mailname If not defined, it defaults to `/etc/mailname` on Debian-derived Operating Systems and to `__target_host` otherwise. See `dma(8)` for more information. +masquerade + Masquerade the envelope-from addresses with this address/hostname. + Use this setting if mails are not accepted by destination mail servers + because your sender domain is invalid. + This option can be used multiple times. + For more information see the `dma(8)` man page. +port + The port on which to deliver email. + If not provided, a sensible default port will be used based on the + `--security` argument. +security + Configures whether and how DMA should use secure connections. + ssl/tls + Enable TLS/SSL secured transfer. + starttls + Use STARTTLS to establish a secure connection. + opportunistic (default) + Will try to establish a secure connection using STARTTLS, but allow + unencrypted transfer if STARTTLS fails. + Most useful when dma is used without a smarthost, delivering remote + messages directly to the outside mail exchangers. + insecure + allow plain text SMTP login over an insecure connection. + Should really not be used anymore! EXAMPLES -------- diff --git a/type/__dma/manifest b/type/__dma/manifest index e07fbfc..814e3ef 100755 --- a/type/__dma/manifest +++ b/type/__dma/manifest @@ -2,54 +2,57 @@ os=$(cat "${__global}/explorer/os") -smart_host="$(cat "${__object}/parameter/smart-host")" - -if [ -f "${__object}/parameter/mailname" ]; then - mailname="$(cat "${__object}/parameter/mailname")" +# mailname: default behaviour is different on certain systems +if test -f "${__object}/parameter/mailname" +then + mailname=$(cat "${__object}/parameter/mailname") else - # default mailname behaviour is different in certain systems - case ${os} in - debian|devuan|ubuntu) - # Debian-like default to /etc/mailname - mailname="/etc/mailname" - ;; - *) - # Otherwise let's use the hostname - mailname="${__target_host}" - ;; - esac + # Otherwise use the hostname + mailname=$(cat "${__global}/explorer/hostname") fi -case ${os} in - debian|devuan|ubuntu) - # Debian-like requires installing DMA - __package dma - # Moving forward without DMA doesn't make much sense - export require="__package/dma" - ;; - freebsd) - # Disable sendmail + stop if necessary - __key_value \ - --file "/etc/rc.conf" \ - --comment "# Disable sendmail " \ - --key "sendmail_enable" \ - --delimiter "=" \ - --value "NONE" \ - --onchange "service sendmail onestop || true" \ - "sendmail_enable" +case $os +in + (debian|devuan|ubuntu) + # On Debian-like systems use /etc/mailname + if test -f "${__object}/parameter/mailname" + then + echo "$mailname" | __file '/etc/mailname' --state present \ + --mode 0644 --owner root --group root --source - + fi + + mailname='/etc/mailname' + ;; +esac + +# Install DMA +case $os +in + (debian|devuan|ubuntu) + __package dma --state present + export require='__package/dma' + ;; + (freebsd) + # Stop sendmail if necessary + __process 'sendmail' --name 'sendmail.*' --state absent \ + --stop '/etc/rc.d/sendmail onestop' + + # ... and disable it + __key_value 'rcconf-sendmail-enable' --file '/etc/rc.conf' \ + --key 'sendmail_enable' --delimiter '=' --value '"NONE"' \ + --exact_delimiter + # Setup mailwrapper accordingly - __file /etc/mail/mailer.conf \ - --mode 0644 \ - --source '-' < /dev/stderr <&2 Your OS (${os}) is not supported yet. Maybe adding support is as simple as adapting the packages or allowing it, @@ -57,77 +60,5 @@ we highly encourage you to open a PR with the necessary changes. See: https://code.ungleich.ch/ungleich-public/cdist-contrib/ EOF exit 1 - ;; + ;; esac - -DMA_CONF="$(cat < Date: Mon, 1 Jun 2020 17:16:04 +0200 Subject: [PATCH 015/164] [type/__dma] Detect AUTHPATH --- type/__dma/explorer/auth_conf | 1 + type/__dma/gencode-remote | 5 ++++- 2 files changed, 5 insertions(+), 1 deletion(-) create mode 120000 type/__dma/explorer/auth_conf diff --git a/type/__dma/explorer/auth_conf b/type/__dma/explorer/auth_conf new file mode 120000 index 0000000..db038ae --- /dev/null +++ b/type/__dma/explorer/auth_conf @@ -0,0 +1 @@ +../../__dma_auth/explorer/auth_conf \ No newline at end of file diff --git a/type/__dma/gencode-remote b/type/__dma/gencode-remote index 1091aeb..105edba 100755 --- a/type/__dma/gencode-remote +++ b/type/__dma/gencode-remote @@ -49,7 +49,10 @@ conf_should=$( done <"${__object}/parameter/masquerade" fi - + if test -s "${__object}/explorer/auth_conf" + then + printf "AUTHPATH %s\n" "$(cat "${__object}/explorer/auth_conf")" + fi ) conf_should=$(echo "$conf_should" | sort -s -k 1,1) From 4fdddfd738dac87a1e33e359e1ede6ee22a16918 Mon Sep 17 00:00:00 2001 From: Dennis Camera Date: Mon, 1 Jun 2020 17:23:31 +0200 Subject: [PATCH 016/164] [type/__dma] Add --defer, --full-bounce, and --null-client --- type/__dma/gencode-remote | 20 ++++++++++++++++++++ type/__dma/man.rst | 8 ++++++++ type/__dma/parameter/boolean | 3 +++ 3 files changed, 31 insertions(+) diff --git a/type/__dma/gencode-remote b/type/__dma/gencode-remote index 105edba..1f252a4 100755 --- a/type/__dma/gencode-remote +++ b/type/__dma/gencode-remote @@ -49,6 +49,26 @@ conf_should=$( done <"${__object}/parameter/masquerade" fi + if test -f "${__object}/parameter/defer" + then + echo 'DEFER' + fi + + if test -f "${__object}/parameter/full-bounce" + then + echo 'FULLBOUNCE' + fi + + if test -f "${__object}/parameter/null-client" + then + test -s "${__object}/parameter/smart-host" || { + echo '--null-client requires a --smart-host to be defined' >&2 + exit 1 + } + + echo 'NULLCLIENT' + fi + if test -s "${__object}/explorer/auth_conf" then printf "AUTHPATH %s\n" "$(cat "${__object}/explorer/auth_conf")" diff --git a/type/__dma/man.rst b/type/__dma/man.rst index cb3c35f..a8ba546 100644 --- a/type/__dma/man.rst +++ b/type/__dma/man.rst @@ -26,6 +26,14 @@ smart-host BOOLEAN PARAMETERS ------------------ +defer + If enabled, the mail queue has to be manually flushed with the `-q` option. +full-bounce + Enable if the bounce message should include the complete original message, + not just the headers. +null-client + Enable to bypass aliases and local delivery, and instead forward all mails + to the defined `--smart-host`. send-test-email If present, after setup this type will send an email to root, to allow you to easily test your setup. diff --git a/type/__dma/parameter/boolean b/type/__dma/parameter/boolean index d1af563..ede7dda 100644 --- a/type/__dma/parameter/boolean +++ b/type/__dma/parameter/boolean @@ -1 +1,4 @@ +defer +full-bounce +null-client send-test-email From 99d58672c4987757429fc783b66d96eb6fa90f2b Mon Sep 17 00:00:00 2001 From: Dennis Camera Date: Mon, 1 Jun 2020 19:20:05 +0200 Subject: [PATCH 017/164] [type/__dma_auth] Add semicolon --- type/__dma_auth/gencode-remote | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/type/__dma_auth/gencode-remote b/type/__dma_auth/gencode-remote index 48e7dce..b6b7f63 100755 --- a/type/__dma_auth/gencode-remote +++ b/type/__dma_auth/gencode-remote @@ -40,7 +40,7 @@ in exit 0 fi - test -n "${login}" || { echo '--login must be non-empty' >&2; exit 1 } + test -n "${login}" || { echo '--login must be non-empty' >&2; exit 1; } mode=1 From 0657ac4f115ee575f0bb7780fa9ac759c472ec97 Mon Sep 17 00:00:00 2001 From: Dennis Camera Date: Mon, 1 Jun 2020 19:21:41 +0200 Subject: [PATCH 018/164] [type/__dma] Fix mailname --- type/__dma/gencode-remote | 31 +++++++++++++++++++++++++------ type/__dma/manifest | 27 +-------------------------- 2 files changed, 26 insertions(+), 32 deletions(-) diff --git a/type/__dma/gencode-remote b/type/__dma/gencode-remote index 1f252a4..4100d39 100755 --- a/type/__dma/gencode-remote +++ b/type/__dma/gencode-remote @@ -2,12 +2,36 @@ CONF_PATH=/etc/dma # set in Makefile +# Determine mailname +if test -f "${__object}/parameter/mailname" +then + mailname=$(cat "${__object}/parameter/mailname") +else + case $(cat "${__global}/explorer/os") + in + (debian|devuan|ubuntu) + # On Debian-like systems use /etc/mailname unless --mailname is used + mailname='/etc/mailname' + ;; + (*) + mailname=$__target_fqdn + ;; + esac +fi + + # Generate config conf_should=$( if test -s "${__object}/parameter/smart-host" then printf 'SMARTHOST %s\n' "$(cat "${__object}/parameter/smart-host")" - #printf 'AUTHPATH %s\n' "$(cat "${__type}/ + fi + + printf 'MAILNAME %s\n' "${mailname}" + + if test -s "${__object}/explorer/auth_conf" + then + printf "AUTHPATH %s\n" "$(cat "${__object}/explorer/auth_conf")" fi case $(cat "${__object}/parameter/security") @@ -68,11 +92,6 @@ conf_should=$( echo 'NULLCLIENT' fi - - if test -s "${__object}/explorer/auth_conf" - then - printf "AUTHPATH %s\n" "$(cat "${__object}/explorer/auth_conf")" - fi ) conf_should=$(echo "$conf_should" | sort -s -k 1,1) diff --git a/type/__dma/manifest b/type/__dma/manifest index 814e3ef..60038b1 100755 --- a/type/__dma/manifest +++ b/type/__dma/manifest @@ -1,32 +1,7 @@ #!/bin/sh -e -os=$(cat "${__global}/explorer/os") - -# mailname: default behaviour is different on certain systems -if test -f "${__object}/parameter/mailname" -then - mailname=$(cat "${__object}/parameter/mailname") -else - # Otherwise use the hostname - mailname=$(cat "${__global}/explorer/hostname") -fi - -case $os -in - (debian|devuan|ubuntu) - # On Debian-like systems use /etc/mailname - if test -f "${__object}/parameter/mailname" - then - echo "$mailname" | __file '/etc/mailname' --state present \ - --mode 0644 --owner root --group root --source - - fi - - mailname='/etc/mailname' - ;; -esac - # Install DMA -case $os +case $(cat "${__global}/explorer/os") in (debian|devuan|ubuntu) __package dma --state present From 7183bb3cd191dfece36e32db86eb6ee42b49bb5d Mon Sep 17 00:00:00 2001 From: Dennis Camera Date: Mon, 1 Jun 2020 19:24:32 +0200 Subject: [PATCH 019/164] [type/__dma] Fixes for FreeBSD --- type/__dma/gencode-remote | 13 ++++++++----- type/__dma/manifest | 3 +++ 2 files changed, 11 insertions(+), 5 deletions(-) diff --git a/type/__dma/gencode-remote b/type/__dma/gencode-remote index 4100d39..1b00f04 100755 --- a/type/__dma/gencode-remote +++ b/type/__dma/gencode-remote @@ -108,7 +108,7 @@ function is_word(s) { return s ~ /^[A-Z_]+$/ } function first(line, sep) { if (!sep) sep = SUBSEP - return index(line, sep) ? substr(line, 0, index(line, sep)) : line + return index(line, sep) ? substr(line, 1, index(line, sep) - 1) : line } function rest(line, sep) { @@ -121,7 +121,7 @@ function conf_pop(word, value) { if (!(word in conf)) return 0 if (!value) { if (index(conf[word], SUBSEP)) # more than one element? - value = substr(conf[word], 0, index(conf[word], SUBSEP)) + value = substr(conf[word], 1, index(conf[word], SUBSEP) - 1) else value = conf[word] } @@ -256,10 +256,13 @@ then then cat <<-EOF sendmail root < Date: Mon, 1 Jun 2020 20:25:10 +0200 Subject: [PATCH 020/164] [type/__dma_auth] Fix SC2162 --- type/__dma_auth/explorer/authusers | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/type/__dma_auth/explorer/authusers b/type/__dma_auth/explorer/authusers index db83482..c76667b 100755 --- a/type/__dma_auth/explorer/authusers +++ b/type/__dma_auth/explorer/authusers @@ -49,7 +49,7 @@ BEGIN { host == server { print endpos, $0 } ' "${auth_conf}" \ -| while read pos line +| while read -r pos line do printf '%s:%s\n' \ "$(printf '%s' "$line" | cut -c $((-pos)))" \ From bf822f3f8ca53852554750003296b9163122c424 Mon Sep 17 00:00:00 2001 From: Dennis Camera Date: Mon, 1 Jun 2020 20:26:52 +0200 Subject: [PATCH 021/164] [type/__dma] Fix SC2154 --- type/__dma/manifest | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/type/__dma/manifest b/type/__dma/manifest index 4a78dab..7abd7c8 100755 --- a/type/__dma/manifest +++ b/type/__dma/manifest @@ -1,7 +1,9 @@ #!/bin/sh -e +os=$(cat "${__global}/explorer/os") + # Install DMA -case $(cat "${__global}/explorer/os") +case $os in (debian|devuan|ubuntu) __package dma --state present From de4508cb0695cf0f7a6561ac7d8b92add1bc313d Mon Sep 17 00:00:00 2001 From: Dennis Camera Date: Sat, 6 Jun 2020 21:45:40 +0200 Subject: [PATCH 022/164] Mark __dma_auth and __mail_alias as nonparallel Both types modify a single file, so they shouldn't be run at the same time. --- type/__dma_auth/nonparallel | 0 type/__mail_alias/nonparallel | 0 2 files changed, 0 insertions(+), 0 deletions(-) create mode 100644 type/__dma_auth/nonparallel create mode 100644 type/__mail_alias/nonparallel diff --git a/type/__dma_auth/nonparallel b/type/__dma_auth/nonparallel new file mode 100644 index 0000000..e69de29 diff --git a/type/__mail_alias/nonparallel b/type/__mail_alias/nonparallel new file mode 100644 index 0000000..e69de29 From 7b9ffb4a413693556a6c19258ba3a17d1614613f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Timoth=C3=A9e=20Floure?= Date: Sun, 7 Jun 2020 08:46:18 +0200 Subject: [PATCH 023/164] __unbound: wire remote control configuration --- type/__unbound/files/unbound.conf.sh | 12 ++++++------ type/__unbound/gencode-remote | 8 ++++++++ type/__unbound/man.rst | 6 ++++++ type/__unbound/manifest | 17 +++++++++++++++++ type/__unbound/parameter/boolean | 1 + type/__unbound/parameter/default/rc_interface | 1 + type/__unbound/parameter/optional | 1 + 7 files changed, 40 insertions(+), 6 deletions(-) create mode 100755 type/__unbound/gencode-remote create mode 100644 type/__unbound/parameter/default/rc_interface create mode 100644 type/__unbound/parameter/optional diff --git a/type/__unbound/files/unbound.conf.sh b/type/__unbound/files/unbound.conf.sh index effea65..46d2824 100755 --- a/type/__unbound/files/unbound.conf.sh +++ b/type/__unbound/files/unbound.conf.sh @@ -857,14 +857,14 @@ python: remote-control: # Enable remote control with unbound-control(8) here. # set up the keys and certificates with unbound-control-setup. - # control-enable: no + control-enable: $RC_ENABLE # what interfaces are listened to for remote control. # give 0.0.0.0 and ::0 to listen to all interfaces. # set to an absolute path to use a unix local name pipe, certificates # are not used for that, so key and cert files need not be present. # control-interface: 127.0.0.1 - # control-interface: ::1 + control-interface: $RC_INTERFACE # port number for remote control operations. # control-port: 8953 @@ -874,16 +874,16 @@ remote-control: # control-use-cert: "yes" # unbound server key file. - # server-key-file: "/unbound_server.key" + server-key-file: "$RC_SERVER_KEY_FILE" # unbound server certificate file. - # server-cert-file: "/unbound_server.pem" + server-cert-file: "$RC_SERVER_CERT_FILE" # unbound-control key file. - # control-key-file: "/unbound_control.key" + control-key-file: "$RC_CONTROL_KEY_FILE" # unbound-control certificate file. - # control-cert-file: "/unbound_control.pem" + control-cert-file: "$RC_CONTROL_CERT_FILE" # Stub zones. # Create entries like below, to make all queries for 'example.com' and diff --git a/type/__unbound/gencode-remote b/type/__unbound/gencode-remote new file mode 100755 index 0000000..5d2bb4a --- /dev/null +++ b/type/__unbound/gencode-remote @@ -0,0 +1,8 @@ +#!/bin/sh + +UNBOUND_CERTS_DIR=/etc/unbound + +if [ -f "$__object/parameter/enable_rc" ]; then + echo "unbound-control-setup -d $UNBOUND_CERTS_DIR" + echo "chown unbound:unbound $UNBOUND_CERTS_DIR/*.pem $UNBOUND_CERTS_DIR/*.key" +fi diff --git a/type/__unbound/man.rst b/type/__unbound/man.rst index 6d113b0..679e601 100644 --- a/type/__unbound/man.rst +++ b/type/__unbound/man.rst @@ -31,6 +31,9 @@ access_control but localhost is refused by default), can be provided multiple times. The format is described in unbound.conf(5). +rc_interface + Address or path to socket used for remote control (see `--enable_control`. Defaults to `127.0.0.1`). + BOOLEAN PARAMETERS ------------------ disable-ip4 @@ -41,6 +44,9 @@ disable-ip6 Do not answer or issue queries over IPv6. Cannot be used alongside the `--disable-ip4` flag. +enable_rc + Enable remote control (see `unbound-control(8)`). + EXAMPLES -------- diff --git a/type/__unbound/manifest b/type/__unbound/manifest index a25cdec..d85ad66 100755 --- a/type/__unbound/manifest +++ b/type/__unbound/manifest @@ -49,6 +49,11 @@ if [ -f "$__object/parameter/access_control" ]; then export ACCESS_CONTROLS fi +if [ -f "$__object/parameter/rc_interface" ]; then + RC_INTERFACE=$(cat "$__object/parameter/rc_interface") + export RC_INTERFACE +fi + # Boolean parameters: if [ -f "$__object/parameter/disable_ip4" ] && \ [ -f "$__object/parameter/disable_ip6" ]; then @@ -68,6 +73,18 @@ else export DO_IP6='yes' fi +if [ -f "$__object/parameter/enable_rc" ]; then + export RC_ENABLE='yes' +else + export RC_ENABLE='no' +fi + +# Certs for remote control: +export RC_SERVER_KEY_FILE='/etc/unbound/unbound_server.key' +export RC_SERVER_CERT_FILE='/etc/unbound/unbound_server.pem' +export RC_CONTROL_KEY_FILE='/etc/unbound/unbound_control.key' +export RC_CONTROL_CERT_FILE='/etc/unbound/unbound_control.pem' + # Generate and deploy configuration files. source_file="$__object/files/unbound.conf" target_file="/etc/unbound/unbound.conf" diff --git a/type/__unbound/parameter/boolean b/type/__unbound/parameter/boolean index a2d5910..b6e53a1 100644 --- a/type/__unbound/parameter/boolean +++ b/type/__unbound/parameter/boolean @@ -1,2 +1,3 @@ disable_ip6 disable_ip4 +enable_rc diff --git a/type/__unbound/parameter/default/rc_interface b/type/__unbound/parameter/default/rc_interface new file mode 100644 index 0000000..7b9ad53 --- /dev/null +++ b/type/__unbound/parameter/default/rc_interface @@ -0,0 +1 @@ +127.0.0.1 diff --git a/type/__unbound/parameter/optional b/type/__unbound/parameter/optional new file mode 100644 index 0000000..0826b6e --- /dev/null +++ b/type/__unbound/parameter/optional @@ -0,0 +1 @@ +rc_interface From 1e45d85d4d3d171b211e957e099f0e1c1580fe57 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Timoth=C3=A9e=20Floure?= Date: Sun, 7 Jun 2020 08:53:56 +0200 Subject: [PATCH 024/164] Add new __unbound_exporter type --- type/__unbound_exporter/files/openrc-service | 12 ++++ type/__unbound_exporter/gencode-remote | 46 ++++++++++++++ type/__unbound_exporter/man.rst | 63 ++++++++++++++++++++ type/__unbound_exporter/manifest | 44 ++++++++++++++ type/__unbound_exporter/parameter/required | 1 + type/__unbound_exporter/singleton | 0 6 files changed, 166 insertions(+) create mode 100644 type/__unbound_exporter/files/openrc-service create mode 100755 type/__unbound_exporter/gencode-remote create mode 100644 type/__unbound_exporter/man.rst create mode 100755 type/__unbound_exporter/manifest create mode 100644 type/__unbound_exporter/parameter/required create mode 100644 type/__unbound_exporter/singleton diff --git a/type/__unbound_exporter/files/openrc-service b/type/__unbound_exporter/files/openrc-service new file mode 100644 index 0000000..6caed5e --- /dev/null +++ b/type/__unbound_exporter/files/openrc-service @@ -0,0 +1,12 @@ +#!/sbin/openrc-run + +name=$RC_SVCNAME +command="/usr/local/bin/unbound_exporter" +command_args="" +command_user="unbound" +command_background="yes" +pidfile="/var/run/$RC_SVCNAME.pid" + +depend() { + need unbound +} diff --git a/type/__unbound_exporter/gencode-remote b/type/__unbound_exporter/gencode-remote new file mode 100755 index 0000000..ef7ef9b --- /dev/null +++ b/type/__unbound_exporter/gencode-remote @@ -0,0 +1,46 @@ +#!/bin/sh -e +# +# 2020 Timothée Floure (timothee.floure@ungleich.ch) +# +# This file is part of cdist. +# +# cdist is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# cdist is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with cdist. If not, see . + +upstream=https://github.com/wish/unbound_exporter/archive +version=$(cat $__object/parameter/version) +release="unbound_exporter-$version" + +cat << EOF +if command -v unbound_exporter +then + # already installed - ignoring. + echo "Nothing to do -" +else + # Initialize working directory + workdir=\$(mktemp -d) + cd \$workdir + + # Download and extract sources for requested release. + curl -L $upstream/v$version.tar.gz --output $release.tar.gz + tar xf $release.tar.gz + + # Build and install binary. + cd $release + go build + install -m755 unbound_exporter /usr/local/bin/ + + # Clean up! + rm -r \$workdir +fi +EOF diff --git a/type/__unbound_exporter/man.rst b/type/__unbound_exporter/man.rst new file mode 100644 index 0000000..934bdd7 --- /dev/null +++ b/type/__unbound_exporter/man.rst @@ -0,0 +1,63 @@ +cdist-type__unbound_exporter(7) +=============================== + +NAME +---- +cdist-type__unbound_exporter - A prometheus exporter for unbound + + +DESCRIPTION +----------- +Simple Prometheus metrics exporter for the Unbound DNS +resolver. It leverages the unbound remote control endpoint +and exposes metrics on port 9167. + + +REQUIRED PARAMETERS +------------------- +version + unbound_exporter release to be used. + +OPTIONAL PARAMETERS +------------------- +None. + + +BOOLEAN PARAMETERS +------------------ +None. + + +EXAMPLES +-------- + +.. code-block:: sh + + __unbound \ + --interface '::0' \ + --forward_addr '2a0a:e5c0:2:1::5' \ + --forward_addr '2a0a:e5c0:2:1::6' \ + --access_control '::0/0 deny' \ + --access_control '2a0a:e5c0::/29 allow' \ + --access_control '2a09:2940::/29 allow' \ + --disable_ip4 \ + --enable_rc \ + --rc_interface '::1' + + __unbound_exporter --version 0.1.3 + +SEE ALSO +-------- +:strong:`cdist-type__unbound(7)` + +AUTHORS +------- +Timothée Floure + + +COPYING +------- +Copyright \(C) 2020 Timothée Floure. You can redistribute it +and/or modify it under the terms of the GNU General Public License as +published by the Free Software Foundation, either version 3 of the +License, or (at your option) any later version. diff --git a/type/__unbound_exporter/manifest b/type/__unbound_exporter/manifest new file mode 100755 index 0000000..9f71834 --- /dev/null +++ b/type/__unbound_exporter/manifest @@ -0,0 +1,44 @@ +#!/bin/sh -e +# +# 2020 Timothée Floure (timothee.floure@ungleich.ch) +# +# This file is part of cdist. +# +# cdist is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# cdist is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with cdist. If not, see . +# + + +os=$(cat "$__global/explorer/os") + +case "$os" in + alpine) + # Used in gencode-remote. + __package curl + __package tar + __package go + __package libc-dev + ;; + *) + printf "Your operating system (%s) is currently not supported by this type (%s)\n" "$os" "${__type##*/}" >&2 + printf "Please contribute an implementation for it if you can.\n" >&2 + exit 1 + ;; +esac + +__file /etc/init.d/unbound_exporter \ + --source "$__type/files/openrc-service" \ + --mode 755 + +require="__file/etc/init.d/unbound_exporter" __service unbound_exporter --action start +require="__file/etc/init.d/unbound_exporter" __start_on_boot unbound_exporter diff --git a/type/__unbound_exporter/parameter/required b/type/__unbound_exporter/parameter/required new file mode 100644 index 0000000..088eda4 --- /dev/null +++ b/type/__unbound_exporter/parameter/required @@ -0,0 +1 @@ +version diff --git a/type/__unbound_exporter/singleton b/type/__unbound_exporter/singleton new file mode 100644 index 0000000..e69de29 From d14011c50b8dbfbddf1adfab9e7823e462ef042c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Timoth=C3=A9e=20Floure?= Date: Sun, 7 Jun 2020 08:55:34 +0200 Subject: [PATCH 025/164] Sync CHANGELOG with __unbound* changes --- CHANGELOG.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index a61c82d..df26f7e 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,4 +1,6 @@ # cdist-contrib changes +* 2020-06-07: New type: __unbound_exporter (Timothée Floure) +* 2020-06-07: Extended type: wire remote control configuration for __unbond (Timothée Floure) * 2020-06-03: New type: __unbound (Timothée Floure) * 2020-04-28: New type: __find_exec (Ander Punnar) From 17f6a4dd471193369e17b0287817fc9cd43895b8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Timoth=C3=A9e=20Floure?= Date: Sun, 7 Jun 2020 08:57:51 +0200 Subject: [PATCH 026/164] Only shellcheck .sh files in type/*/files/ --- scripts/run-shellcheck.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/run-shellcheck.sh b/scripts/run-shellcheck.sh index 769f853..475f426 100755 --- a/scripts/run-shellcheck.sh +++ b/scripts/run-shellcheck.sh @@ -15,7 +15,7 @@ check () { } check -path "*/explorer/*" -check -path "*/files/*" +check -path "*/files/*.sh" check -name manifest check -name gencode-local check -name gencode-remote From bffc38ad52a54d7c80354fac46bf9f556fb4e0c4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Timoth=C3=A9e=20Floure?= Date: Sun, 7 Jun 2020 08:58:14 +0200 Subject: [PATCH 027/164] __unbound_exporter: make shellcheck happy again --- type/__unbound_exporter/gencode-remote | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/type/__unbound_exporter/gencode-remote b/type/__unbound_exporter/gencode-remote index ef7ef9b..fcd85fb 100755 --- a/type/__unbound_exporter/gencode-remote +++ b/type/__unbound_exporter/gencode-remote @@ -18,7 +18,7 @@ # along with cdist. If not, see . upstream=https://github.com/wish/unbound_exporter/archive -version=$(cat $__object/parameter/version) +version=$(cat "$__object/parameter/version") release="unbound_exporter-$version" cat << EOF From 4ff703e6aa74e18b679302e4b02cd2b9fd41fe6e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Timoth=C3=A9e=20Floure?= Date: Sun, 7 Jun 2020 10:34:35 +0200 Subject: [PATCH 028/164] Fine tuning prometheus exporter for unbound --- type/__unbound/gencode-remote | 8 ++++++++ type/__unbound/manifest | 3 --- type/__unbound_exporter/manifest | 1 + 3 files changed, 9 insertions(+), 3 deletions(-) diff --git a/type/__unbound/gencode-remote b/type/__unbound/gencode-remote index 5d2bb4a..d12a395 100755 --- a/type/__unbound/gencode-remote +++ b/type/__unbound/gencode-remote @@ -6,3 +6,11 @@ if [ -f "$__object/parameter/enable_rc" ]; then echo "unbound-control-setup -d $UNBOUND_CERTS_DIR" echo "chown unbound:unbound $UNBOUND_CERTS_DIR/*.pem $UNBOUND_CERTS_DIR/*.key" fi + +cat << EOF +if pgrep unbound; then + service unbound reload +else + service unbounb start +fi +EOF diff --git a/type/__unbound/manifest b/type/__unbound/manifest index d85ad66..346f30c 100755 --- a/type/__unbound/manifest +++ b/type/__unbound/manifest @@ -95,6 +95,3 @@ require="__package/unbound" __file "$target_file" \ --source "$source_file" \ --owner root \ --mode 644 - -# Restart unbound server after reconfiguration. -require="__file/$target_file" __service unbound --action restart diff --git a/type/__unbound_exporter/manifest b/type/__unbound_exporter/manifest index 9f71834..3602e47 100755 --- a/type/__unbound_exporter/manifest +++ b/type/__unbound_exporter/manifest @@ -26,6 +26,7 @@ case "$os" in # Used in gencode-remote. __package curl __package tar + __package openssl __package go __package libc-dev ;; From 0cd19b3a5dc71fa3fed263fe14eb05aafa58b0aa Mon Sep 17 00:00:00 2001 From: Dennis Camera Date: Tue, 9 Jun 2020 14:44:54 +0200 Subject: [PATCH 029/164] [type/__dma] Use "smarthost" spelling to be consistent with DMA --- type/__dma/gencode-remote | 8 ++++---- type/__dma/man.rst | 14 ++++++-------- type/__dma/parameter/required | 2 +- 3 files changed, 11 insertions(+), 13 deletions(-) diff --git a/type/__dma/gencode-remote b/type/__dma/gencode-remote index 1b00f04..e2bb405 100755 --- a/type/__dma/gencode-remote +++ b/type/__dma/gencode-remote @@ -22,9 +22,9 @@ fi # Generate config conf_should=$( - if test -s "${__object}/parameter/smart-host" + if test -s "${__object}/parameter/smarthost" then - printf 'SMARTHOST %s\n' "$(cat "${__object}/parameter/smart-host")" + printf 'SMARTHOST %s\n' "$(cat "${__object}/parameter/smarthost")" fi printf 'MAILNAME %s\n' "${mailname}" @@ -85,8 +85,8 @@ conf_should=$( if test -f "${__object}/parameter/null-client" then - test -s "${__object}/parameter/smart-host" || { - echo '--null-client requires a --smart-host to be defined' >&2 + test -s "${__object}/parameter/smarthost" || { + echo '--null-client requires a --smarthost to be defined' >&2 exit 1 } diff --git a/type/__dma/man.rst b/type/__dma/man.rst index a8ba546..cbc1c0c 100644 --- a/type/__dma/man.rst +++ b/type/__dma/man.rst @@ -13,15 +13,15 @@ mails from locally installed Mail User Agents (MUA) and deliver the mails to a remote destination. Remote delivery happens over TLS to one or more mailboxes that are local to the -email server configured in the `smart-host` parameter. +mail server configured in the ``smarthost`` parameter. REQUIRED PARAMETERS ------------------- -smart-host - The email server used to send email. +smarthost + The mail server used to send email. It must be configured to act as a relay for the host being configured by - this type so that mail can be sent to users non-local to the smart-host. + this type so that mail can be sent to users non-local to the smarthost. BOOLEAN PARAMETERS @@ -33,7 +33,7 @@ full-bounce not just the headers. null-client Enable to bypass aliases and local delivery, and instead forward all mails - to the defined `--smart-host`. + to the defined ``--smarthost``. send-test-email If present, after setup this type will send an email to root, to allow you to easily test your setup. @@ -78,9 +78,7 @@ EXAMPLES .. code-block:: sh - __dma \ - --smart-host mx1.domain.tld \ - --send-test-email + __dma --smarthost mx1.domain.tld --send-test-email SEE ALSO diff --git a/type/__dma/parameter/required b/type/__dma/parameter/required index 262568f..0753fb6 100644 --- a/type/__dma/parameter/required +++ b/type/__dma/parameter/required @@ -1 +1 @@ -smart-host +smarthost From 45b10f3e098f3e06dccdc2483c36e56527e0b9a1 Mon Sep 17 00:00:00 2001 From: Dennis Camera Date: Tue, 9 Jun 2020 14:51:11 +0200 Subject: [PATCH 030/164] [type/__dma] Update parameters to match config names in DMA --- type/__dma/gencode-remote | 6 +++--- type/__dma/parameter/boolean | 6 +++--- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/type/__dma/gencode-remote b/type/__dma/gencode-remote index e2bb405..e4760d8 100755 --- a/type/__dma/gencode-remote +++ b/type/__dma/gencode-remote @@ -78,15 +78,15 @@ conf_should=$( echo 'DEFER' fi - if test -f "${__object}/parameter/full-bounce" + if test -f "${__object}/parameter/fullbounce" then echo 'FULLBOUNCE' fi - if test -f "${__object}/parameter/null-client" + if test -f "${__object}/parameter/nullclient" then test -s "${__object}/parameter/smarthost" || { - echo '--null-client requires a --smarthost to be defined' >&2 + echo '--nullclient requires a --smarthost to be defined' >&2 exit 1 } diff --git a/type/__dma/parameter/boolean b/type/__dma/parameter/boolean index ede7dda..523bb97 100644 --- a/type/__dma/parameter/boolean +++ b/type/__dma/parameter/boolean @@ -1,4 +1,4 @@ defer -full-bounce -null-client -send-test-email +fullbounce +nullclient +send-test-mail From 67b989a717d1c2c817b99220712bab7e78a679e3 Mon Sep 17 00:00:00 2001 From: Dennis Camera Date: Tue, 9 Jun 2020 20:53:01 +0200 Subject: [PATCH 031/164] [type/__dma_auth] Simplify code and add more comments --- type/__dma_auth/explorer/{authusers => state} | 51 ++++++++--- type/__dma_auth/gencode-remote | 84 ++++++++++++------- 2 files changed, 91 insertions(+), 44 deletions(-) rename type/__dma_auth/explorer/{authusers => state} (65%) diff --git a/type/__dma_auth/explorer/authusers b/type/__dma_auth/explorer/state similarity index 65% rename from type/__dma_auth/explorer/authusers rename to type/__dma_auth/explorer/state index c76667b..18e13ce 100755 --- a/type/__dma_auth/explorer/authusers +++ b/type/__dma_auth/explorer/state @@ -31,27 +31,54 @@ else fi awk -F'\n' -v server="${server}" ' +function getvalue(path) { + getline < path + close(path) + return $0 +} + BEGIN { DP = "[: \t]" # copied from dma/conf.c + + parameter_dir = ENVIRON["__object"] "/parameter/" + + host_param = getvalue(parameter_dir "server") + if (!host_param) host_param = ENVIRON["__object_id"] + login_param = getvalue(parameter_dir "login") + passwd_param = getvalue(parameter_dir "password") + + state = "absent" } -# skip comments and empty lines -/^#/ || /^$/ { next } +/^#/ || /^$/ { + # skip comments and empty lines + next +} { + # parse line + login = substr($0, 1, index($0, "|") - 1) + if (!login) { login = $0 } # if no "|" found + host = substr($0, length(login) + 2) + if (match(host, DP)) { + passwd = substr(host, RSTART) host = substr(host, 1, RSTART - 1) - endpos = length(login) + RSTART - } else endpos = length + } else { + passwd = "" + } } -host == server { print endpos, $0 } -' "${auth_conf}" \ -| while read -r pos line - do - printf '%s:%s\n' \ - "$(printf '%s' "$line" | cut -c $((-pos)))" \ - "$(printf '%s' "$line" | cut -c $((pos+2))- | cksum | cut -d' ' -f1)" - done +host == host_param && login == login_param { + if (passwd == passwd_param) + state = "present" + else + state = "different_password" +} + +END { + print state +} +' "${auth_conf}" diff --git a/type/__dma_auth/gencode-remote b/type/__dma_auth/gencode-remote index b6b7f63..262a17a 100755 --- a/type/__dma_auth/gencode-remote +++ b/type/__dma_auth/gencode-remote @@ -18,6 +18,7 @@ # along with cdist. If not, see . # +state_is=$(cat "${__object}/explorer/state") state_should=$(cat "${__object}/parameter/state") if test -f "${__object}/parameter/server" @@ -28,33 +29,27 @@ else fi login=$(cat "${__object}/parameter/login") +if test "${state_is}" = "${state_should}" +then + # state is as it should + exit 0 +fi + case $state_should in (present) - line_should=$(printf '%s|%s:%s\n' \ - "${login}" "${server}" \ - "$(cksum "${__object}/parameter/password" | cut -d' ' -f1)") - if grep -qxF "${line_should}" "${__object}/explorer/authusers" - then - # correct line already present -> nothing to do - exit 0 - fi - test -n "${login}" || { echo '--login must be non-empty' >&2; exit 1; } mode=1 - if test -s "${__object}/explorer/authusers" + if test "${state_is}" = 'absent' then - printf 'set authuser %s on %s\n' "${login}" "${server}" >>"${__messages_out}" - else printf 'add authuser %s on %s\n' "${login}" "${server}" >>"${__messages_out}" + else + printf 'set authuser %s on %s\n' "${login}" "${server}" >>"${__messages_out}" fi ;; (absent) - # no matching logins present -> nothing to do - test -s "${__object}/explorer/authusers" || exit 0 - mode=0 printf 'delete authuser %s on %s\n' "${login}" "${server}" >>"${__messages_out}" @@ -67,16 +62,14 @@ esac auth_conf=$(cat "${__object}/explorer/auth_conf") -if test -z "${auth_conf}" -then +test -n "${auth_conf}" || { echo 'Cannot determine path of dma auth.conf' >&2 exit 1 -fi +} + cat < drop all lines for this host + next + } + } } +# leave other lines alone { print } END { if (mode && !written) { - printf "%s|%s:%s\n", ENVIRON["login"], ENVIRON["server"], getpw() + # append line if no match to replace was found + print_should() } } ' <"${auth_conf}" >"${auth_conf}.tmp" \ From 96fcccf5294e1ed381096b731207674807ce6222 Mon Sep 17 00:00:00 2001 From: Dennis Camera Date: Tue, 9 Jun 2020 21:39:28 +0200 Subject: [PATCH 032/164] [type/__mail_alias] Improve documentation --- type/__mail_alias/explorer/aliases | 43 ++++++++++++------ type/__mail_alias/explorer/aliases_file | 2 +- type/__mail_alias/gencode-remote | 59 ++++++++++++++++--------- 3 files changed, 69 insertions(+), 35 deletions(-) diff --git a/type/__mail_alias/explorer/aliases b/type/__mail_alias/explorer/aliases index 66940d5..0a8da94 100755 --- a/type/__mail_alias/explorer/aliases +++ b/type/__mail_alias/explorer/aliases @@ -32,26 +32,41 @@ function print_aliases(aliases, matches) { } /^#/ { - # comment - select = 0; cont = 0; next -} - -{ - cont = ($0 ~ /\\$/) - if (cont) sub(/[ \t]*\\$/, "", $0) -} - -/^[[:blank:]]/ || cont { - # continuation line - if (select) print_aliases($0) + # comment line (ignore) + select = 0; cont = 0 # comments terminate alias lists and continuations next } -$1 == ENVIRON["__object_id"] { +/^[ \t]/ || cont { + # continuation line (either the previous line ended in a backslash or the + # line starts with whitespace) + + if (select) + print_aliases($0) +} + +{ + # detect if the line is a line to be continued (ends with a backslash) + cont = ($0 ~ /\\$/) + + # if it is, we drop the backslash from the line and skip to next line + # (the contents have been printed above if they should) + if (cont) { + sub(/[ \t]*\\$/, "", $0) + next + } +} + +$1 == ENVIRON["__object_id"] && !select { + # "target" user -> print alias list + # (only if !select; because of whitespacecontinuation lines) select = 1 print_aliases($2) next } -{ select = 0 } +{ + # other user + select = 0 +} ' "${aliases_file}" diff --git a/type/__mail_alias/explorer/aliases_file b/type/__mail_alias/explorer/aliases_file index f7c4596..2710792 100755 --- a/type/__mail_alias/explorer/aliases_file +++ b/type/__mail_alias/explorer/aliases_file @@ -17,7 +17,7 @@ # You should have received a copy of the GNU General Public License # along with cdist. If not, see . # -# This explorer tries to find the correct aliases file. +# This explorer finds the aliases file to modify. found() { echo "$*"; exit 0; } diff --git a/type/__mail_alias/gencode-remote b/type/__mail_alias/gencode-remote index 7778536..f4cbf46 100755 --- a/type/__mail_alias/gencode-remote +++ b/type/__mail_alias/gencode-remote @@ -29,7 +29,13 @@ in exit 0 fi - echo "set aliases" >>"$__messages_out" + if test -s "${__object}/explorer/aliases" + then + echo "update aliases" >>"$__messages_out" + else + echo "add aliases" >>"$__messages_out" + fi + mode=1 ;; (absent) @@ -37,6 +43,7 @@ in test -s "${__object}/explorer/aliases" || exit 0 echo "delete aliases" >>"$__messages_out" + mode=0 ;; (*) @@ -46,11 +53,10 @@ esac aliases_file=$(cat "${__object}/explorer/aliases_file") -if test -z "${aliases_file}" -then +test -n "${aliases_file}" || { echo 'Could not determine aliases file path.' >&2 exit 1 -fi +} # "export" variables to remote printf 'mode=%u\n' "${mode}" @@ -58,16 +64,18 @@ printf "aliases_file='%s'\n" "${aliases_file}" cat <<'EOF' test -f "${aliases_file}" || touch "${aliases_file}" -awk -F ':[ \t]*' -v mode="${mode}" ' -function sepafter(f, default, _) { + +awk -F ':[ \t]*' -v mode=$mode ' +function sepafter(f, default, _) { + # finds the separator between field $f and $(f+1) _ = substr($0, length($f) + 1, index(substr($0, length($f)+1), $(f+1)) - 1) - if (_) return _ - else return default + return _ ? _ : default } function write_aliases() { if (aliases_written) return + # print aliases line printf "%s%s", ENVIRON["__object_id"], sepafter(1, ": ") while ((getline < aliases_should_file) > 0) { if (aliases_written) printf ", " @@ -83,36 +91,45 @@ BEGIN { } /^#/ { - # comment - select = 0; cont = 0 + # comment line (leave alone) + select = 0; cont = 0 # comments terminate alias lists and continuations print next } -{ - cont = ($0 ~ /\\$/) - if (cont) sub(/[ \t]*\\$/, "", $0) -} - /^[ \t]/ || cont { - # continuation line + # continuation line (either the previous line ended in a backslash or the + # line starts with whitespace) + + # if in the alias list of the "target" user, we drop the line as it has been + # rewritten previously if (select) next } +{ + # detect if the line is a line to be continued (ends with a backslash) + cont = ($0 ~ /\\$/) + # if it is, we drop the backslash from the line. + if (cont) sub(/[ \t]*\\$/, "", $0) +} + $1 == ENVIRON["__object_id"] { - in_list = 1 + # "target" user -> rewrite aliases list + select = 1 if (mode) write_aliases() next } { - in_list = 0 + # other user + select = 0 print } END { - # if the last line as an alias definition, the separator will be reused - if (mode && !aliases_written) write_aliases() + # if the last line was an alias, the separator will be reused (looks better) + if (mode && !aliases_written) + write_aliases() } ' <"${aliases_file}" >"${aliases_file}.tmp" || { echo 'Generating new aliases file failed!' >&2 @@ -121,9 +138,11 @@ END { if ! cmp -s "${aliases_file}" "${aliases_file}.tmp" then + # aliases file was modified, replace and run `newaliases` mv "${aliases_file}.tmp" "${aliases_file}" newaliases else + # no modifications were made, delete the temp file. rm "${aliases_file}.tmp" fi EOF From ca9e011d50ff2296fa0e4db74d99ecadbcee680f Mon Sep 17 00:00:00 2001 From: Dennis Camera Date: Thu, 11 Jun 2020 15:09:51 +0200 Subject: [PATCH 033/164] [type/__dma_auth] Fix off-by-one error --- type/__dma_auth/explorer/state | 2 +- type/__dma_auth/gencode-remote | 7 +++++-- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/type/__dma_auth/explorer/state b/type/__dma_auth/explorer/state index 18e13ce..0e6f7be 100755 --- a/type/__dma_auth/explorer/state +++ b/type/__dma_auth/explorer/state @@ -64,7 +64,7 @@ BEGIN { host = substr($0, length(login) + 2) if (match(host, DP)) { - passwd = substr(host, RSTART) + passwd = substr(host, RSTART + 1) host = substr(host, 1, RSTART - 1) } else { passwd = "" diff --git a/type/__dma_auth/gencode-remote b/type/__dma_auth/gencode-remote index 262a17a..c49779f 100755 --- a/type/__dma_auth/gencode-remote +++ b/type/__dma_auth/gencode-remote @@ -99,7 +99,10 @@ BEGIN { } # skip comments and empty lines -/^#/ || /^$/ { print; next } +/^#/ || /^$/ { + print + next +} { # parse line @@ -110,7 +113,7 @@ BEGIN { host = substr($0, length(login) + 2) if (match(host, DP)) { - passwd = substr(host, RSTART) + passwd = substr(host, RSTART + 1) host = substr(host, 1, RSTART - 1) } else { passwd = "" From 5b8ae33b4e0bad18f8b76b3cb326884dc16b9550 Mon Sep 17 00:00:00 2001 From: Dennis Camera Date: Thu, 11 Jun 2020 15:21:35 +0200 Subject: [PATCH 034/164] [type/__dma_auth] Improve documentation and handle duplicate lines better The state explorer gained a new value "multiple" (it is not used anywhere, just informative). The code will only write a "should" line once and drop duplicate lines. --- type/__dma_auth/explorer/state | 22 ++++++++++++++++------ type/__dma_auth/gencode-remote | 10 +++++++--- 2 files changed, 23 insertions(+), 9 deletions(-) diff --git a/type/__dma_auth/explorer/state b/type/__dma_auth/explorer/state index 0e6f7be..668b50f 100755 --- a/type/__dma_auth/explorer/state +++ b/type/__dma_auth/explorer/state @@ -17,8 +17,13 @@ # You should have received a copy of the GNU General Public License # along with cdist. If not, see . # -# This explorer looks for lines matching the server parameter in dma's auth.conf -# and reports the login and server fields (password is cksummed) +# This explorer looks for a line matching the login and server parameters +# in dma's auth.conf and reports: +# present: a line matching login + host + password exists +# absent: no line matching login + host exists +# different_password: a line exists but with a different pasword +# multiple: multiple lines matching login + host exist +# (should never happen) auth_conf=$("${__type_explorer}/auth_conf") test -r "${auth_conf}" || exit 0 @@ -32,6 +37,7 @@ fi awk -F'\n' -v server="${server}" ' function getvalue(path) { + # Reads the first line of the file located at path and returns it. getline < path close(path) return $0 @@ -42,6 +48,7 @@ BEGIN { parameter_dir = ENVIRON["__object"] "/parameter/" + # Read the parameters of this object host_param = getvalue(parameter_dir "server") if (!host_param) host_param = ENVIRON["__object_id"] login_param = getvalue(parameter_dir "login") @@ -72,10 +79,13 @@ BEGIN { } host == host_param && login == login_param { - if (passwd == passwd_param) - state = "present" - else - state = "different_password" + # a match… + if (state == "absent") { + state = ((passwd == passwd_param) ? "present" : "different_password") + } else { + # report "multiple" to that the type can remove the duplicates. + state = "multiple" + } } END { diff --git a/type/__dma_auth/gencode-remote b/type/__dma_auth/gencode-remote index c49779f..46d9f31 100755 --- a/type/__dma_auth/gencode-remote +++ b/type/__dma_auth/gencode-remote @@ -78,6 +78,7 @@ test -f "${auth_conf}" || touch "${auth_conf}" awk -F '\n' -v mode=$mode ' function getvalue(path) { + # Reads the first line of the file located at path and returns it. getline < path close(path) return $0 @@ -124,11 +125,12 @@ host == host_param { if (mode) { # state_should == present if (login == login_param && !written) { - # replace line if host and login match + # replace line if host and login match (but only if no line has + # been written already -> no duplicates) print_should() written = 1 - next } + next } else { # state_should == absent if (!login_param || login == login_param) { @@ -139,7 +141,9 @@ host == host_param { } # leave other lines alone -{ print } +{ + print +} END { if (mode && !written) { From 193b1780dee58be94010e06bf3f3e296f7b4b283 Mon Sep 17 00:00:00 2001 From: Dennis Camera Date: Thu, 11 Jun 2020 15:38:34 +0200 Subject: [PATCH 035/164] Improve error message when invalid --state is used. --- type/__dma_auth/gencode-remote | 3 ++- type/__mail_alias/gencode-remote | 3 ++- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/type/__dma_auth/gencode-remote b/type/__dma_auth/gencode-remote index 46d9f31..c57e5cc 100755 --- a/type/__dma_auth/gencode-remote +++ b/type/__dma_auth/gencode-remote @@ -55,7 +55,8 @@ in printf 'delete authuser %s on %s\n' "${login}" "${server}" >>"${__messages_out}" ;; (*) - printf 'Invalid --state: %s' "${state_should}" >&2 + printf 'Invalid --state: %s.\n' "${state_should}" >&2 + printf 'Acceptable values are: present, absent.\n' >&2 exit 1 ;; esac diff --git a/type/__mail_alias/gencode-remote b/type/__mail_alias/gencode-remote index f4cbf46..22ae89b 100755 --- a/type/__mail_alias/gencode-remote +++ b/type/__mail_alias/gencode-remote @@ -47,7 +47,8 @@ in mode=0 ;; (*) - printf 'Invalid --state given: %s\n' "$state_should" >&2 + printf 'Invalid --state: %s.\n' "$state_should" >&2 + printf 'Acceptable values are: present, absent.\n' >&2 exit 1 esac From 551348509717b4b44394a59bd11034e6363d5fbd Mon Sep 17 00:00:00 2001 From: Dennis Camera Date: Thu, 11 Jun 2020 17:01:22 +0200 Subject: [PATCH 036/164] [type/__dma] Improve documentation --- type/__dma/explorer/conf | 8 +++- type/__dma/gencode-remote | 96 ++++++++++++++++++++++++++------------- type/__dma/man.rst | 7 ++- 3 files changed, 75 insertions(+), 36 deletions(-) diff --git a/type/__dma/explorer/conf b/type/__dma/explorer/conf index 129e3c3..b4d6d26 100755 --- a/type/__dma/explorer/conf +++ b/type/__dma/explorer/conf @@ -17,8 +17,12 @@ # You should have received a copy of the GNU General Public License # along with cdist. If not, see . # -# This explorer looks for lines matching the server parameter in dma's auth.conf -# and reports the login and server fields (password is cksummed) +# This explorer returns a sorted list of "active" (= non-commented) lines +# in the dma.conf file. +# "Trailing" line comments are stripped off. +# +# NOTE: This explorer assumes that the sort(1) utility supports the non-POXIX +# -s (stable sort) option. CONF_PATH=/etc/dma # set in Makefile dma_conf="${CONF_PATH:?}/dma.conf" diff --git a/type/__dma/gencode-remote b/type/__dma/gencode-remote index e4760d8..01537bf 100755 --- a/type/__dma/gencode-remote +++ b/type/__dma/gencode-remote @@ -20,7 +20,7 @@ else fi -# Generate config +# Generate "should" values for config conf_should=$( if test -s "${__object}/parameter/smarthost" then @@ -60,7 +60,7 @@ conf_should=$( if test -s "${__object}/parameter/port" then printf 'PORT %u\n' "$(cat "${__object}/parameter/port")" - elif test "${default_smtp_port}" -ne 25 + elif test "${default_smtp_port}" -ne 25 # DMA uses port 25 by default then printf 'PORT %u\n' "${default_smtp_port}" fi @@ -93,6 +93,7 @@ conf_should=$( echo 'NULLCLIENT' fi ) +# Sort conf_should to compare against "conf_is" conf_should=$(echo "$conf_should" | sort -s -k 1,1) config_updated=false @@ -100,24 +101,55 @@ if ! echo "$conf_should" | cmp -s "${__object}/explorer/conf" - then # config needs to be updated echo "dma_conf='${CONF_PATH:?}/dma.conf'" + + # The following AWK script will output the new config file to be stored on + # disk. To do so it reads the current dma.conf file and the config options + # that should be set (from stdin). + # Note that the path to the current dma.conf is passed to AWK twice, because + # the new file cannot be generated in one pass. + + # The logic tries to place options at a sensible location, that is: + # a) if the option is already used in the config file: + # group all similar options (e.g. MASQUERADE) at one place in the order + # they are listed in stdin. + # b) if it is a new option and a "default comment" (e.g. "#PORT 25") exists: + # place options grouped directly after the comment (the comment is left + # alone) + # c) otherwise: + # options are grouped by word (the first word in the line) and appended + # at the end of the file. + cat <<'EOF' awk -F '\n' ' -function comment_line(line) { return match(line, /^[ \t]*#+[ \t]*/) } -function empty_line(line) { return match(line, /^[ \t]*$/) } -function is_word(s) { return s ~ /^[A-Z_]+$/ } +function comment_line(line) { + # returns the position in line at which the comment's text starts + # (0 if the line is not a comment) + match(line, /^[ \t]*\#+[ \t]*/) + return RSTART ? (RLENGTH + 1) : 0 +} +function empty_line(line) { return line ~ /^[ \t]*$/ } +function is_word(s) { return s ~ /^[A-Z_]+$/ } # "looks like a plausible word" function first(line, sep) { + # returns the part of the line until sep is found + # (or the whole line if sep is not found) if (!sep) sep = SUBSEP return index(line, sep) ? substr(line, 1, index(line, sep) - 1) : line } function rest(line, sep) { + # returns the part of the line after the first occurrence of sep is found. + # (or nothing if sep is not found) if (!sep) sep = SUBSEP if (index(line, sep)) return substr(line, index(line, sep) + 1) } function conf_pop(word, value) { + # returns the next value for the config `word` and delete it from the list. + # if value is set, this function will only return value if it is the first + # option in the list, otherwise it returns 0. + if (!(word in conf)) return 0 if (!value) { if (index(conf[word], SUBSEP)) # more than one element? @@ -137,12 +169,14 @@ function conf_pop(word, value) { } function print_conf(word, value) { + # print a config line with the given parameters printf "%s", word if (value) printf " %s", value printf "\n" } function print_confs(word, value) { + # print config lines for all values stored in conf[word]. if (!(word in conf)) return if (conf[word]) { while (value = conf_pop(word)) @@ -154,6 +188,7 @@ function print_confs(word, value) { } BEGIN { + # read the "should" state into the `conf` array. while (getline < "/dev/stdin") { word = first($0, " ") if ((word in conf)) @@ -163,11 +198,12 @@ BEGIN { } } -# first pass, gather information +# first pass, gather information about where which information is stored in the +# current config file. This information will be used in the second pass. NR == FNR { if (comment_line($0)) { # comment line - word = first(substr($0, RLENGTH + 1), " ") + word = first(substr($0, comment_line($0) + 1), " ") if (is_word(word)) last_occ["#" word] = FNR } else { word = first($0, " ") @@ -175,19 +211,22 @@ NR == FNR { } } +# before second pass prepare hashes containing location information to be used +# in the second pass. NR > FNR && FNR == 1 { - # before second pass prepare hashes - + # First we drop the locations of commented-out options if a non-commented + # option is available. If a non-commented option is available, we will + # append new config options there to have them all at one place. for (k in last_occ) if (k ~ /^\#/ && (substr(k, 2) in last_occ)) delete last_occ[k] - for (k in last_occ) { - line_map[last_occ[k]] = k - } + # Reverse the option => line mapping. The line_map allows for easier lookups + # in the second pass. + for (k in last_occ) line_map[last_occ[k]] = k } -# second pass, output new config +# second pass, generate and output new config NR > FNR { if (comment_line($0) || empty_line($0)) { # comment or empty line @@ -195,21 +234,24 @@ NR > FNR { if ((FNR in line_map)) { if (line_map[FNR] ~ /^\#/) { - # the "matching" comment line is here + # This line contains a commented config option. If the conf hash + # contains options to be set, we output them here because this + # option is not used in the current config. k = substr(line_map[FNR], 2) if ((k in conf)) print_confs(k) } if (("INSECURE" in conf) && line_map[FNR] ~ /^\#?SECURE$/) { - # INSECURE goes where SECURE comment is + # INSECURE goes where SECURE comment is. print_confs("INSECURE") } } } else { - sub(/[ \t]*\#.*$/, "", $0) # ignore comments word = first($0, " ") + value = rest($0, " ") + sub(/[ \t]*\#.*$/, "", value) # ignore comments in value - if ((word in conf) && rest($0, " ") == first(conf[word])) { + if ((word in conf) && value == first(conf[word])) { # keep config options we want conf_pop(word) print @@ -223,12 +265,13 @@ NR > FNR { } END { - # print rest of config options + # print rest of config options ( for (word in conf) print_confs(word) } ' "${dma_conf}" "${dma_conf}" <<'EOF' >"${dma_conf}.tmp" \ && mv "${dma_conf}.tmp" "${dma_conf}" EOF + # Pass in "conf_should" via stdin echo "${conf_should}" echo 'EOF' @@ -239,20 +282,9 @@ fi if test -f "${__object}/parameter/send-test-email" then - modified=false - - if grep -q '^__mail_alias/root:' "${__messages_in}" - then - modified=true - elif grep -q '^__dma_auth/' "${__messages_in}" - then - modified=true - elif $config_updated - then - modified=true - fi - - if $modified + if grep -q '^__mail_alias/root:' "${__messages_in}" \ + || grep -q '^__dma_auth/' "${__messages_in}" \ + || $config_updated then cat <<-EOF sendmail root < Date: Thu, 11 Jun 2020 18:07:28 +0200 Subject: [PATCH 037/164] [type/__dma] Use EQS to split config lines --- type/__dma/gencode-remote | 31 +++++++++++++++++-------------- 1 file changed, 17 insertions(+), 14 deletions(-) diff --git a/type/__dma/gencode-remote b/type/__dma/gencode-remote index 01537bf..cb2cdbe 100755 --- a/type/__dma/gencode-remote +++ b/type/__dma/gencode-remote @@ -130,19 +130,20 @@ function comment_line(line) { function empty_line(line) { return line ~ /^[ \t]*$/ } function is_word(s) { return s ~ /^[A-Z_]+$/ } # "looks like a plausible word" -function first(line, sep) { +function first(line, sep_re) { # returns the part of the line until sep is found # (or the whole line if sep is not found) - if (!sep) sep = SUBSEP - return index(line, sep) ? substr(line, 1, index(line, sep) - 1) : line + if (!sep_re) sep_re = "[" SUBSEP "]" + match(line, sep_re) + return RSTART ? substr(line, 1, RSTART - 1) : line } -function rest(line, sep) { +function rest(line, sep_re) { # returns the part of the line after the first occurrence of sep is found. # (or nothing if sep is not found) - if (!sep) sep = SUBSEP - if (index(line, sep)) - return substr(line, index(line, sep) + 1) + if (!sep_re) sep_re = "[" SUBSEP "]" + if (match(line, sep_re)) + return substr(line, RSTART + RLENGTH + 1) } function conf_pop(word, value) { @@ -188,13 +189,15 @@ function print_confs(word, value) { } BEGIN { + EQS = /[ \t]/ # copied from dma/conf.c + # read the "should" state into the `conf` array. while (getline < "/dev/stdin") { - word = first($0, " ") + word = first($0, EQS) if ((word in conf)) - conf[word] = conf[word] SUBSEP rest($0, " ") + conf[word] = conf[word] SUBSEP rest($0, EQS) else - conf[word] = rest($0, " ") + conf[word] = rest($0, EQS) } } @@ -203,10 +206,10 @@ BEGIN { NR == FNR { if (comment_line($0)) { # comment line - word = first(substr($0, comment_line($0) + 1), " ") + word = first(substr($0, comment_line($0) + 1), /[ ]/) if (is_word(word)) last_occ["#" word] = FNR } else { - word = first($0, " ") + word = first($0, EQS) if (is_word(word)) last_occ[word] = FNR } } @@ -247,8 +250,8 @@ NR > FNR { } } } else { - word = first($0, " ") - value = rest($0, " ") + word = first($0, EQS) + value = rest($0, EQS) sub(/[ \t]*\#.*$/, "", value) # ignore comments in value if ((word in conf) && value == first(conf[word])) { From 27102340de8bfde2fa03ebf8dfca7157dbe8ea9f Mon Sep 17 00:00:00 2001 From: Dennis Camera Date: Thu, 11 Jun 2020 20:50:42 +0200 Subject: [PATCH 038/164] [type/__mail_alias] Add bug notice about commas --- type/__mail_alias/man.rst | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/type/__mail_alias/man.rst b/type/__mail_alias/man.rst index d6c7873..3782ffb 100644 --- a/type/__mail_alias/man.rst +++ b/type/__mail_alias/man.rst @@ -44,6 +44,15 @@ EXAMPLES # Disable redirection of mail for joe __mail_alias joe --state absent + +BUGS +---- +- Quoted strings are not parsed by this type. As a result, email addresses + containing ``,`` (commas) are treated incorrectly (they are treated as two + addresses/aliases.) + Make sure that email addresses do not contain commas. + + SEE ALSO -------- :strong:`aliases`\ (5) From c777a2b1c27ca81f5296c3b4395fa22db74478e1 Mon Sep 17 00:00:00 2001 From: Dennis Camera Date: Thu, 11 Jun 2020 21:58:47 +0200 Subject: [PATCH 039/164] [type/__mail_alias] Some fixes in continuation line processing --- type/__mail_alias/explorer/aliases | 25 ++++++++++++++----------- type/__mail_alias/gencode-remote | 25 +++++++++++++------------ 2 files changed, 27 insertions(+), 23 deletions(-) diff --git a/type/__mail_alias/explorer/aliases b/type/__mail_alias/explorer/aliases index 0a8da94..4fffd3b 100755 --- a/type/__mail_alias/explorer/aliases +++ b/type/__mail_alias/explorer/aliases @@ -17,13 +17,15 @@ # You should have received a copy of the GNU General Public License # along with cdist. If not, see . # -# Find aliases for a given name and print the aliases line separated +# Find aliases for a given user name and print the aliases (each one on a +# separate line) aliases_file=$("${__type_explorer}/aliases_file") test -r "${aliases_file}" || exit 0 awk -F ':[ \t]*' ' function print_aliases(aliases, matches) { + # prints comma-separated aliases (one per line) split(aliases, matches, /,[ \t]*/) for (i in matches) { gsub(/^[ \t]*|[ \t]*$/, "", matches[i]) @@ -37,15 +39,11 @@ function print_aliases(aliases, matches) { next } -/^[ \t]/ || cont { - # continuation line (either the previous line ended in a backslash or the - # line starts with whitespace) - - if (select) - print_aliases($0) -} - { + # is this line a continuation line? + # (the prev. line ended in a backslash or the line starts with whitespace) + is_cont = /^[ \t]/ || cont + # detect if the line is a line to be continued (ends with a backslash) cont = ($0 ~ /\\$/) @@ -57,9 +55,14 @@ function print_aliases(aliases, matches) { } } -$1 == ENVIRON["__object_id"] && !select { +is_cont { + # if in the alias list of the "target" user, we also print these aliases. + if (select) print_aliases($0) + next +} + +$1 == ENVIRON["__object_id"] { # "target" user -> print alias list - # (only if !select; because of whitespacecontinuation lines) select = 1 print_aliases($2) next diff --git a/type/__mail_alias/gencode-remote b/type/__mail_alias/gencode-remote index 22ae89b..cc5fc42 100755 --- a/type/__mail_alias/gencode-remote +++ b/type/__mail_alias/gencode-remote @@ -69,7 +69,7 @@ test -f "${aliases_file}" || touch "${aliases_file}" awk -F ':[ \t]*' -v mode=$mode ' function sepafter(f, default, _) { # finds the separator between field $f and $(f+1) - _ = substr($0, length($f) + 1, index(substr($0, length($f)+1), $(f+1)) - 1) + _ = substr($0, length($f)+1, index(substr($0, length($f)+1), $(f+1))-1) return _ ? _ : default } @@ -91,29 +91,30 @@ BEGIN { aliases_should_file = (ENVIRON["__object"] "/parameter/alias") } -/^#/ { +/^[ \t]*\#/ { # comment line (leave alone) select = 0; cont = 0 # comments terminate alias lists and continuations print next } -/^[ \t]/ || cont { - # continuation line (either the previous line ended in a backslash or the - # line starts with whitespace) - - # if in the alias list of the "target" user, we drop the line as it has been - # rewritten previously - if (select) next -} - { + # is this line a continuation line? + # (the prev. line ended in a backslash or the line starts with whitespace) + is_cont = /^[ \t]/ || cont + # detect if the line is a line to be continued (ends with a backslash) cont = ($0 ~ /\\$/) # if it is, we drop the backslash from the line. if (cont) sub(/[ \t]*\\$/, "", $0) } +is_cont { + # we ignore the line as it has been rewritten previously or is not + # interesting + next +} + $1 == ENVIRON["__object_id"] { # "target" user -> rewrite aliases list select = 1 @@ -139,7 +140,7 @@ END { if ! cmp -s "${aliases_file}" "${aliases_file}.tmp" then - # aliases file was modified, replace and run `newaliases` + # aliases file was modified, replace and run `newaliases`. mv "${aliases_file}.tmp" "${aliases_file}" newaliases else From 0f81b89f709e26a98a369d6e8b0797eb3ca85909 Mon Sep 17 00:00:00 2001 From: Dennis Camera Date: Mon, 22 Jun 2020 13:29:28 +0200 Subject: [PATCH 040/164] [type/__dma] Make --smarthost optional --- type/__dma/parameter/optional | 1 + type/__dma/parameter/required | 1 - 2 files changed, 1 insertion(+), 1 deletion(-) delete mode 100644 type/__dma/parameter/required diff --git a/type/__dma/parameter/optional b/type/__dma/parameter/optional index 3f6cb5d..615c189 100644 --- a/type/__dma/parameter/optional +++ b/type/__dma/parameter/optional @@ -1,3 +1,4 @@ mailname port security +smarthost diff --git a/type/__dma/parameter/required b/type/__dma/parameter/required deleted file mode 100644 index 0753fb6..0000000 --- a/type/__dma/parameter/required +++ /dev/null @@ -1 +0,0 @@ -smarthost From 27b832f2127fc0b475a6390cacb9219b9516328f Mon Sep 17 00:00:00 2001 From: Dennis Camera Date: Mon, 22 Jun 2020 14:02:13 +0200 Subject: [PATCH 041/164] [type/__dma] Add support for Alpine Linux requires the testing repository, currently. --- type/__dma/gencode-remote | 8 ++++---- type/__dma/manifest | 4 ++++ 2 files changed, 8 insertions(+), 4 deletions(-) diff --git a/type/__dma/gencode-remote b/type/__dma/gencode-remote index cb2cdbe..a6aca0d 100755 --- a/type/__dma/gencode-remote +++ b/type/__dma/gencode-remote @@ -122,7 +122,7 @@ then cat <<'EOF' awk -F '\n' ' function comment_line(line) { - # returns the position in line at which the comment's text starts + # returns the position in line at which the comment'\''s text starts # (0 if the line is not a comment) match(line, /^[ \t]*\#+[ \t]*/) return RSTART ? (RLENGTH + 1) : 0 @@ -143,7 +143,7 @@ function rest(line, sep_re) { # (or nothing if sep is not found) if (!sep_re) sep_re = "[" SUBSEP "]" if (match(line, sep_re)) - return substr(line, RSTART + RLENGTH + 1) + return substr(line, RSTART + RLENGTH) } function conf_pop(word, value) { @@ -189,7 +189,7 @@ function print_confs(word, value) { } BEGIN { - EQS = /[ \t]/ # copied from dma/conf.c + EQS = "[ \t]" # copied from dma/conf.c # read the "should" state into the `conf` array. while (getline < "/dev/stdin") { @@ -206,7 +206,7 @@ BEGIN { NR == FNR { if (comment_line($0)) { # comment line - word = first(substr($0, comment_line($0) + 1), /[ ]/) + word = first(substr($0, comment_line($0)), " ") if (is_word(word)) last_occ["#" word] = FNR } else { word = first($0, EQS) diff --git a/type/__dma/manifest b/type/__dma/manifest index 7abd7c8..75e42d7 100755 --- a/type/__dma/manifest +++ b/type/__dma/manifest @@ -5,6 +5,10 @@ os=$(cat "${__global}/explorer/os") # Install DMA case $os in + (alpine) + __package dma --state present + export require='__package/dma' + ;; (debian|devuan|ubuntu) __package dma --state present export require='__package/dma' From aa605cada45d5a91da5c4153fa822d95a8214d80 Mon Sep 17 00:00:00 2001 From: Dennis Camera Date: Mon, 22 Jun 2020 14:02:42 +0200 Subject: [PATCH 042/164] [type/__mail_aliases] Add support for Alpine Linux Alpine's DMA package has a typo and installs "newailases" instead of "newaliases". I adjusted the code-remote to only run newaliases if it is available. Otherwise, tough luck, user gotta either fix his system or run manually. --- type/__mail_alias/explorer/aliases_file | 4 ++-- type/__mail_alias/gencode-remote | 4 +++- 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/type/__mail_alias/explorer/aliases_file b/type/__mail_alias/explorer/aliases_file index 2710792..90bccde 100755 --- a/type/__mail_alias/explorer/aliases_file +++ b/type/__mail_alias/explorer/aliases_file @@ -28,7 +28,7 @@ check_file() { fi } -case $("$__explorer/os") +case $("${__explorer}/os") in (freebsd|openbsd|solaris) check_file /etc/mail/aliases @@ -36,7 +36,7 @@ in # default found /etc/mail/aliases ;; - (debian|devuan|ubuntu) + (alpine|debian|devuan|ubuntu) check_file /etc/aliases # default diff --git a/type/__mail_alias/gencode-remote b/type/__mail_alias/gencode-remote index cc5fc42..3eaad75 100755 --- a/type/__mail_alias/gencode-remote +++ b/type/__mail_alias/gencode-remote @@ -142,7 +142,9 @@ if ! cmp -s "${aliases_file}" "${aliases_file}.tmp" then # aliases file was modified, replace and run `newaliases`. mv "${aliases_file}.tmp" "${aliases_file}" - newaliases + + # run newaliases if present + command -v newaliases >/dev/null 2>&1 && newaliases || true else # no modifications were made, delete the temp file. rm "${aliases_file}.tmp" From f6a36a60c0f92ae212c2e1274cba64ffdc0c856c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Timoth=C3=A9e=20Floure?= Date: Thu, 25 Jun 2020 11:15:23 +0200 Subject: [PATCH 043/164] Import __matrix_riot from ungleich's dot-cdist --- type/__matrix_riot/files/config.json.sh | 90 +++++++++++++++ type/__matrix_riot/gencode-remote | 73 +++++++++++++ type/__matrix_riot/man.rst | 87 +++++++++++++++ type/__matrix_riot/manifest | 103 ++++++++++++++++++ type/__matrix_riot/parameter/boolean | 1 + type/__matrix_riot/parameter/default/brand | 1 + .../parameter/default/cookie_policy_url | 1 + .../parameter/default/default_country_code | 1 + .../parameter/default/default_server_name | 1 + .../parameter/default/default_server_url | 1 + type/__matrix_riot/parameter/default/owner | 1 + .../parameter/default/privacy_policy_url | 1 + .../parameter/default/room_directory_servers | 1 + type/__matrix_riot/parameter/optional | 13 +++ .../__matrix_riot/parameter/optional_multiple | 1 + type/__matrix_riot/parameter/required | 2 + 16 files changed, 378 insertions(+) create mode 100755 type/__matrix_riot/files/config.json.sh create mode 100755 type/__matrix_riot/gencode-remote create mode 100644 type/__matrix_riot/man.rst create mode 100755 type/__matrix_riot/manifest create mode 100644 type/__matrix_riot/parameter/boolean create mode 100644 type/__matrix_riot/parameter/default/brand create mode 100644 type/__matrix_riot/parameter/default/cookie_policy_url create mode 100644 type/__matrix_riot/parameter/default/default_country_code create mode 100644 type/__matrix_riot/parameter/default/default_server_name create mode 100644 type/__matrix_riot/parameter/default/default_server_url create mode 100644 type/__matrix_riot/parameter/default/owner create mode 100644 type/__matrix_riot/parameter/default/privacy_policy_url create mode 100644 type/__matrix_riot/parameter/default/room_directory_servers create mode 100644 type/__matrix_riot/parameter/optional create mode 100644 type/__matrix_riot/parameter/optional_multiple create mode 100644 type/__matrix_riot/parameter/required diff --git a/type/__matrix_riot/files/config.json.sh b/type/__matrix_riot/files/config.json.sh new file mode 100755 index 0000000..e7fca72 --- /dev/null +++ b/type/__matrix_riot/files/config.json.sh @@ -0,0 +1,90 @@ +#!/bin/sh +# +# Upstream configuration guide/documentation: +# https://github.com/vector-im/riot-web/blob/develop/docs/config.md + +generate_embedded_pages () { + if [ $EMBED_HOMEPAGE ]; then + cat << EOF + "embeddedPages": { + "homeUrl": "home.html" + }, +EOF + fi +} + +generate_jitsi_config () { + if [ "$JITSI_DOMAIN" != "" ]; then + cat << EOF + "jitsi": { + "preferredDomain": "$JITSI_DOMAIN" + }, +EOF + fi +} + +generate_branding () { + echo '"branding": {' + + if [ "$BRANDING_AUTH_HEADER_LOGO_URL" != "" ]; then + cat << EOF + "authHeaderLogoUrl": "$BRANDING_AUTH_HEADER_LOGO_URL", +EOF + fi + + if [ "$BRANDING_AUTH_FOOTER_LINKS" != "" ]; then + cat << EOF + "authFooterLinks": "$BRANDING_AUTH_FOOTER_LINKS", +EOF + fi + + cat << EOF + "welcomeBackgroundUrl": "themes/riot/img/backgrounds/valley.jpg" +EOF + echo '},' +} + +cat << EOF +{ + "default_server_config": { + "m.homeserver": { + "base_url": "$DEFAULT_SERVER_URL", + "server_name": "$DEFAULT_SERVER_NAME" + }, + "m.identity_server": { + "base_url": "https://vector.im" + } + }, + "brand": "$BRAND", + $(generate_branding) + "defaultCountryCode": "$DEFAULT_COUNTRY_CODE", + "integrations_ui_url": "https://scalar.vector.im/", + "integrations_rest_url": "https://scalar.vector.im/api", + "integrations_widgets_urls": [ + "https://scalar.vector.im/_matrix/integrations/v1", + "https://scalar.vector.im/api", + "https://scalar-staging.vector.im/_matrix/integrations/v1", + "https://scalar-staging.vector.im/api", + "https://scalar-staging.riot.im/scalar/api" + ], + "bug_report_endpoint_url": "https://riot.im/bugreports/submit", + "roomDirectory": { + "servers": [ + $ROOM_DIRECTORY_SERVERS + ] + }, + "disable_custom_urls": "$DISABLE_CUSTOM_URLS", + $(generate_embedded_pages) + $(generate_jitsi_config) + "terms_and_conditions_links": [ + { + "url": "$PRIVACY_POLICY_URL", + "text": "Privacy Policy" + }, + { + "url": "$COOKIE_POLICY_URL", + "text": "Cookie Policy" + } + ] +} +EOF diff --git a/type/__matrix_riot/gencode-remote b/type/__matrix_riot/gencode-remote new file mode 100755 index 0000000..97c4777 --- /dev/null +++ b/type/__matrix_riot/gencode-remote @@ -0,0 +1,73 @@ +#!/bin/sh -e +# +# 2019 Timothée Floure (timothee.floure@ungleich.ch) +# +# This file is part of cdist. +# +# cdist is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# cdist is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with cdist. If not, see . +# + +VERSION=$(cat "$__object/parameter/version") +INSTALL_DIR=$(cat "$__object/parameter/install_dir") +OWNER=$(cat "$__object/parameter/owner") + +src="riot-v$VERSION" +archive="$src.tar.gz" +config='config.json' +homepage='home.html' +welcomepage='welcome.html' +welcomelogo='welcome-logo.svg' +url="https://github.com/vector-im/riot-web/releases/download/v$VERSION/$archive" + +# tar and curl are installed by the __matrix-riot manifest. mktemp is usually +# provided by coreutils and assumed installed. +cat << EOF +set -e + +# Ensure that coreutils is installed. +if [ ! -x \$(which mktemp) ]; then + echo "mktemp is not available on the remote host." >&2 + exit 1 +fi + +# Create temporary working directory. +tmpdir=\$(mktemp -d) +custom_files_dir="\$tmpdir/custom_files" +cd \$tmpdir + +# Download and extract sources. +curl -L '$url' > $archive +tar xf $archive + +# Backup files deployed by __matrix_riot. +mkdir -p \$custom_files_dir +for file in $INSTALL_DIR/cdist/*; do + cp "\$file" "\$custom_files_dir" +done + +# Deploy sources and restore configuration. +rm -r '$INSTALL_DIR' +mv '$src' '$INSTALL_DIR' + +for file in \$custom_files_dir/*; do + cp "\$file" '$INSTALL_DIR' +done + +# Chown deployed files to requested owner. +chown -R '$OWNER' '$INSTALL_DIR' + +# Remove temporary working directory. +cd / +rm -r \$tmpdir +EOF diff --git a/type/__matrix_riot/man.rst b/type/__matrix_riot/man.rst new file mode 100644 index 0000000..2fe8eae --- /dev/null +++ b/type/__matrix_riot/man.rst @@ -0,0 +1,87 @@ +cdist-type__matrix_riot(7) +====================== + +NAME +---- +cdist-type__matrix_riot - Install and configure Riot, a web Matrix client. + + +DESCRIPTION +----------- +This type install and configure the Riot web client. + + +REQUIRED PARAMETERS +------------------- +install_dir + Root directory of Riot's static files. + +version + Release of Riot to install. + +OPTIONAL PARAMETERS +------------------- +default_server_name + Name of matrix homeserver to connect to, defaults to 'matrix.org'. + +default_server_url + URL of matrix homeserver to connect to, defaults to 'https://matrix-client.matrix.org'. + +owner + Owner of the deployed files, passed to `chown`. Defaults to 'root'. + +brand + Web UI branding, defaults to 'Riot'. + +default_country_code + ISO 3166 alpha2 country code to use when showing country selectors, such as + phone number inputs. Defaults to GB. + +privacy_policy_url + Defaults to 'https://riot.im/privacy'. + +cookie_policy_url + Defaults to 'https://matrix.org/docs/guides/riot_im_cookie_policy'. + +jitsi_domain + Domain name of preferred Jitsi instance (default is jitsi.riot.im). This is + used whenever a user clicks on the voice/video call buttons. + +homepage + Path to custom homepage, displayed once logged in. + +welcomepage + Path to custom welcome (= login) page. + +custom_asset + Serve a file a the top-level directory (e.g. /my-custom-logo.svg). Can be specified multiple times. + +BOOLEAN PARAMETERS +------------------- +disable_custom_urls + Disallow the user to change the default homeserver when signing up or logging in. + +EXAMPLES +-------- + +.. code-block:: sh + + __matrix_riot my-riot --install_dir /var/www/riot-web --version 1.5.6 + + +SEE ALSO +-------- +- `cdist-type__matrix_synapse(7) `_ + + +AUTHORS +------- +Timothée Floure + + +COPYING +------- +Copyright \(C) 2019 Timothée Floure. You can redistribute it +and/or modify it under the terms of the GNU General Public License as +published by the Free Software Foundation, either version 3 of the +License, or (at your option) any later version. diff --git a/type/__matrix_riot/manifest b/type/__matrix_riot/manifest new file mode 100755 index 0000000..a843f4b --- /dev/null +++ b/type/__matrix_riot/manifest @@ -0,0 +1,103 @@ +#!/bin/sh -e +# +# 2019 Timothée Floure (timothee.floure@ungleich.ch) +# +# This file is part of cdist. +# +# cdist is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# cdist is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with cdist. If not, see . +# + +INSTALL_DIR=$(cat "$__object/parameter/install_dir") + +export DEFAULT_SERVER_NAME=$(cat "$__object/parameter/default_server_name") +export DEFAULT_SERVER_URL=$(cat "$__object/parameter/default_server_url") +export BRAND=$(cat "$__object/parameter/brand") +export DEFAULT_COUNTRY_CODE=$(cat "$__object/parameter/default_country_code") +export ROOM_DIRECTORY_SERVERS=$(cat "$__object/parameter/room_directory_servers") +export PRIVACY_POLICY_URL=$(cat "$__object/parameter/privacy_policy_url") +export COOKIE_POLICY_URL=$(cat "$__object/parameter/cookie_policy_url") + +if [ -f "$__object/parameter/jitsi_domain" ]; then + export JITSI_DOMAIN=$(cat "$__object/parameter/jitsi_domain") +fi + +if [ -f "$__object/parameter/branding_auth_header_logo_url" ]; then + export BRANDING_AUTH_HEADER_LOGO_URL=$(cat "$__object/parameter/branding_auth_header_logo_url") +fi + +if [ -f "$__object/parameter/branding_auth_footer_links" ]; then + export BRANDING_AUTH_FOOTER_LINKS=$(cat "$__object/parameter/branding_auth_footer_links") +fi + +if [ -f "$__object/parameter/homepage" ]; then + export EMBED_HOMEPAGE=1 + homepage=$(cat "$__object/parameter/homepage") +fi + +if [ -f "$__object/parameter/welcomepage" ]; then + export EMBED_WELCOMEPAGE=1 + welcomepage=$(cat "$__object/parameter/welcomepage") +fi + +if [ -f "$__object/parameter/custom_asset" ]; then + for file in $(cat "$__object/parameter/custom_asset"); do + require="__directory/$INSTALL_DIR/cdist" __file "$INSTALL_DIR/cdist/$(basename $file)" \ + --source "$file" \ + --mode 0664 \ + --state present + done +fi + +if [ -f "$__object/parameter/disable_custom_urls" ]; then + export DISABLE_CUSTOM_URLS='true' +else + export DISABLE_CUSTOM_URLS='false' +fi + +# Owner of the uploaded files. +owner=$(cat "$__object/parameter/owner") + +# Ensure that curl and tar are installed, as they will be required by the +# gencode-remote script. +__package curl --state present +__package tar --state present + +# Generate and deploy configuration file. +mkdir -p "$__object/files" +"$__type/files/config.json.sh" > "$__object/files/config.json" + +# Install the config.json configuration file. The application's sources are +# downloaded and deployed by gencode-remote. +__directory "$INSTALL_DIR/cdist" \ + --owner "$owner" --mode 0755 --parents \ + --state present + +require="__directory/$INSTALL_DIR/cdist" __file "$INSTALL_DIR/cdist/config.json" \ + --source "$__object/files/config.json" \ + --mode 0664 \ + --state present + +if [ $EMBED_HOMEPAGE ]; then + require="__directory/$INSTALL_DIR/cdist" __file "$INSTALL_DIR/cdist/home.html" \ + --source "$homepage" \ + --mode 0664 \ + --state present +fi + +if [ $EMBED_WELCOMEPAGE ]; then + require="__directory/$INSTALL_DIR/cdist" __file "$INSTALL_DIR/cdist/welcome.html" \ + --source "$welcomepage" \ + --mode 0664 \ + --state present +fi diff --git a/type/__matrix_riot/parameter/boolean b/type/__matrix_riot/parameter/boolean new file mode 100644 index 0000000..4d77768 --- /dev/null +++ b/type/__matrix_riot/parameter/boolean @@ -0,0 +1 @@ +disable_custom_urls diff --git a/type/__matrix_riot/parameter/default/brand b/type/__matrix_riot/parameter/default/brand new file mode 100644 index 0000000..e8095bb --- /dev/null +++ b/type/__matrix_riot/parameter/default/brand @@ -0,0 +1 @@ +Riot diff --git a/type/__matrix_riot/parameter/default/cookie_policy_url b/type/__matrix_riot/parameter/default/cookie_policy_url new file mode 100644 index 0000000..04e9c2b --- /dev/null +++ b/type/__matrix_riot/parameter/default/cookie_policy_url @@ -0,0 +1 @@ +https://matrix.org/docs/guides/riot_im_cookie_policy diff --git a/type/__matrix_riot/parameter/default/default_country_code b/type/__matrix_riot/parameter/default/default_country_code new file mode 100644 index 0000000..30ac4a3 --- /dev/null +++ b/type/__matrix_riot/parameter/default/default_country_code @@ -0,0 +1 @@ +GB diff --git a/type/__matrix_riot/parameter/default/default_server_name b/type/__matrix_riot/parameter/default/default_server_name new file mode 100644 index 0000000..5528ffd --- /dev/null +++ b/type/__matrix_riot/parameter/default/default_server_name @@ -0,0 +1 @@ +matrix.org diff --git a/type/__matrix_riot/parameter/default/default_server_url b/type/__matrix_riot/parameter/default/default_server_url new file mode 100644 index 0000000..2cb9227 --- /dev/null +++ b/type/__matrix_riot/parameter/default/default_server_url @@ -0,0 +1 @@ +https://matrix-client.matrix.org diff --git a/type/__matrix_riot/parameter/default/owner b/type/__matrix_riot/parameter/default/owner new file mode 100644 index 0000000..d8649da --- /dev/null +++ b/type/__matrix_riot/parameter/default/owner @@ -0,0 +1 @@ +root diff --git a/type/__matrix_riot/parameter/default/privacy_policy_url b/type/__matrix_riot/parameter/default/privacy_policy_url new file mode 100644 index 0000000..4cdd12c --- /dev/null +++ b/type/__matrix_riot/parameter/default/privacy_policy_url @@ -0,0 +1 @@ +https://riot.im/privacy diff --git a/type/__matrix_riot/parameter/default/room_directory_servers b/type/__matrix_riot/parameter/default/room_directory_servers new file mode 100644 index 0000000..4ea73ad --- /dev/null +++ b/type/__matrix_riot/parameter/default/room_directory_servers @@ -0,0 +1 @@ +"matrix.org" diff --git a/type/__matrix_riot/parameter/optional b/type/__matrix_riot/parameter/optional new file mode 100644 index 0000000..21a2faf --- /dev/null +++ b/type/__matrix_riot/parameter/optional @@ -0,0 +1,13 @@ +default_server_url +default_server_name +brand +default_country_code +privacy_policy_url +cookie_policy_url +room_directory_servers +owner +homepage +welcomepage +jitsi_domain +branding_auth_header_logo_url +branding_auth_footer_links diff --git a/type/__matrix_riot/parameter/optional_multiple b/type/__matrix_riot/parameter/optional_multiple new file mode 100644 index 0000000..4c2ca54 --- /dev/null +++ b/type/__matrix_riot/parameter/optional_multiple @@ -0,0 +1 @@ +custom_asset diff --git a/type/__matrix_riot/parameter/required b/type/__matrix_riot/parameter/required new file mode 100644 index 0000000..a76477e --- /dev/null +++ b/type/__matrix_riot/parameter/required @@ -0,0 +1,2 @@ +version +install_dir From 451f09d7467cdfcc191f0a39e2d3b2f0f80f91e4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Timoth=C3=A9e=20Floure?= Date: Thu, 25 Jun 2020 11:16:20 +0200 Subject: [PATCH 044/164] Import __matrix_synapse type from ungleich's dot-cdist --- type/__matrix_synapse/files/environment.sh | 6 + .../__matrix_synapse/files/homeserver.yaml.sh | 1785 +++++++++++++++++ type/__matrix_synapse/files/log.config.sh | 60 + type/__matrix_synapse/man.rst | 180 ++ type/__matrix_synapse/manifest | 287 +++ type/__matrix_synapse/parameter/boolean | 14 + .../parameter/default/database_host | 0 .../parameter/default/database_password | 0 .../parameter/default/database_user | 0 .../parameter/default/event_cache_size | 1 + .../parameter/default/global_cache_factor | 1 + .../parameter/default/ldap_base_dn | 0 .../parameter/default/ldap_bind_dn | 0 .../parameter/default/ldap_bind_password | 0 .../parameter/default/ldap_filter | 1 + .../parameter/default/ldap_mail_attribute | 1 + .../parameter/default/ldap_name_attribute | 1 + .../parameter/default/ldap_uid_attribute | 1 + .../parameter/default/ldap_uri | 0 .../parameter/default/max_upload_size | 1 + .../parameter/default/rc_login_burst | 1 + .../parameter/default/rc_login_per_second | 1 + .../parameter/default/rc_message_burst | 1 + .../parameter/default/rc_message_per_second | 1 + .../parameter/default/smtp_host | 1 + .../parameter/default/smtp_pass | 0 .../parameter/default/smtp_port | 1 + .../parameter/default/smtp_user | 0 .../parameter/default/turn_user_lifetime | 1 + type/__matrix_synapse/parameter/optional | 25 + .../parameter/optional_multiple | 5 + type/__matrix_synapse/parameter/required | 4 + type/__matrix_synapse/singleton | 0 33 files changed, 2380 insertions(+) create mode 100644 type/__matrix_synapse/files/environment.sh create mode 100755 type/__matrix_synapse/files/homeserver.yaml.sh create mode 100755 type/__matrix_synapse/files/log.config.sh create mode 100644 type/__matrix_synapse/man.rst create mode 100755 type/__matrix_synapse/manifest create mode 100644 type/__matrix_synapse/parameter/boolean create mode 100644 type/__matrix_synapse/parameter/default/database_host create mode 100644 type/__matrix_synapse/parameter/default/database_password create mode 100644 type/__matrix_synapse/parameter/default/database_user create mode 100644 type/__matrix_synapse/parameter/default/event_cache_size create mode 100644 type/__matrix_synapse/parameter/default/global_cache_factor create mode 100644 type/__matrix_synapse/parameter/default/ldap_base_dn create mode 100644 type/__matrix_synapse/parameter/default/ldap_bind_dn create mode 100644 type/__matrix_synapse/parameter/default/ldap_bind_password create mode 100644 type/__matrix_synapse/parameter/default/ldap_filter create mode 100644 type/__matrix_synapse/parameter/default/ldap_mail_attribute create mode 100644 type/__matrix_synapse/parameter/default/ldap_name_attribute create mode 100644 type/__matrix_synapse/parameter/default/ldap_uid_attribute create mode 100644 type/__matrix_synapse/parameter/default/ldap_uri create mode 100644 type/__matrix_synapse/parameter/default/max_upload_size create mode 100644 type/__matrix_synapse/parameter/default/rc_login_burst create mode 100644 type/__matrix_synapse/parameter/default/rc_login_per_second create mode 100644 type/__matrix_synapse/parameter/default/rc_message_burst create mode 100644 type/__matrix_synapse/parameter/default/rc_message_per_second create mode 100644 type/__matrix_synapse/parameter/default/smtp_host create mode 100644 type/__matrix_synapse/parameter/default/smtp_pass create mode 100644 type/__matrix_synapse/parameter/default/smtp_port create mode 100644 type/__matrix_synapse/parameter/default/smtp_user create mode 100644 type/__matrix_synapse/parameter/default/turn_user_lifetime create mode 100644 type/__matrix_synapse/parameter/optional create mode 100644 type/__matrix_synapse/parameter/optional_multiple create mode 100644 type/__matrix_synapse/parameter/required create mode 100644 type/__matrix_synapse/singleton diff --git a/type/__matrix_synapse/files/environment.sh b/type/__matrix_synapse/files/environment.sh new file mode 100644 index 0000000..99179be --- /dev/null +++ b/type/__matrix_synapse/files/environment.sh @@ -0,0 +1,6 @@ +#!/bin/sh + +cat << EOF +# Specify environment variables used when running Synapse +SYNAPSE_CACHE_FACTOR=$CACHE_FACTOR +EOF diff --git a/type/__matrix_synapse/files/homeserver.yaml.sh b/type/__matrix_synapse/files/homeserver.yaml.sh new file mode 100755 index 0000000..77be438 --- /dev/null +++ b/type/__matrix_synapse/files/homeserver.yaml.sh @@ -0,0 +1,1785 @@ +#!/bin/sh + +# NOTE: this template has been generated using the +# matrix-synapse-1.5.1-1.fc31.noarch Fedora package for use with CDIST. + +generate_extra_settings () { + for line in $EXTRA_SETTINGS; do + echo "$line" + done +} + +generate_database () { + if [ "$DATABASE_ENGINE" = "sqlite3" ]; then + cat << EOF +database: + # The database engine name + name: "$DATABASE_ENGINE" + # Arguments to pass to the engine + args: + # Path to the database + database: "$DATABASE_NAME" +EOF + else +cat << EOF +database: + # The database engine name + name: "$DATABASE_ENGINE" + # Arguments to pass to the engine + args: + database: "$DATABASE_NAME" + host: "$DATABASE_HOST" + user: "$DATABASE_USER" + password: "$DATABASE_PASSWORD" +EOF + fi +} + +generate_password_providers () { + if [ "$ENABLE_LDAP_AUTH" = "true" ]; then + cat <