From 6b1e055d3dcc91b6aabdcaab39552821a230008a Mon Sep 17 00:00:00 2001 From: Evilham Date: Wed, 27 May 2020 18:34:06 +0200 Subject: [PATCH 01/84] [__root_mail_dma] Add new role to manage local root mail. This type has been tested in FreeBSD and Debian-like systems (Debian, Devuan, Ubuntu). --- type/__root_mail_dma/files/aliases | 68 ++++++++ type/__root_mail_dma/gencode-remote | 20 +++ type/__root_mail_dma/man.rst | 83 ++++++++++ type/__root_mail_dma/manifest | 153 ++++++++++++++++++ type/__root_mail_dma/parameter/boolean | 1 + type/__root_mail_dma/parameter/optional | 1 + type/__root_mail_dma/parameter/required | 1 + .../parameter/required_multiple | 1 + type/__root_mail_dma/singleton | 0 9 files changed, 328 insertions(+) create mode 100644 type/__root_mail_dma/files/aliases create mode 100755 type/__root_mail_dma/gencode-remote create mode 100644 type/__root_mail_dma/man.rst create mode 100755 type/__root_mail_dma/manifest create mode 100644 type/__root_mail_dma/parameter/boolean create mode 100644 type/__root_mail_dma/parameter/optional create mode 100644 type/__root_mail_dma/parameter/required create mode 100644 type/__root_mail_dma/parameter/required_multiple create mode 100644 type/__root_mail_dma/singleton diff --git a/type/__root_mail_dma/files/aliases b/type/__root_mail_dma/files/aliases new file mode 100644 index 0000000..d341318 --- /dev/null +++ b/type/__root_mail_dma/files/aliases @@ -0,0 +1,68 @@ +# Based off FreeBSD's /etc/aliases +# +# >>>>>>>>>> The program "newaliases" must be run after +# >> NOTE >> this file is updated for any changes to +# >>>>>>>>>> show through to sendmail. +# +# +# See also RFC 2142, `MAILBOX NAMES FOR COMMON SERVICES, ROLES +# AND FUNCTIONS', May 1997 +# http://tools.ietf.org/html/rfc2142 + +# Pretty much everything else in this file points to "root", so +# you would do well in either reading root's mailbox or forwarding +# root's email from here. + +# root: me@my.domain + + +# Basic system aliases -- these MUST be present +MAILER-DAEMON: postmaster +postmaster: root + +# General redirections for pseudo accounts +_dhcp: root +_pflogd: root +auditdistd: root +bin: root +bind: root +daemon: root +games: root +hast: root +kmem: root +mailnull: postmaster +man: root +news: root +nobody: root +operator: root +pop: root +proxy: root +smmsp: postmaster +sshd: root +system: root +toor: root +tty: root +usenet: news +uucp: root + +# Well-known aliases -- these should be filled in! +manager: root +dumper: root + +# BUSINESS-RELATED MAILBOX NAMES +info: root +marketing: root +sales: root +support: root + +# NETWORK OPERATIONS MAILBOX NAMES +abuse: root +noc: root +security: root + +# SUPPORT MAILBOX NAMES FOR SPECIFIC INTERNET SERVICES +ftp: root +ftp-bugs: ftp +hostmaster: root +webmaster: root +www: webmaster diff --git a/type/__root_mail_dma/gencode-remote b/type/__root_mail_dma/gencode-remote new file mode 100755 index 0000000..2961c09 --- /dev/null +++ b/type/__root_mail_dma/gencode-remote @@ -0,0 +1,20 @@ +#!/bin/sh -e + +if [ -f "${__object}/parameter/send-test-email" ]; then + SEND_EMAIL="YES" +fi + +if [ "${SEND_EMAIL}" != "YES" ]; then + exit 0 +fi + +cat <`_ +- `DragonFly Handbook MTA `_ + + +AUTHORS +------- +Evilham + + +COPYING +------- +Copyright \(C) 2020 Evilham. You can redistribute it +and/or modify it under the terms of the GNU General Public License as +published by the Free Software Foundation, either version 3 of the +License, or (at your option) any later version. diff --git a/type/__root_mail_dma/manifest b/type/__root_mail_dma/manifest new file mode 100755 index 0000000..abcaa5b --- /dev/null +++ b/type/__root_mail_dma/manifest @@ -0,0 +1,153 @@ +#!/bin/sh -e + +os="$(cat "${__global}/explorer/os")" + +root_email="$(tr '\n' ',' < "${__object}/parameter/root-email" | sed -E 's/,+$//')" +smart_host="$(cat "${__object}/parameter/smart-host")" + +if [ -f "${__object}/parameter/mailname" ]; then + mailname="$(cat "${__object}/parameter/mailname")" +else + # default mailname behaviour is different in certain systems + case ${os} in + debian|devuan|ubuntu) + # Debian-like default to /etc/mailname + mailname="/etc/mailname" + ;; + *) + # Otherwise let's use the hostname + mailname="${__target_host}" + ;; + esac +fi + +aliases_file=/etc/mail/aliases +case ${os} in + debian|devuan|ubuntu) + # Debian-like requires installing DMA + __package dma + # Moving forward without DMA doesn't make much sense + export require="__package/dma" + aliases_file=/etc/aliases + ;; + freebsd) + # Disable sendmail + stop if necessary + __key_value \ + --file "/etc/rc.conf" \ + --comment "# Disable sendmail " \ + --key "sendmail_enable" \ + --delimiter "=" \ + --value "NONE" \ + --onchange "service sendmail onestop || true" \ + "sendmail_enable" + # Setup mailwrapper accordingly + __file /etc/mail/mailer.conf \ + --mode 0644 \ + --source '-' < /dev/stderr < Date: Fri, 29 May 2020 17:33:23 +0200 Subject: [PATCH 02/84] Rename __root_mail_dma to __dma to prepare for new types --- type/{__root_mail_dma => __dma}/files/aliases | 0 type/{__root_mail_dma => __dma}/gencode-remote | 0 type/{__root_mail_dma => __dma}/man.rst | 6 +++--- type/{__root_mail_dma => __dma}/manifest | 0 type/{__root_mail_dma => __dma}/parameter/boolean | 0 type/{__root_mail_dma => __dma}/parameter/optional | 0 type/{__root_mail_dma => __dma}/parameter/required | 0 type/{__root_mail_dma => __dma}/parameter/required_multiple | 0 type/{__root_mail_dma => __dma}/singleton | 0 9 files changed, 3 insertions(+), 3 deletions(-) rename type/{__root_mail_dma => __dma}/files/aliases (100%) rename type/{__root_mail_dma => __dma}/gencode-remote (100%) rename type/{__root_mail_dma => __dma}/man.rst (94%) rename type/{__root_mail_dma => __dma}/manifest (100%) rename type/{__root_mail_dma => __dma}/parameter/boolean (100%) rename type/{__root_mail_dma => __dma}/parameter/optional (100%) rename type/{__root_mail_dma => __dma}/parameter/required (100%) rename type/{__root_mail_dma => __dma}/parameter/required_multiple (100%) rename type/{__root_mail_dma => __dma}/singleton (100%) diff --git a/type/__root_mail_dma/files/aliases b/type/__dma/files/aliases similarity index 100% rename from type/__root_mail_dma/files/aliases rename to type/__dma/files/aliases diff --git a/type/__root_mail_dma/gencode-remote b/type/__dma/gencode-remote similarity index 100% rename from type/__root_mail_dma/gencode-remote rename to type/__dma/gencode-remote diff --git a/type/__root_mail_dma/man.rst b/type/__dma/man.rst similarity index 94% rename from type/__root_mail_dma/man.rst rename to type/__dma/man.rst index ecf2885..a10c6c2 100644 --- a/type/__root_mail_dma/man.rst +++ b/type/__dma/man.rst @@ -1,9 +1,9 @@ -cdist-type__root_mail_dma(7) +cdist-type__dma(7) ============================ NAME ---- -cdist-type__root_mail_dma - Setup root email with the DragonFly Mail Agent +cdist-type__dma - Setup the DragonFly Mail Agent as the MTA. DESCRIPTION @@ -57,7 +57,7 @@ EXAMPLES # Send root email to both our BOFH and the nice-admin. # That way they can figure things out together. - __root_mail_dma \ + __dma \ --root-email bofh@domain.tld \ --root-email nice-admin@domain.tld \ --smart-host mx1.domain.tld \ diff --git a/type/__root_mail_dma/manifest b/type/__dma/manifest similarity index 100% rename from type/__root_mail_dma/manifest rename to type/__dma/manifest diff --git a/type/__root_mail_dma/parameter/boolean b/type/__dma/parameter/boolean similarity index 100% rename from type/__root_mail_dma/parameter/boolean rename to type/__dma/parameter/boolean diff --git a/type/__root_mail_dma/parameter/optional b/type/__dma/parameter/optional similarity index 100% rename from type/__root_mail_dma/parameter/optional rename to type/__dma/parameter/optional diff --git a/type/__root_mail_dma/parameter/required b/type/__dma/parameter/required similarity index 100% rename from type/__root_mail_dma/parameter/required rename to type/__dma/parameter/required diff --git a/type/__root_mail_dma/parameter/required_multiple b/type/__dma/parameter/required_multiple similarity index 100% rename from type/__root_mail_dma/parameter/required_multiple rename to type/__dma/parameter/required_multiple diff --git a/type/__root_mail_dma/singleton b/type/__dma/singleton similarity index 100% rename from type/__root_mail_dma/singleton rename to type/__dma/singleton From a491e8739efb6753d52ede2ee58ba5a93247d1b4 Mon Sep 17 00:00:00 2001 From: Dennis Camera Date: Fri, 29 May 2020 17:33:40 +0200 Subject: [PATCH 03/84] Add __dma_auth type --- type/__dma_auth/gencode-remote | 20 +++++++++++++ type/__dma_auth/man.rst | 53 ++++++++++++++++++++++++++++++++++ type/__dma_auth/manifest | 30 +++++++++++++++++++ 3 files changed, 103 insertions(+) create mode 100755 type/__dma_auth/gencode-remote create mode 100644 type/__dma_auth/man.rst create mode 100755 type/__dma_auth/manifest diff --git a/type/__dma_auth/gencode-remote b/type/__dma_auth/gencode-remote new file mode 100755 index 0000000..77ad9d2 --- /dev/null +++ b/type/__dma_auth/gencode-remote @@ -0,0 +1,20 @@ +#!/bin/sh -e +# +# 2020 Dennis Camera (dennis.camera@ssrq-sds-fds.ch) +# +# This file is part of cdist. +# +# cdist is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# cdist is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with cdist. If not, see . +# + diff --git a/type/__dma_auth/man.rst b/type/__dma_auth/man.rst new file mode 100644 index 0000000..cd4f647 --- /dev/null +++ b/type/__dma_auth/man.rst @@ -0,0 +1,53 @@ +cdist-type__dma_auth(7) +======================= + +NAME +---- +cdist-type__dma_auth - TODO + + +DESCRIPTION +----------- +This space intentionally left blank. + + +REQUIRED PARAMETERS +------------------- +None. + + +OPTIONAL PARAMETERS +------------------- +None. + + +BOOLEAN PARAMETERS +------------------ +None. + + +EXAMPLES +-------- + +.. code-block:: sh + + # TODO + __dma_auth + + +SEE ALSO +-------- +:strong:`TODO`\ (7) + + +AUTHORS +------- +Dennis Camera + + +COPYING +------- +Copyright \(C) 2020 Dennis Camera. You can redistribute it +and/or modify it under the terms of the GNU General Public License as +published by the Free Software Foundation, either version 3 of the +License, or (at your option) any later version. diff --git a/type/__dma_auth/manifest b/type/__dma_auth/manifest new file mode 100755 index 0000000..e0c809a --- /dev/null +++ b/type/__dma_auth/manifest @@ -0,0 +1,30 @@ +#!/bin/sh -e +# +# 2020 Dennis Camera (dennis.camera@ssrq-sds-fds.ch) +# +# This file is part of cdist. +# +# cdist is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# cdist is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with cdist. If not, see . +# + + +os=$(cat "$__global/explorer/os") + +case "$os" in + *) + printf "Your operating system (%s) is currently not supported by this type (%s)\n" "$os" "${__type##*/}" >&2 + printf "Please contribute an implementation for it if you can.\n" >&2 + exit 1 + ;; +esac From 98496aa8e5c8463b59263f20daa162bed9b63dfa Mon Sep 17 00:00:00 2001 From: Dennis Camera Date: Fri, 29 May 2020 17:33:52 +0200 Subject: [PATCH 04/84] Add __mail_alias type --- type/__mail_alias/gencode-remote | 20 ++++++++++++ type/__mail_alias/man.rst | 53 ++++++++++++++++++++++++++++++++ type/__mail_alias/manifest | 30 ++++++++++++++++++ 3 files changed, 103 insertions(+) create mode 100755 type/__mail_alias/gencode-remote create mode 100644 type/__mail_alias/man.rst create mode 100755 type/__mail_alias/manifest diff --git a/type/__mail_alias/gencode-remote b/type/__mail_alias/gencode-remote new file mode 100755 index 0000000..77ad9d2 --- /dev/null +++ b/type/__mail_alias/gencode-remote @@ -0,0 +1,20 @@ +#!/bin/sh -e +# +# 2020 Dennis Camera (dennis.camera@ssrq-sds-fds.ch) +# +# This file is part of cdist. +# +# cdist is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# cdist is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with cdist. If not, see . +# + diff --git a/type/__mail_alias/man.rst b/type/__mail_alias/man.rst new file mode 100644 index 0000000..d9563a6 --- /dev/null +++ b/type/__mail_alias/man.rst @@ -0,0 +1,53 @@ +cdist-type__mail_alias(7) +========================= + +NAME +---- +cdist-type__mail_alias - TODO + + +DESCRIPTION +----------- +This space intentionally left blank. + + +REQUIRED PARAMETERS +------------------- +None. + + +OPTIONAL PARAMETERS +------------------- +None. + + +BOOLEAN PARAMETERS +------------------ +None. + + +EXAMPLES +-------- + +.. code-block:: sh + + # TODO + __mail_alias + + +SEE ALSO +-------- +:strong:`TODO`\ (7) + + +AUTHORS +------- +Dennis Camera + + +COPYING +------- +Copyright \(C) 2020 Dennis Camera. You can redistribute it +and/or modify it under the terms of the GNU General Public License as +published by the Free Software Foundation, either version 3 of the +License, or (at your option) any later version. diff --git a/type/__mail_alias/manifest b/type/__mail_alias/manifest new file mode 100755 index 0000000..e0c809a --- /dev/null +++ b/type/__mail_alias/manifest @@ -0,0 +1,30 @@ +#!/bin/sh -e +# +# 2020 Dennis Camera (dennis.camera@ssrq-sds-fds.ch) +# +# This file is part of cdist. +# +# cdist is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# cdist is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with cdist. If not, see . +# + + +os=$(cat "$__global/explorer/os") + +case "$os" in + *) + printf "Your operating system (%s) is currently not supported by this type (%s)\n" "$os" "${__type##*/}" >&2 + printf "Please contribute an implementation for it if you can.\n" >&2 + exit 1 + ;; +esac From 3adc4f160998776033934d65ba22f1666c9e0b4b Mon Sep 17 00:00:00 2001 From: Dennis Camera Date: Sat, 30 May 2020 17:24:26 +0200 Subject: [PATCH 05/84] [type/__mail_alias] Implement type --- type/__mail_alias/explorer/aliases | 59 ++++++++++ .../{manifest => explorer/aliases_file} | 38 ++++-- type/__mail_alias/gencode-remote | 108 ++++++++++++++++++ type/__mail_alias/man.rst | 21 +++- type/__mail_alias/parameter/default/state | 1 + type/__mail_alias/parameter/optional | 1 + type/__mail_alias/parameter/optional_multiple | 1 + 7 files changed, 215 insertions(+), 14 deletions(-) create mode 100755 type/__mail_alias/explorer/aliases rename type/__mail_alias/{manifest => explorer/aliases_file} (56%) mode change 100755 => 100644 create mode 100644 type/__mail_alias/parameter/default/state create mode 100644 type/__mail_alias/parameter/optional create mode 100644 type/__mail_alias/parameter/optional_multiple diff --git a/type/__mail_alias/explorer/aliases b/type/__mail_alias/explorer/aliases new file mode 100755 index 0000000..ce1a439 --- /dev/null +++ b/type/__mail_alias/explorer/aliases @@ -0,0 +1,59 @@ +#!/bin/sh -e +# +# 2020 Dennis Camera (dennis.camera at ssrq-sds-fds.ch) +# +# This file is part of cdist. +# +# cdist is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# cdist is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with cdist. If not, see . +# +# Find aliases for a given name and print the aliases line separated + +aliases_file=$("${__type_explorer}/aliases_file") +test -r "${aliases_file}" || exit 0 + +name=$__object_id + +awk -F ':[[:blank:]]*' ' +function print_aliases (aliases, matches) { + split(aliases, matches, /,[[:blank:]]*/) + for (i in matches) { + gsub(/^[[:blank:]]*|[[:blank:]]*$/, "", matches[i]) + print matches[i] + } +} + +/^#/ { + # comment + select = 0; cont = 0; next +} + +{ + cont = ($0 ~ /\\$/) + if (cont) sub(/[[:blank:]]*\\$/, "", $0) +} + +/^[[:blank:]]/ || cont { + # continuation line + if (select) print_aliases($0) + next +} + +$1 == ENVIRON["__object_id"] { + select = 1 + print_aliases($2) + next +} + +{ select = 0 } +' "${aliases_file}" diff --git a/type/__mail_alias/manifest b/type/__mail_alias/explorer/aliases_file old mode 100755 new mode 100644 similarity index 56% rename from type/__mail_alias/manifest rename to type/__mail_alias/explorer/aliases_file index e0c809a..f7c4596 --- a/type/__mail_alias/manifest +++ b/type/__mail_alias/explorer/aliases_file @@ -1,6 +1,6 @@ #!/bin/sh -e # -# 2020 Dennis Camera (dennis.camera@ssrq-sds-fds.ch) +# 2020 Dennis Camera (dennis.camera at ssrq-sds-fds.ch) # # This file is part of cdist. # @@ -17,14 +17,36 @@ # You should have received a copy of the GNU General Public License # along with cdist. If not, see . # +# This explorer tries to find the correct aliases file. +found() { echo "$*"; exit 0; } -os=$(cat "$__global/explorer/os") +check_file() { + if test -f "$1" + then + found "$1" + fi +} -case "$os" in - *) - printf "Your operating system (%s) is currently not supported by this type (%s)\n" "$os" "${__type##*/}" >&2 - printf "Please contribute an implementation for it if you can.\n" >&2 - exit 1 - ;; +case $("$__explorer/os") +in + (freebsd|openbsd|solaris) + check_file /etc/mail/aliases + + # default + found /etc/mail/aliases + ;; + (debian|devuan|ubuntu) + check_file /etc/aliases + + # default + found /etc/aliases + ;; + (*) + check_file /etc/mail/aliases + check_file /etc/aliases + + # default + found /etc/mail/aliases + ;; esac diff --git a/type/__mail_alias/gencode-remote b/type/__mail_alias/gencode-remote index 77ad9d2..a93dff2 100755 --- a/type/__mail_alias/gencode-remote +++ b/type/__mail_alias/gencode-remote @@ -18,3 +18,111 @@ # along with cdist. If not, see . # +state_should=$(cat "${__object}/parameter/state") + +case $state_should +in + (present) + if cmp "${__object}/explorer/aliases" "${__object}/parameter/alias" + then + # all good! + exit 0 + fi + + echo "set aliases" >>"$__messages_out" + mode=1 + ;; + (absent) + # nothing to do if no aliases found. + test -s "${__object}/explorer/aliases" || exit 0 + + echo "delete aliases" >>"$__messages_out" + mode=0 + ;; + (*) + printf 'Invalid --state given: %s\n' "$state_should" >&2 + exit 1 +esac + +aliases_file=$(cat "${__object}/explorer/aliases_file") + +if test -z "${aliases_file}" +then + echo 'Could not determine aliases file path.' >&2 + exit 1 +fi + +# "export" variables to remote +printf 'mode=%u\n' "${mode}" +printf "aliases_file='%s'\n" "${aliases_file}" + +cat <<'EOF' +awk -F ':[[:blank:]]*' -v mode="${mode}" ' +function sepafter(f, default, _) { + _ = substr($0, length($f) + 1, index(substr($0, length($f)+1), $(f+1)) - 1) + if (_) return _ + else return default +} + +function write_aliases() { + if (aliases_written) return + + printf "%s%s", ENVIRON["__object_id"], sepafter(1, ": ") + while ((getline < aliases_should_file) > 0) { + if (aliases_written) printf ", " + printf "%s", $0 + aliases_written = 1 + } + printf "\n" + close(aliases_should_file) +} + +BEGIN { + aliases_should_file = (ENVIRON["__object"] "/parameter/alias") +} + +/^#/ { + # comment + select = 0; cont = 0 + print + next +} + +{ + cont = ($0 ~ /\\$/) + if (cont) sub(/[[:blank:]]*\\$/, "", $0) +} + +/^[[:blank:]]/ || cont { + # continuation line + if (select) next +} + +$1 == ENVIRON["__object_id"] { + in_list = 1 + if (mode) write_aliases() + next +} + +{ + in_list = 0 + print +} + +END { + # if the last line as an alias definition, the separator will be reused + if (mode && !aliases_written) write_aliases() +} +' <"${aliases_file}" >"${aliases_file}.tmp" || { + echo 'Generating new aliases file failed!' >&2 + exit 1 +} + +if ! cmp "${aliases_file}" "${aliases_file}.tmp" +then + mv "${aliases_file}.tmp" "${aliases_file}" + newaliases +else + rm "${aliases_file}.tmp" +fi +EOF diff --git a/type/__mail_alias/man.rst b/type/__mail_alias/man.rst index d9563a6..d6c7873 100644 --- a/type/__mail_alias/man.rst +++ b/type/__mail_alias/man.rst @@ -3,12 +3,12 @@ cdist-type__mail_alias(7) NAME ---- -cdist-type__mail_alias - TODO +cdist-type__mail_alias - Manage mail aliases. DESCRIPTION ----------- -This space intentionally left blank. +This cdist type allows you to configure mail aliases (/etc/mail/aliases). REQUIRED PARAMETERS @@ -18,7 +18,14 @@ None. OPTIONAL PARAMETERS ------------------- -None. +state + 'present' or 'absent', defaults to 'present' +alias + the aliases where mail for the given user should be redirected to. + This parameter can be specified multiple times to redirect to more than one + recipient. + See the `aliases(5)` man page for the different forms this parameter can + take.. BOOLEAN PARAMETERS @@ -31,13 +38,15 @@ EXAMPLES .. code-block:: sh - # TODO - __mail_alias + # Redirect root mail to a "real" email address + __mail_alias root --alias admin@example.com + # Disable redirection of mail for joe + __mail_alias joe --state absent SEE ALSO -------- -:strong:`TODO`\ (7) +:strong:`aliases`\ (5) AUTHORS diff --git a/type/__mail_alias/parameter/default/state b/type/__mail_alias/parameter/default/state new file mode 100644 index 0000000..e7f6134 --- /dev/null +++ b/type/__mail_alias/parameter/default/state @@ -0,0 +1 @@ +present diff --git a/type/__mail_alias/parameter/optional b/type/__mail_alias/parameter/optional new file mode 100644 index 0000000..ff72b5c --- /dev/null +++ b/type/__mail_alias/parameter/optional @@ -0,0 +1 @@ +state diff --git a/type/__mail_alias/parameter/optional_multiple b/type/__mail_alias/parameter/optional_multiple new file mode 100644 index 0000000..d077ed8 --- /dev/null +++ b/type/__mail_alias/parameter/optional_multiple @@ -0,0 +1 @@ +alias From a5f3f3cdafe77f5aae075d1a0c053a9a36475463 Mon Sep 17 00:00:00 2001 From: Dennis Camera Date: Sat, 30 May 2020 18:27:13 +0200 Subject: [PATCH 06/84] [type/__dma_auth] Implement type --- type/__dma_auth/{manifest => explorer/logins} | 29 ++++++--- type/__dma_auth/gencode-remote | 62 +++++++++++++++++++ type/__dma_auth/man.rst | 27 +++++--- type/__dma_auth/parameter/default/state | 1 + type/__dma_auth/parameter/optional | 2 + type/__dma_auth/parameter/required | 2 + 6 files changed, 106 insertions(+), 17 deletions(-) rename type/__dma_auth/{manifest => explorer/logins} (55%) mode change 100755 => 100644 create mode 100644 type/__dma_auth/parameter/default/state create mode 100644 type/__dma_auth/parameter/optional create mode 100644 type/__dma_auth/parameter/required diff --git a/type/__dma_auth/manifest b/type/__dma_auth/explorer/logins old mode 100755 new mode 100644 similarity index 55% rename from type/__dma_auth/manifest rename to type/__dma_auth/explorer/logins index e0c809a..0ed6bc1 --- a/type/__dma_auth/manifest +++ b/type/__dma_auth/explorer/logins @@ -1,6 +1,6 @@ #!/bin/sh -e # -# 2020 Dennis Camera (dennis.camera@ssrq-sds-fds.ch) +# 2020 Dennis Camera (dennis.camera at ssrq-sds-fds.ch) # # This file is part of cdist. # @@ -17,14 +17,25 @@ # You should have received a copy of the GNU General Public License # along with cdist. If not, see . # +# This explorer lines matching user + server in /etc/dma/auth.conf and reports +# their cksum. +test -r /etc/dma/auth.conf || exit 0 -os=$(cat "$__global/explorer/os") +if test -f "${__object}/parameter/login" +then + login=$(cat "${__object}/parameter/login") +else + login=$__object_id +fi +server=$(cat "${__object}/parameter/server") -case "$os" in - *) - printf "Your operating system (%s) is currently not supported by this type (%s)\n" "$os" "${__type##*/}" >&2 - printf "Please contribute an implementation for it if you can.\n" >&2 - exit 1 - ;; -esac +regex=$(printf '^%s|%s:' "$login" "$server") + +grep -e "${regex}" /etc/dma/auth.conf \ +| while read -r line + do + echo "${line}" \ + | cksum - \ + | cut -d ' ' -f 1 + done diff --git a/type/__dma_auth/gencode-remote b/type/__dma_auth/gencode-remote index 77ad9d2..0951c16 100755 --- a/type/__dma_auth/gencode-remote +++ b/type/__dma_auth/gencode-remote @@ -18,3 +18,65 @@ # along with cdist. If not, see . # +logins=$(cat "${__object}/explorer/logins") +state_should=$(cat "${__object}/parameter/state") + +if test -f "${__object}/parameter/login" +then + login=$(cat "${__object}/parameter/login") +else + login=$__object_id +fi +password=$(cat "${__object}/parameter/password") +server=$(cat "${__object}/parameter/server") + +case $state_should +in + (present) + conf_line=$(printf '%s|%s:%s\n' "${login}" "${server}" "${password}") + cksum_should=$(echo "${conf_line}" | cksum - | cut -d ' ' -f 1) + if echo "$logins" | grep -qxF "${cksum_should}" + then + # correct line already present -> nothing to do + exit 0 + fi + + mode=1 + ;; + (absent) + if test -z "$logins" + then + # no logins present -> nothing to do + exit 0 + fi + + # NOTE: password is not needed to delete + conf_line=$(printf '%s|%s:%s\n' "${login}" "${server}" "") + + mode=0 + ;; + (*) + printf 'Invalid --state: %s' "${state_should}" >&2 + exit 1 + ;; +esac + +cat </etc/dma/auth.conf.tmp \ +&& mv /etc/dma/auth.conf.tmp /etc/dma/auth.conf +EOF diff --git a/type/__dma_auth/man.rst b/type/__dma_auth/man.rst index cd4f647..bd077d6 100644 --- a/type/__dma_auth/man.rst +++ b/type/__dma_auth/man.rst @@ -3,23 +3,29 @@ cdist-type__dma_auth(7) NAME ---- -cdist-type__dma_auth - TODO +cdist-type__dma_auth - Configure SMTP logins for the DragonFly Mail Agent MTA. DESCRIPTION ----------- -This space intentionally left blank. +This cdist type allows you to set up credentials to log in to remote SMTP +servers. REQUIRED PARAMETERS ------------------- -None. +password + The user's password (in plain text.) +server + The SMTP server on which the login is valid. OPTIONAL PARAMETERS ------------------- -None. - +login + The user's LOGIN name on the SMTP server. Defaults to `__object_id`. +state + Either `present` or `absent`. Defaults to `present`. BOOLEAN PARAMETERS ------------------ @@ -31,13 +37,18 @@ EXAMPLES .. code-block:: sh - # TODO - __dma_auth + # Set the password for smarthost + __dma_auth joe --server smarthost --password hunter2 + # Set credentials for user at an external provider + __dma_auth paul@example.com --server mail.provider.com --password letmein + + # Delete credentials for example.com + __dma_auth paul --server example.com --state absent SEE ALSO -------- -:strong:`TODO`\ (7) +:strong:`cdist-type__dma`\ (7), :strong:`dma`\ (8) AUTHORS diff --git a/type/__dma_auth/parameter/default/state b/type/__dma_auth/parameter/default/state new file mode 100644 index 0000000..e7f6134 --- /dev/null +++ b/type/__dma_auth/parameter/default/state @@ -0,0 +1 @@ +present diff --git a/type/__dma_auth/parameter/optional b/type/__dma_auth/parameter/optional new file mode 100644 index 0000000..c35dbef --- /dev/null +++ b/type/__dma_auth/parameter/optional @@ -0,0 +1,2 @@ +login +state diff --git a/type/__dma_auth/parameter/required b/type/__dma_auth/parameter/required new file mode 100644 index 0000000..8f1a1c9 --- /dev/null +++ b/type/__dma_auth/parameter/required @@ -0,0 +1,2 @@ +password +server From 988f277ad63c8c3b465b5e31571e470009c6ee9a Mon Sep 17 00:00:00 2001 From: Dennis Camera Date: Sat, 30 May 2020 22:07:20 +0200 Subject: [PATCH 07/84] [type/__mail_alias] Fixes (mostly mawk compatibility) --- type/__mail_alias/explorer/aliases | 12 +++++------- type/__mail_alias/explorer/aliases_file | 0 type/__mail_alias/gencode-remote | 11 ++++++----- 3 files changed, 11 insertions(+), 12 deletions(-) mode change 100644 => 100755 type/__mail_alias/explorer/aliases_file diff --git a/type/__mail_alias/explorer/aliases b/type/__mail_alias/explorer/aliases index ce1a439..66940d5 100755 --- a/type/__mail_alias/explorer/aliases +++ b/type/__mail_alias/explorer/aliases @@ -22,13 +22,11 @@ aliases_file=$("${__type_explorer}/aliases_file") test -r "${aliases_file}" || exit 0 -name=$__object_id - -awk -F ':[[:blank:]]*' ' -function print_aliases (aliases, matches) { - split(aliases, matches, /,[[:blank:]]*/) +awk -F ':[ \t]*' ' +function print_aliases(aliases, matches) { + split(aliases, matches, /,[ \t]*/) for (i in matches) { - gsub(/^[[:blank:]]*|[[:blank:]]*$/, "", matches[i]) + gsub(/^[ \t]*|[ \t]*$/, "", matches[i]) print matches[i] } } @@ -40,7 +38,7 @@ function print_aliases (aliases, matches) { { cont = ($0 ~ /\\$/) - if (cont) sub(/[[:blank:]]*\\$/, "", $0) + if (cont) sub(/[ \t]*\\$/, "", $0) } /^[[:blank:]]/ || cont { diff --git a/type/__mail_alias/explorer/aliases_file b/type/__mail_alias/explorer/aliases_file old mode 100644 new mode 100755 diff --git a/type/__mail_alias/gencode-remote b/type/__mail_alias/gencode-remote index a93dff2..7778536 100755 --- a/type/__mail_alias/gencode-remote +++ b/type/__mail_alias/gencode-remote @@ -23,7 +23,7 @@ state_should=$(cat "${__object}/parameter/state") case $state_should in (present) - if cmp "${__object}/explorer/aliases" "${__object}/parameter/alias" + if cmp -s "${__object}/explorer/aliases" "${__object}/parameter/alias" then # all good! exit 0 @@ -57,7 +57,8 @@ printf 'mode=%u\n' "${mode}" printf "aliases_file='%s'\n" "${aliases_file}" cat <<'EOF' -awk -F ':[[:blank:]]*' -v mode="${mode}" ' +test -f "${aliases_file}" || touch "${aliases_file}" +awk -F ':[ \t]*' -v mode="${mode}" ' function sepafter(f, default, _) { _ = substr($0, length($f) + 1, index(substr($0, length($f)+1), $(f+1)) - 1) if (_) return _ @@ -90,10 +91,10 @@ BEGIN { { cont = ($0 ~ /\\$/) - if (cont) sub(/[[:blank:]]*\\$/, "", $0) + if (cont) sub(/[ \t]*\\$/, "", $0) } -/^[[:blank:]]/ || cont { +/^[ \t]/ || cont { # continuation line if (select) next } @@ -118,7 +119,7 @@ END { exit 1 } -if ! cmp "${aliases_file}" "${aliases_file}.tmp" +if ! cmp -s "${aliases_file}" "${aliases_file}.tmp" then mv "${aliases_file}.tmp" "${aliases_file}" newaliases From 59059a200a27cd750794439544e3aa5a45b65f09 Mon Sep 17 00:00:00 2001 From: Dennis Camera Date: Sun, 31 May 2020 11:57:54 +0200 Subject: [PATCH 08/84] [type/__dma_auth] Use host as key --- .../__dma_auth/explorer/{logins => auth_conf} | 48 +++++++++-------- type/__dma_auth/explorer/authusers | 51 +++++++++++++++++++ type/__dma_auth/gencode-remote | 26 +++++----- type/__dma_auth/man.rst | 16 +++--- type/__dma_auth/parameter/optional | 2 +- type/__dma_auth/parameter/required | 2 +- 6 files changed, 102 insertions(+), 43 deletions(-) rename type/__dma_auth/explorer/{logins => auth_conf} (54%) mode change 100644 => 100755 create mode 100755 type/__dma_auth/explorer/authusers diff --git a/type/__dma_auth/explorer/logins b/type/__dma_auth/explorer/auth_conf old mode 100644 new mode 100755 similarity index 54% rename from type/__dma_auth/explorer/logins rename to type/__dma_auth/explorer/auth_conf index 0ed6bc1..cef0aca --- a/type/__dma_auth/explorer/logins +++ b/type/__dma_auth/explorer/auth_conf @@ -17,25 +17,33 @@ # You should have received a copy of the GNU General Public License # along with cdist. If not, see . # -# This explorer lines matching user + server in /etc/dma/auth.conf and reports -# their cksum. +# This explorer determines the path of dma's auth.conf file -test -r /etc/dma/auth.conf || exit 0 +# No dma.conf -> use default +test -f /etc/dma/dma.conf || { + echo /etc/dma/auth.conf + exit 0 +} +test -r /etc/dma/dma.conf || { + echo 'Cannot read /etc/dma/dma.conf' >&2 + exit 1 +} -if test -f "${__object}/parameter/login" -then - login=$(cat "${__object}/parameter/login") -else - login=$__object_id -fi -server=$(cat "${__object}/parameter/server") - -regex=$(printf '^%s|%s:' "$login" "$server") - -grep -e "${regex}" /etc/dma/auth.conf \ -| while read -r line - do - echo "${line}" \ - | cksum - \ - | cut -d ' ' -f 1 - done +# Get AUTHPATH from dma.conf +awk -F'[ \t]' ' +{ + sub(/#.*$/, "", $0) # remove comments + if (!$0) next # ignore empty lines +} +$1 == "AUTHPATH" { + # Store authpath. In dma conf parsing last wins. + if ($2) authpath = substr($0, index($0, " ") + 1) +} +END { + if (authpath) { + print authpath + exit 0 + } else exit 1 +} +' /etc/dma/dma.conf \ +|| echo /etc/dma/auth.conf # default diff --git a/type/__dma_auth/explorer/authusers b/type/__dma_auth/explorer/authusers new file mode 100755 index 0000000..5fc6b4e --- /dev/null +++ b/type/__dma_auth/explorer/authusers @@ -0,0 +1,51 @@ +#!/bin/sh -e +# +# 2020 Dennis Camera (dennis.camera at ssrq-sds-fds.ch) +# +# This file is part of cdist. +# +# cdist is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# cdist is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with cdist. If not, see . +# +# This explorer looks for lines matching the server parameter in dma's auth.conf +# and reports the login and server fields (password is stripped off) + +auth_conf=$("${__type_explorer}/auth_conf") +test -r "${auth_conf}" || exit 0 + +if test -f "${__object}/parameter/server" +then + server=$(cat "${__object}/parameter/server") +else + server=$__object_id +fi + +awk -F'\n' -v server="${server}" ' +BEGIN { + DP = "[: \t]" # copied from dma/conf.c +} + +# skip comments and empty lines +/^#/ || /^$/ { next } + +{ + login = substr($0, 1, index($0, "|") - 1) + host = substr($0, length(login) + 2) + if (match(host, DP)) { + host = substr(host, 1, RSTART - 1) + endpos = length(login) + RSTART + } else endpos = length +} + +host == server { print substr($0, 0, endpos) } +' "${auth_conf}" diff --git a/type/__dma_auth/gencode-remote b/type/__dma_auth/gencode-remote index 0951c16..989e176 100755 --- a/type/__dma_auth/gencode-remote +++ b/type/__dma_auth/gencode-remote @@ -18,24 +18,24 @@ # along with cdist. If not, see . # -logins=$(cat "${__object}/explorer/logins") +authusers=$(cat "${__object}/explorer/authusers") state_should=$(cat "${__object}/parameter/state") -if test -f "${__object}/parameter/login" +if test -f "${__object}/parameter/server" then - login=$(cat "${__object}/parameter/login") + server=$(cat "${__object}/parameter/server") else - login=$__object_id + server=$__object_id fi +login=$(cat "${__object}/parameter/login") password=$(cat "${__object}/parameter/password") -server=$(cat "${__object}/parameter/server") case $state_should in (present) conf_line=$(printf '%s|%s:%s\n' "${login}" "${server}" "${password}") cksum_should=$(echo "${conf_line}" | cksum - | cut -d ' ' -f 1) - if echo "$logins" | grep -qxF "${cksum_should}" + if echo "$authusers" | grep -qxF "${cksum_should}" then # correct line already present -> nothing to do exit 0 @@ -44,11 +44,8 @@ in mode=1 ;; (absent) - if test -z "$logins" - then - # no logins present -> nothing to do - exit 0 - fi + # no logins present -> nothing to do + test -n "$authusers" || exit 0 # NOTE: password is not needed to delete conf_line=$(printf '%s|%s:%s\n' "${login}" "${server}" "") @@ -66,11 +63,14 @@ read -r CONF_LINE <<'EOL' ${conf_line} EOL export CONF_LINE +export mode=${mode} +EOF -awk -F: -v print=$mode ' +cat <<'EOF' +awk -F: -v mode=$mode ' BEGIN { split(ENVIRON["CONF_LINE"], conf, ":") } $1 == conf[1] { - if (print && !found) { + if (mode && !found) { # remove duplicates print ENVIRON["CONF_LINE"] found = 1 diff --git a/type/__dma_auth/man.rst b/type/__dma_auth/man.rst index bd077d6..9c3ad7a 100644 --- a/type/__dma_auth/man.rst +++ b/type/__dma_auth/man.rst @@ -14,16 +14,16 @@ servers. REQUIRED PARAMETERS ------------------- +login + The user's LOGIN name on the SMTP server. password The user's password (in plain text.) -server - The SMTP server on which the login is valid. OPTIONAL PARAMETERS ------------------- -login - The user's LOGIN name on the SMTP server. Defaults to `__object_id`. +server + The SMTP server on which the login is valid. Defaults to `__object_id`. state Either `present` or `absent`. Defaults to `present`. @@ -38,13 +38,13 @@ EXAMPLES .. code-block:: sh # Set the password for smarthost - __dma_auth joe --server smarthost --password hunter2 + __dma_auth smarthost.example.com --login joe --password hunter2 # Set credentials for user at an external provider - __dma_auth paul@example.com --server mail.provider.com --password letmein + __dma_auth mail.provider.com --login paul@example.com --password letmein - # Delete credentials for example.com - __dma_auth paul --server example.com --state absent + # Delete credentials for example.com (for all users) + __dma_auth example.com --login '' --password '' --state absent SEE ALSO -------- diff --git a/type/__dma_auth/parameter/optional b/type/__dma_auth/parameter/optional index c35dbef..3e42ed3 100644 --- a/type/__dma_auth/parameter/optional +++ b/type/__dma_auth/parameter/optional @@ -1,2 +1,2 @@ -login +server state diff --git a/type/__dma_auth/parameter/required b/type/__dma_auth/parameter/required index 8f1a1c9..ae3c622 100644 --- a/type/__dma_auth/parameter/required +++ b/type/__dma_auth/parameter/required @@ -1,2 +1,2 @@ +login password -server From b848fca9299befe36b78624cf622d6df286db053 Mon Sep 17 00:00:00 2001 From: Dennis Camera Date: Sun, 31 May 2020 15:01:40 +0200 Subject: [PATCH 09/84] [type/__dma_auth] Finish code to rewrite auth.conf --- type/__dma_auth/explorer/authusers | 12 +++- type/__dma_auth/gencode-remote | 90 +++++++++++++++++++++--------- 2 files changed, 73 insertions(+), 29 deletions(-) diff --git a/type/__dma_auth/explorer/authusers b/type/__dma_auth/explorer/authusers index 5fc6b4e..db83482 100755 --- a/type/__dma_auth/explorer/authusers +++ b/type/__dma_auth/explorer/authusers @@ -18,7 +18,7 @@ # along with cdist. If not, see . # # This explorer looks for lines matching the server parameter in dma's auth.conf -# and reports the login and server fields (password is stripped off) +# and reports the login and server fields (password is cksummed) auth_conf=$("${__type_explorer}/auth_conf") test -r "${auth_conf}" || exit 0 @@ -47,5 +47,11 @@ BEGIN { } else endpos = length } -host == server { print substr($0, 0, endpos) } -' "${auth_conf}" +host == server { print endpos, $0 } +' "${auth_conf}" \ +| while read pos line + do + printf '%s:%s\n' \ + "$(printf '%s' "$line" | cut -c $((-pos)))" \ + "$(printf '%s' "$line" | cut -c $((pos+2))- | cksum | cut -d' ' -f1)" + done diff --git a/type/__dma_auth/gencode-remote b/type/__dma_auth/gencode-remote index 989e176..d75d611 100755 --- a/type/__dma_auth/gencode-remote +++ b/type/__dma_auth/gencode-remote @@ -18,7 +18,6 @@ # along with cdist. If not, see . # -authusers=$(cat "${__object}/explorer/authusers") state_should=$(cat "${__object}/parameter/state") if test -f "${__object}/parameter/server" @@ -28,27 +27,26 @@ else server=$__object_id fi login=$(cat "${__object}/parameter/login") -password=$(cat "${__object}/parameter/password") case $state_should in (present) - conf_line=$(printf '%s|%s:%s\n' "${login}" "${server}" "${password}") - cksum_should=$(echo "${conf_line}" | cksum - | cut -d ' ' -f 1) - if echo "$authusers" | grep -qxF "${cksum_should}" + line_should=$(printf '%s|%s:%s\n' \ + "${login}" "${server}" \ + "$(cksum "${__object}/parameter/password" | cut -d' ' -f1)") + if grep -qxF "${line_should}" "${__object}/explorer/authusers" then # correct line already present -> nothing to do exit 0 fi + test -n "${login}" || { echo '--login must be non-empty' >&2; exit 1 } + mode=1 ;; (absent) - # no logins present -> nothing to do - test -n "$authusers" || exit 0 - - # NOTE: password is not needed to delete - conf_line=$(printf '%s|%s:%s\n' "${login}" "${server}" "") + # no matching logins present -> nothing to do + test -s "${__object}/explorer/authusers" || exit 0 mode=0 ;; @@ -58,25 +56,65 @@ in ;; esac +auth_conf=$(cat "${__object}/explorer/auth_conf") + +if test -z "${auth_conf}" +then + echo 'Cannot determine path of dma auth.conf' >&2 + exit 1 +fi + cat </etc/dma/auth.conf.tmp \ -&& mv /etc/dma/auth.conf.tmp /etc/dma/auth.conf + +BEGIN { + DP = "[: \t]" # copied from dma/conf.c +} + +# skip comments and empty lines +/^#/ || /^$/ { print; next } + +{ + login = substr($0, 1, index($0, "|") - 1) + host = substr($0, length(login) + 2) + if (match(host, DP)) { + host = substr(host, 1, RSTART - 1) + endpos = length(login) + RSTART + } else endpos = length +} + +host == ENVIRON["server"] { + if (mode) { + if (login == ENVIRON["login"] && !written) { + printf "%s%s\n", substr($0, 1, endpos+1), getpw() + written = 1 + next + } + } else if (!ENVIRON["login"] || login == ENVIRON["login"]) next +} + +{ print } + +END { + if (mode && !written) { + printf "%s|%s:%s\n", ENVIRON["login"], ENVIRON["server"], getpw() + } +} +' <"${auth_conf}" >"${auth_conf}.tmp" \ + && mv "${auth_conf}.tmp" "${auth_conf}" EOF From 3f72ca134108163f3208b709f84037312d460e5c Mon Sep 17 00:00:00 2001 From: Dennis Camera Date: Sun, 31 May 2020 15:18:11 +0200 Subject: [PATCH 10/84] [type/__dma_auth] Send messages --- type/__dma/gencode-remote | 45 +++++++++++++++++++++------------- type/__dma_auth/gencode-remote | 11 ++++++++- 2 files changed, 38 insertions(+), 18 deletions(-) diff --git a/type/__dma/gencode-remote b/type/__dma/gencode-remote index 2961c09..2e3a80d 100755 --- a/type/__dma/gencode-remote +++ b/type/__dma/gencode-remote @@ -1,20 +1,31 @@ #!/bin/sh -e -if [ -f "${__object}/parameter/send-test-email" ]; then - SEND_EMAIL="YES" +if test -f "${__object}/parameter/send-test-email" +then + modified=false + + if grep -q '^__mail_alias/root:' "${__messages_in}" + then + modified=true + elif grep -q '^__dma_auth/' "${__messages_in}" + then + modified=true + elif grep -q '^__dma/' "${__messages_in}" + then + modified=true + fi + + if $modified + then + cat <<-EOF + sendmail root <&2; exit 1 } mode=1 - ;; + + if test -s "${__object}/explorer/authusers" + then + printf 'set authuser %s on %s\n' "${login}" "${server}" >>"${__messages_out}" + else + printf 'add authuser %s on %s\n' "${login}" "${server}" >>"${__messages_out}" + fi + ;; (absent) # no matching logins present -> nothing to do test -s "${__object}/explorer/authusers" || exit 0 mode=0 + + printf 'delete authuser %s on %s\n' "${login}" "${server}" >>"${__messages_out}" ;; (*) printf 'Invalid --state: %s' "${state_should}" >&2 From b87b67597efb8349709e8f5153bb73bb08f39337 Mon Sep 17 00:00:00 2001 From: Dennis Camera Date: Sun, 31 May 2020 15:06:06 +0200 Subject: [PATCH 11/84] [type/__dma] Remove mail aliases functionality --- type/__dma/files/aliases | 68 -------------------------- type/__dma/man.rst | 22 ++------- type/__dma/manifest | 22 +-------- type/__dma/parameter/required_multiple | 1 - 4 files changed, 6 insertions(+), 107 deletions(-) delete mode 100644 type/__dma/files/aliases delete mode 100644 type/__dma/parameter/required_multiple diff --git a/type/__dma/files/aliases b/type/__dma/files/aliases deleted file mode 100644 index d341318..0000000 --- a/type/__dma/files/aliases +++ /dev/null @@ -1,68 +0,0 @@ -# Based off FreeBSD's /etc/aliases -# -# >>>>>>>>>> The program "newaliases" must be run after -# >> NOTE >> this file is updated for any changes to -# >>>>>>>>>> show through to sendmail. -# -# -# See also RFC 2142, `MAILBOX NAMES FOR COMMON SERVICES, ROLES -# AND FUNCTIONS', May 1997 -# http://tools.ietf.org/html/rfc2142 - -# Pretty much everything else in this file points to "root", so -# you would do well in either reading root's mailbox or forwarding -# root's email from here. - -# root: me@my.domain - - -# Basic system aliases -- these MUST be present -MAILER-DAEMON: postmaster -postmaster: root - -# General redirections for pseudo accounts -_dhcp: root -_pflogd: root -auditdistd: root -bin: root -bind: root -daemon: root -games: root -hast: root -kmem: root -mailnull: postmaster -man: root -news: root -nobody: root -operator: root -pop: root -proxy: root -smmsp: postmaster -sshd: root -system: root -toor: root -tty: root -usenet: news -uucp: root - -# Well-known aliases -- these should be filled in! -manager: root -dumper: root - -# BUSINESS-RELATED MAILBOX NAMES -info: root -marketing: root -sales: root -support: root - -# NETWORK OPERATIONS MAILBOX NAMES -abuse: root -noc: root -security: root - -# SUPPORT MAILBOX NAMES FOR SPECIFIC INTERNET SERVICES -ftp: root -ftp-bugs: ftp -hostmaster: root -webmaster: root -www: webmaster diff --git a/type/__dma/man.rst b/type/__dma/man.rst index a10c6c2..af9298e 100644 --- a/type/__dma/man.rst +++ b/type/__dma/man.rst @@ -19,18 +19,9 @@ email server configured in the `smart-host` parameter. REQUIRED PARAMETERS ------------------- smart-host - The destination email server. The addresses passed in `root-email` must be - either local to the `smart-host` or it must be configured to act as a relay - for the host being configured by this type. - - -REQUIRED MULTIPLE PARAMETERS ----------------------------- -root-email - Destination email address. Can be specified multiple times or just once - with each address separated by commas. - This will be setup in `/etc/aliases` as the destination for the local - root mailbox. + The email server used to send email. + It must be configured to act as a relay for the host being configured by + this type so that mail can be sent to users non-local to the smart-host. BOOLEAN PARAMETERS @@ -55,11 +46,7 @@ EXAMPLES .. code-block:: sh - # Send root email to both our BOFH and the nice-admin. - # That way they can figure things out together. __dma \ - --root-email bofh@domain.tld \ - --root-email nice-admin@domain.tld \ --smart-host mx1.domain.tld \ --send-test-email @@ -73,11 +60,12 @@ SEE ALSO AUTHORS ------- Evilham +Dennis Camera COPYING ------- -Copyright \(C) 2020 Evilham. You can redistribute it +Copyright \(C) 2020 Evilham and Dennis Camera. You can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. diff --git a/type/__dma/manifest b/type/__dma/manifest index abcaa5b..e07fbfc 100755 --- a/type/__dma/manifest +++ b/type/__dma/manifest @@ -1,8 +1,7 @@ #!/bin/sh -e -os="$(cat "${__global}/explorer/os")" +os=$(cat "${__global}/explorer/os") -root_email="$(tr '\n' ',' < "${__object}/parameter/root-email" | sed -E 's/,+$//')" smart_host="$(cat "${__object}/parameter/smart-host")" if [ -f "${__object}/parameter/mailname" ]; then @@ -21,14 +20,12 @@ else esac fi -aliases_file=/etc/mail/aliases case ${os} in debian|devuan|ubuntu) # Debian-like requires installing DMA __package dma # Moving forward without DMA doesn't make much sense export require="__package/dma" - aliases_file=/etc/aliases ;; freebsd) # Disable sendmail + stop if necessary @@ -134,20 +131,3 @@ EOF __file /etc/dma/dma.conf --mode 0644 --source '-' < Date: Mon, 1 Jun 2020 17:07:35 +0200 Subject: [PATCH 12/84] [type/__dma] Implement config file updates --- type/__dma/explorer/conf | 30 ++++ type/__dma/gencode-remote | 197 ++++++++++++++++++++++++- type/__dma/man.rst | 24 +++ type/__dma/manifest | 165 ++++++--------------- type/__dma/parameter/default/security | 1 + type/__dma/parameter/optional | 2 + type/__dma/parameter/optional_multiple | 1 + 7 files changed, 302 insertions(+), 118 deletions(-) create mode 100755 type/__dma/explorer/conf create mode 100644 type/__dma/parameter/default/security create mode 100644 type/__dma/parameter/optional_multiple diff --git a/type/__dma/explorer/conf b/type/__dma/explorer/conf new file mode 100755 index 0000000..129e3c3 --- /dev/null +++ b/type/__dma/explorer/conf @@ -0,0 +1,30 @@ +#!/bin/sh -e +# +# 2020 Dennis Camera (dennis.camera at ssrq-sds-fds.ch) +# +# This file is part of cdist. +# +# cdist is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# cdist is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with cdist. If not, see . +# +# This explorer looks for lines matching the server parameter in dma's auth.conf +# and reports the login and server fields (password is cksummed) + +CONF_PATH=/etc/dma # set in Makefile +dma_conf="${CONF_PATH:?}/dma.conf" + +test -f "${dma_conf}" || exit 0 + +grep -v -e '^[ \t]*#\|^$' "${dma_conf}" \ +| sed -e 's/[ \t]*#.*$//' \ +| sort -s -k 1,1 diff --git a/type/__dma/gencode-remote b/type/__dma/gencode-remote index 2e3a80d..1091aeb 100755 --- a/type/__dma/gencode-remote +++ b/type/__dma/gencode-remote @@ -1,5 +1,200 @@ #!/bin/sh -e +CONF_PATH=/etc/dma # set in Makefile + +# Generate config +conf_should=$( + if test -s "${__object}/parameter/smart-host" + then + printf 'SMARTHOST %s\n' "$(cat "${__object}/parameter/smart-host")" + #printf 'AUTHPATH %s\n' "$(cat "${__type}/ + fi + + case $(cat "${__object}/parameter/security") + in + (ssl|tls) + default_smtp_port=465 + echo 'SECURETRANSFER' + ;; + (starttls) + default_smtp_port=587 + echo 'SECURETRANSFER' + echo 'STARTTLS' + ;; + (opportunistic) + default_smtp_port=25 # XXX: correct? + echo 'SECURETRANSFER' + echo 'STARTTLS' + echo 'OPPORTUNISTIC_TLS' + ;; + (insecure) + default_smtp_port=25 + echo 'INSECURE' + ;; + esac + + if test -s "${__object}/parameter/port" + then + printf 'PORT %u\n' "$(cat "${__object}/parameter/port")" + elif test "${default_smtp_port}" -ne 25 + then + printf 'PORT %u\n' "${default_smtp_port}" + fi + + if test -f "${__object}/parameter/masquerade" + then + while read -r line + do + printf 'MASQUERADE %s\n' "${line}" + done <"${__object}/parameter/masquerade" + fi + + +) +conf_should=$(echo "$conf_should" | sort -s -k 1,1) + +config_updated=false +if ! echo "$conf_should" | cmp -s "${__object}/explorer/conf" - +then + # config needs to be updated + echo "dma_conf='${CONF_PATH:?}/dma.conf'" + cat <<'EOF' +awk -F '\n' ' +function comment_line(line) { return match(line, /^[ \t]*#+[ \t]*/) } +function empty_line(line) { return match(line, /^[ \t]*$/) } +function is_word(s) { return s ~ /^[A-Z_]+$/ } + +function first(line, sep) { + if (!sep) sep = SUBSEP + return index(line, sep) ? substr(line, 0, index(line, sep)) : line +} + +function rest(line, sep) { + if (!sep) sep = SUBSEP + if (index(line, sep)) + return substr(line, index(line, sep) + 1) +} + +function conf_pop(word, value) { + if (!(word in conf)) return 0 + if (!value) { + if (index(conf[word], SUBSEP)) # more than one element? + value = substr(conf[word], 0, index(conf[word], SUBSEP)) + else + value = conf[word] + } + + if (index(conf[word], SUBSEP)) { + if (index(conf[word], value SUBSEP) != 1) return 0 + conf[word] = substr(conf[word], length(value) + 2) + } else { + if (conf[word] != value) return 0 + delete conf[word] + } + return value +} + +function print_conf(word, value) { + printf "%s", word + if (value) printf " %s", value + printf "\n" +} + +function print_confs(word, value) { + if (!(word in conf)) return + if (conf[word]) { + while (value = conf_pop(word)) + print_conf(word, value) + } else { + print_conf(word) + delete conf[word] + } +} + +BEGIN { + while (getline < "/dev/stdin") { + word = first($0, " ") + if ((word in conf)) + conf[word] = conf[word] SUBSEP rest($0, " ") + else + conf[word] = rest($0, " ") + } +} + +# first pass, gather information +NR == FNR { + if (comment_line($0)) { + # comment line + word = first(substr($0, RLENGTH + 1), " ") + if (is_word(word)) last_occ["#" word] = FNR + } else { + word = first($0, " ") + if (is_word(word)) last_occ[word] = FNR + } +} + +NR > FNR && FNR == 1 { + # before second pass prepare hashes + + for (k in last_occ) + if (k ~ /^\#/ && (substr(k, 2) in last_occ)) + delete last_occ[k] + + for (k in last_occ) { + line_map[last_occ[k]] = k + } +} + +# second pass, output new config +NR > FNR { + if (comment_line($0) || empty_line($0)) { + # comment or empty line + print + + if ((FNR in line_map)) { + if (line_map[FNR] ~ /^\#/) { + # the "matching" comment line is here + k = substr(line_map[FNR], 2) + if ((k in conf)) print_confs(k) + } + + if (("INSECURE" in conf) && line_map[FNR] ~ /^\#?SECURE$/) { + # INSECURE goes where SECURE comment is + print_confs("INSECURE") + } + } + } else { + sub(/[ \t]*\#.*$/, "", $0) # ignore comments + word = first($0, " ") + + if ((word in conf) && rest($0, " ") == first(conf[word])) { + # keep config options we want + conf_pop(word) + print + } + + if ((FNR in line_map) && line_map[FNR] == word) { + # rest of config options should be here + print_confs(word) + } + } +} + +END { + # print rest of config options + for (word in conf) print_confs(word) +} +' "${dma_conf}" "${dma_conf}" <<'EOF' >"${dma_conf}.tmp" \ + && mv "${dma_conf}.tmp" "${dma_conf}" +EOF + echo "${conf_should}" + echo 'EOF' + + config_updated=true + echo 'config updated' >>"${__messages_out}" +fi + + if test -f "${__object}/parameter/send-test-email" then modified=false @@ -10,7 +205,7 @@ then elif grep -q '^__dma_auth/' "${__messages_in}" then modified=true - elif grep -q '^__dma/' "${__messages_in}" + elif $config_updated then modified=true fi diff --git a/type/__dma/man.rst b/type/__dma/man.rst index af9298e..cb3c35f 100644 --- a/type/__dma/man.rst +++ b/type/__dma/man.rst @@ -39,7 +39,31 @@ mailname If not defined, it defaults to `/etc/mailname` on Debian-derived Operating Systems and to `__target_host` otherwise. See `dma(8)` for more information. +masquerade + Masquerade the envelope-from addresses with this address/hostname. + Use this setting if mails are not accepted by destination mail servers + because your sender domain is invalid. + This option can be used multiple times. + For more information see the `dma(8)` man page. +port + The port on which to deliver email. + If not provided, a sensible default port will be used based on the + `--security` argument. +security + Configures whether and how DMA should use secure connections. + ssl/tls + Enable TLS/SSL secured transfer. + starttls + Use STARTTLS to establish a secure connection. + opportunistic (default) + Will try to establish a secure connection using STARTTLS, but allow + unencrypted transfer if STARTTLS fails. + Most useful when dma is used without a smarthost, delivering remote + messages directly to the outside mail exchangers. + insecure + allow plain text SMTP login over an insecure connection. + Should really not be used anymore! EXAMPLES -------- diff --git a/type/__dma/manifest b/type/__dma/manifest index e07fbfc..814e3ef 100755 --- a/type/__dma/manifest +++ b/type/__dma/manifest @@ -2,54 +2,57 @@ os=$(cat "${__global}/explorer/os") -smart_host="$(cat "${__object}/parameter/smart-host")" - -if [ -f "${__object}/parameter/mailname" ]; then - mailname="$(cat "${__object}/parameter/mailname")" +# mailname: default behaviour is different on certain systems +if test -f "${__object}/parameter/mailname" +then + mailname=$(cat "${__object}/parameter/mailname") else - # default mailname behaviour is different in certain systems - case ${os} in - debian|devuan|ubuntu) - # Debian-like default to /etc/mailname - mailname="/etc/mailname" - ;; - *) - # Otherwise let's use the hostname - mailname="${__target_host}" - ;; - esac + # Otherwise use the hostname + mailname=$(cat "${__global}/explorer/hostname") fi -case ${os} in - debian|devuan|ubuntu) - # Debian-like requires installing DMA - __package dma - # Moving forward without DMA doesn't make much sense - export require="__package/dma" - ;; - freebsd) - # Disable sendmail + stop if necessary - __key_value \ - --file "/etc/rc.conf" \ - --comment "# Disable sendmail " \ - --key "sendmail_enable" \ - --delimiter "=" \ - --value "NONE" \ - --onchange "service sendmail onestop || true" \ - "sendmail_enable" +case $os +in + (debian|devuan|ubuntu) + # On Debian-like systems use /etc/mailname + if test -f "${__object}/parameter/mailname" + then + echo "$mailname" | __file '/etc/mailname' --state present \ + --mode 0644 --owner root --group root --source - + fi + + mailname='/etc/mailname' + ;; +esac + +# Install DMA +case $os +in + (debian|devuan|ubuntu) + __package dma --state present + export require='__package/dma' + ;; + (freebsd) + # Stop sendmail if necessary + __process 'sendmail' --name 'sendmail.*' --state absent \ + --stop '/etc/rc.d/sendmail onestop' + + # ... and disable it + __key_value 'rcconf-sendmail-enable' --file '/etc/rc.conf' \ + --key 'sendmail_enable' --delimiter '=' --value '"NONE"' \ + --exact_delimiter + # Setup mailwrapper accordingly - __file /etc/mail/mailer.conf \ - --mode 0644 \ - --source '-' < /dev/stderr <&2 Your OS (${os}) is not supported yet. Maybe adding support is as simple as adapting the packages or allowing it, @@ -57,77 +60,5 @@ we highly encourage you to open a PR with the necessary changes. See: https://code.ungleich.ch/ungleich-public/cdist-contrib/ EOF exit 1 - ;; + ;; esac - -DMA_CONF="$(cat < Date: Mon, 1 Jun 2020 17:16:04 +0200 Subject: [PATCH 13/84] [type/__dma] Detect AUTHPATH --- type/__dma/explorer/auth_conf | 1 + type/__dma/gencode-remote | 5 ++++- 2 files changed, 5 insertions(+), 1 deletion(-) create mode 120000 type/__dma/explorer/auth_conf diff --git a/type/__dma/explorer/auth_conf b/type/__dma/explorer/auth_conf new file mode 120000 index 0000000..db038ae --- /dev/null +++ b/type/__dma/explorer/auth_conf @@ -0,0 +1 @@ +../../__dma_auth/explorer/auth_conf \ No newline at end of file diff --git a/type/__dma/gencode-remote b/type/__dma/gencode-remote index 1091aeb..105edba 100755 --- a/type/__dma/gencode-remote +++ b/type/__dma/gencode-remote @@ -49,7 +49,10 @@ conf_should=$( done <"${__object}/parameter/masquerade" fi - + if test -s "${__object}/explorer/auth_conf" + then + printf "AUTHPATH %s\n" "$(cat "${__object}/explorer/auth_conf")" + fi ) conf_should=$(echo "$conf_should" | sort -s -k 1,1) From 4fdddfd738dac87a1e33e359e1ede6ee22a16918 Mon Sep 17 00:00:00 2001 From: Dennis Camera Date: Mon, 1 Jun 2020 17:23:31 +0200 Subject: [PATCH 14/84] [type/__dma] Add --defer, --full-bounce, and --null-client --- type/__dma/gencode-remote | 20 ++++++++++++++++++++ type/__dma/man.rst | 8 ++++++++ type/__dma/parameter/boolean | 3 +++ 3 files changed, 31 insertions(+) diff --git a/type/__dma/gencode-remote b/type/__dma/gencode-remote index 105edba..1f252a4 100755 --- a/type/__dma/gencode-remote +++ b/type/__dma/gencode-remote @@ -49,6 +49,26 @@ conf_should=$( done <"${__object}/parameter/masquerade" fi + if test -f "${__object}/parameter/defer" + then + echo 'DEFER' + fi + + if test -f "${__object}/parameter/full-bounce" + then + echo 'FULLBOUNCE' + fi + + if test -f "${__object}/parameter/null-client" + then + test -s "${__object}/parameter/smart-host" || { + echo '--null-client requires a --smart-host to be defined' >&2 + exit 1 + } + + echo 'NULLCLIENT' + fi + if test -s "${__object}/explorer/auth_conf" then printf "AUTHPATH %s\n" "$(cat "${__object}/explorer/auth_conf")" diff --git a/type/__dma/man.rst b/type/__dma/man.rst index cb3c35f..a8ba546 100644 --- a/type/__dma/man.rst +++ b/type/__dma/man.rst @@ -26,6 +26,14 @@ smart-host BOOLEAN PARAMETERS ------------------ +defer + If enabled, the mail queue has to be manually flushed with the `-q` option. +full-bounce + Enable if the bounce message should include the complete original message, + not just the headers. +null-client + Enable to bypass aliases and local delivery, and instead forward all mails + to the defined `--smart-host`. send-test-email If present, after setup this type will send an email to root, to allow you to easily test your setup. diff --git a/type/__dma/parameter/boolean b/type/__dma/parameter/boolean index d1af563..ede7dda 100644 --- a/type/__dma/parameter/boolean +++ b/type/__dma/parameter/boolean @@ -1 +1,4 @@ +defer +full-bounce +null-client send-test-email From 99d58672c4987757429fc783b66d96eb6fa90f2b Mon Sep 17 00:00:00 2001 From: Dennis Camera Date: Mon, 1 Jun 2020 19:20:05 +0200 Subject: [PATCH 15/84] [type/__dma_auth] Add semicolon --- type/__dma_auth/gencode-remote | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/type/__dma_auth/gencode-remote b/type/__dma_auth/gencode-remote index 48e7dce..b6b7f63 100755 --- a/type/__dma_auth/gencode-remote +++ b/type/__dma_auth/gencode-remote @@ -40,7 +40,7 @@ in exit 0 fi - test -n "${login}" || { echo '--login must be non-empty' >&2; exit 1 } + test -n "${login}" || { echo '--login must be non-empty' >&2; exit 1; } mode=1 From 0657ac4f115ee575f0bb7780fa9ac759c472ec97 Mon Sep 17 00:00:00 2001 From: Dennis Camera Date: Mon, 1 Jun 2020 19:21:41 +0200 Subject: [PATCH 16/84] [type/__dma] Fix mailname --- type/__dma/gencode-remote | 31 +++++++++++++++++++++++++------ type/__dma/manifest | 27 +-------------------------- 2 files changed, 26 insertions(+), 32 deletions(-) diff --git a/type/__dma/gencode-remote b/type/__dma/gencode-remote index 1f252a4..4100d39 100755 --- a/type/__dma/gencode-remote +++ b/type/__dma/gencode-remote @@ -2,12 +2,36 @@ CONF_PATH=/etc/dma # set in Makefile +# Determine mailname +if test -f "${__object}/parameter/mailname" +then + mailname=$(cat "${__object}/parameter/mailname") +else + case $(cat "${__global}/explorer/os") + in + (debian|devuan|ubuntu) + # On Debian-like systems use /etc/mailname unless --mailname is used + mailname='/etc/mailname' + ;; + (*) + mailname=$__target_fqdn + ;; + esac +fi + + # Generate config conf_should=$( if test -s "${__object}/parameter/smart-host" then printf 'SMARTHOST %s\n' "$(cat "${__object}/parameter/smart-host")" - #printf 'AUTHPATH %s\n' "$(cat "${__type}/ + fi + + printf 'MAILNAME %s\n' "${mailname}" + + if test -s "${__object}/explorer/auth_conf" + then + printf "AUTHPATH %s\n" "$(cat "${__object}/explorer/auth_conf")" fi case $(cat "${__object}/parameter/security") @@ -68,11 +92,6 @@ conf_should=$( echo 'NULLCLIENT' fi - - if test -s "${__object}/explorer/auth_conf" - then - printf "AUTHPATH %s\n" "$(cat "${__object}/explorer/auth_conf")" - fi ) conf_should=$(echo "$conf_should" | sort -s -k 1,1) diff --git a/type/__dma/manifest b/type/__dma/manifest index 814e3ef..60038b1 100755 --- a/type/__dma/manifest +++ b/type/__dma/manifest @@ -1,32 +1,7 @@ #!/bin/sh -e -os=$(cat "${__global}/explorer/os") - -# mailname: default behaviour is different on certain systems -if test -f "${__object}/parameter/mailname" -then - mailname=$(cat "${__object}/parameter/mailname") -else - # Otherwise use the hostname - mailname=$(cat "${__global}/explorer/hostname") -fi - -case $os -in - (debian|devuan|ubuntu) - # On Debian-like systems use /etc/mailname - if test -f "${__object}/parameter/mailname" - then - echo "$mailname" | __file '/etc/mailname' --state present \ - --mode 0644 --owner root --group root --source - - fi - - mailname='/etc/mailname' - ;; -esac - # Install DMA -case $os +case $(cat "${__global}/explorer/os") in (debian|devuan|ubuntu) __package dma --state present From 7183bb3cd191dfece36e32db86eb6ee42b49bb5d Mon Sep 17 00:00:00 2001 From: Dennis Camera Date: Mon, 1 Jun 2020 19:24:32 +0200 Subject: [PATCH 17/84] [type/__dma] Fixes for FreeBSD --- type/__dma/gencode-remote | 13 ++++++++----- type/__dma/manifest | 3 +++ 2 files changed, 11 insertions(+), 5 deletions(-) diff --git a/type/__dma/gencode-remote b/type/__dma/gencode-remote index 4100d39..1b00f04 100755 --- a/type/__dma/gencode-remote +++ b/type/__dma/gencode-remote @@ -108,7 +108,7 @@ function is_word(s) { return s ~ /^[A-Z_]+$/ } function first(line, sep) { if (!sep) sep = SUBSEP - return index(line, sep) ? substr(line, 0, index(line, sep)) : line + return index(line, sep) ? substr(line, 1, index(line, sep) - 1) : line } function rest(line, sep) { @@ -121,7 +121,7 @@ function conf_pop(word, value) { if (!(word in conf)) return 0 if (!value) { if (index(conf[word], SUBSEP)) # more than one element? - value = substr(conf[word], 0, index(conf[word], SUBSEP)) + value = substr(conf[word], 1, index(conf[word], SUBSEP) - 1) else value = conf[word] } @@ -256,10 +256,13 @@ then then cat <<-EOF sendmail root < Date: Mon, 1 Jun 2020 20:25:10 +0200 Subject: [PATCH 18/84] [type/__dma_auth] Fix SC2162 --- type/__dma_auth/explorer/authusers | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/type/__dma_auth/explorer/authusers b/type/__dma_auth/explorer/authusers index db83482..c76667b 100755 --- a/type/__dma_auth/explorer/authusers +++ b/type/__dma_auth/explorer/authusers @@ -49,7 +49,7 @@ BEGIN { host == server { print endpos, $0 } ' "${auth_conf}" \ -| while read pos line +| while read -r pos line do printf '%s:%s\n' \ "$(printf '%s' "$line" | cut -c $((-pos)))" \ From bf822f3f8ca53852554750003296b9163122c424 Mon Sep 17 00:00:00 2001 From: Dennis Camera Date: Mon, 1 Jun 2020 20:26:52 +0200 Subject: [PATCH 19/84] [type/__dma] Fix SC2154 --- type/__dma/manifest | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/type/__dma/manifest b/type/__dma/manifest index 4a78dab..7abd7c8 100755 --- a/type/__dma/manifest +++ b/type/__dma/manifest @@ -1,7 +1,9 @@ #!/bin/sh -e +os=$(cat "${__global}/explorer/os") + # Install DMA -case $(cat "${__global}/explorer/os") +case $os in (debian|devuan|ubuntu) __package dma --state present From de4508cb0695cf0f7a6561ac7d8b92add1bc313d Mon Sep 17 00:00:00 2001 From: Dennis Camera Date: Sat, 6 Jun 2020 21:45:40 +0200 Subject: [PATCH 20/84] Mark __dma_auth and __mail_alias as nonparallel Both types modify a single file, so they shouldn't be run at the same time. --- type/__dma_auth/nonparallel | 0 type/__mail_alias/nonparallel | 0 2 files changed, 0 insertions(+), 0 deletions(-) create mode 100644 type/__dma_auth/nonparallel create mode 100644 type/__mail_alias/nonparallel diff --git a/type/__dma_auth/nonparallel b/type/__dma_auth/nonparallel new file mode 100644 index 0000000..e69de29 diff --git a/type/__mail_alias/nonparallel b/type/__mail_alias/nonparallel new file mode 100644 index 0000000..e69de29 From 0cd19b3a5dc71fa3fed263fe14eb05aafa58b0aa Mon Sep 17 00:00:00 2001 From: Dennis Camera Date: Tue, 9 Jun 2020 14:44:54 +0200 Subject: [PATCH 21/84] [type/__dma] Use "smarthost" spelling to be consistent with DMA --- type/__dma/gencode-remote | 8 ++++---- type/__dma/man.rst | 14 ++++++-------- type/__dma/parameter/required | 2 +- 3 files changed, 11 insertions(+), 13 deletions(-) diff --git a/type/__dma/gencode-remote b/type/__dma/gencode-remote index 1b00f04..e2bb405 100755 --- a/type/__dma/gencode-remote +++ b/type/__dma/gencode-remote @@ -22,9 +22,9 @@ fi # Generate config conf_should=$( - if test -s "${__object}/parameter/smart-host" + if test -s "${__object}/parameter/smarthost" then - printf 'SMARTHOST %s\n' "$(cat "${__object}/parameter/smart-host")" + printf 'SMARTHOST %s\n' "$(cat "${__object}/parameter/smarthost")" fi printf 'MAILNAME %s\n' "${mailname}" @@ -85,8 +85,8 @@ conf_should=$( if test -f "${__object}/parameter/null-client" then - test -s "${__object}/parameter/smart-host" || { - echo '--null-client requires a --smart-host to be defined' >&2 + test -s "${__object}/parameter/smarthost" || { + echo '--null-client requires a --smarthost to be defined' >&2 exit 1 } diff --git a/type/__dma/man.rst b/type/__dma/man.rst index a8ba546..cbc1c0c 100644 --- a/type/__dma/man.rst +++ b/type/__dma/man.rst @@ -13,15 +13,15 @@ mails from locally installed Mail User Agents (MUA) and deliver the mails to a remote destination. Remote delivery happens over TLS to one or more mailboxes that are local to the -email server configured in the `smart-host` parameter. +mail server configured in the ``smarthost`` parameter. REQUIRED PARAMETERS ------------------- -smart-host - The email server used to send email. +smarthost + The mail server used to send email. It must be configured to act as a relay for the host being configured by - this type so that mail can be sent to users non-local to the smart-host. + this type so that mail can be sent to users non-local to the smarthost. BOOLEAN PARAMETERS @@ -33,7 +33,7 @@ full-bounce not just the headers. null-client Enable to bypass aliases and local delivery, and instead forward all mails - to the defined `--smart-host`. + to the defined ``--smarthost``. send-test-email If present, after setup this type will send an email to root, to allow you to easily test your setup. @@ -78,9 +78,7 @@ EXAMPLES .. code-block:: sh - __dma \ - --smart-host mx1.domain.tld \ - --send-test-email + __dma --smarthost mx1.domain.tld --send-test-email SEE ALSO diff --git a/type/__dma/parameter/required b/type/__dma/parameter/required index 262568f..0753fb6 100644 --- a/type/__dma/parameter/required +++ b/type/__dma/parameter/required @@ -1 +1 @@ -smart-host +smarthost From 45b10f3e098f3e06dccdc2483c36e56527e0b9a1 Mon Sep 17 00:00:00 2001 From: Dennis Camera Date: Tue, 9 Jun 2020 14:51:11 +0200 Subject: [PATCH 22/84] [type/__dma] Update parameters to match config names in DMA --- type/__dma/gencode-remote | 6 +++--- type/__dma/parameter/boolean | 6 +++--- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/type/__dma/gencode-remote b/type/__dma/gencode-remote index e2bb405..e4760d8 100755 --- a/type/__dma/gencode-remote +++ b/type/__dma/gencode-remote @@ -78,15 +78,15 @@ conf_should=$( echo 'DEFER' fi - if test -f "${__object}/parameter/full-bounce" + if test -f "${__object}/parameter/fullbounce" then echo 'FULLBOUNCE' fi - if test -f "${__object}/parameter/null-client" + if test -f "${__object}/parameter/nullclient" then test -s "${__object}/parameter/smarthost" || { - echo '--null-client requires a --smarthost to be defined' >&2 + echo '--nullclient requires a --smarthost to be defined' >&2 exit 1 } diff --git a/type/__dma/parameter/boolean b/type/__dma/parameter/boolean index ede7dda..523bb97 100644 --- a/type/__dma/parameter/boolean +++ b/type/__dma/parameter/boolean @@ -1,4 +1,4 @@ defer -full-bounce -null-client -send-test-email +fullbounce +nullclient +send-test-mail From 67b989a717d1c2c817b99220712bab7e78a679e3 Mon Sep 17 00:00:00 2001 From: Dennis Camera Date: Tue, 9 Jun 2020 20:53:01 +0200 Subject: [PATCH 23/84] [type/__dma_auth] Simplify code and add more comments --- type/__dma_auth/explorer/{authusers => state} | 51 ++++++++--- type/__dma_auth/gencode-remote | 84 ++++++++++++------- 2 files changed, 91 insertions(+), 44 deletions(-) rename type/__dma_auth/explorer/{authusers => state} (65%) diff --git a/type/__dma_auth/explorer/authusers b/type/__dma_auth/explorer/state similarity index 65% rename from type/__dma_auth/explorer/authusers rename to type/__dma_auth/explorer/state index c76667b..18e13ce 100755 --- a/type/__dma_auth/explorer/authusers +++ b/type/__dma_auth/explorer/state @@ -31,27 +31,54 @@ else fi awk -F'\n' -v server="${server}" ' +function getvalue(path) { + getline < path + close(path) + return $0 +} + BEGIN { DP = "[: \t]" # copied from dma/conf.c + + parameter_dir = ENVIRON["__object"] "/parameter/" + + host_param = getvalue(parameter_dir "server") + if (!host_param) host_param = ENVIRON["__object_id"] + login_param = getvalue(parameter_dir "login") + passwd_param = getvalue(parameter_dir "password") + + state = "absent" } -# skip comments and empty lines -/^#/ || /^$/ { next } +/^#/ || /^$/ { + # skip comments and empty lines + next +} { + # parse line + login = substr($0, 1, index($0, "|") - 1) + if (!login) { login = $0 } # if no "|" found + host = substr($0, length(login) + 2) + if (match(host, DP)) { + passwd = substr(host, RSTART) host = substr(host, 1, RSTART - 1) - endpos = length(login) + RSTART - } else endpos = length + } else { + passwd = "" + } } -host == server { print endpos, $0 } -' "${auth_conf}" \ -| while read -r pos line - do - printf '%s:%s\n' \ - "$(printf '%s' "$line" | cut -c $((-pos)))" \ - "$(printf '%s' "$line" | cut -c $((pos+2))- | cksum | cut -d' ' -f1)" - done +host == host_param && login == login_param { + if (passwd == passwd_param) + state = "present" + else + state = "different_password" +} + +END { + print state +} +' "${auth_conf}" diff --git a/type/__dma_auth/gencode-remote b/type/__dma_auth/gencode-remote index b6b7f63..262a17a 100755 --- a/type/__dma_auth/gencode-remote +++ b/type/__dma_auth/gencode-remote @@ -18,6 +18,7 @@ # along with cdist. If not, see . # +state_is=$(cat "${__object}/explorer/state") state_should=$(cat "${__object}/parameter/state") if test -f "${__object}/parameter/server" @@ -28,33 +29,27 @@ else fi login=$(cat "${__object}/parameter/login") +if test "${state_is}" = "${state_should}" +then + # state is as it should + exit 0 +fi + case $state_should in (present) - line_should=$(printf '%s|%s:%s\n' \ - "${login}" "${server}" \ - "$(cksum "${__object}/parameter/password" | cut -d' ' -f1)") - if grep -qxF "${line_should}" "${__object}/explorer/authusers" - then - # correct line already present -> nothing to do - exit 0 - fi - test -n "${login}" || { echo '--login must be non-empty' >&2; exit 1; } mode=1 - if test -s "${__object}/explorer/authusers" + if test "${state_is}" = 'absent' then - printf 'set authuser %s on %s\n' "${login}" "${server}" >>"${__messages_out}" - else printf 'add authuser %s on %s\n' "${login}" "${server}" >>"${__messages_out}" + else + printf 'set authuser %s on %s\n' "${login}" "${server}" >>"${__messages_out}" fi ;; (absent) - # no matching logins present -> nothing to do - test -s "${__object}/explorer/authusers" || exit 0 - mode=0 printf 'delete authuser %s on %s\n' "${login}" "${server}" >>"${__messages_out}" @@ -67,16 +62,14 @@ esac auth_conf=$(cat "${__object}/explorer/auth_conf") -if test -z "${auth_conf}" -then +test -n "${auth_conf}" || { echo 'Cannot determine path of dma auth.conf' >&2 exit 1 -fi +} + cat < drop all lines for this host + next + } + } } +# leave other lines alone { print } END { if (mode && !written) { - printf "%s|%s:%s\n", ENVIRON["login"], ENVIRON["server"], getpw() + # append line if no match to replace was found + print_should() } } ' <"${auth_conf}" >"${auth_conf}.tmp" \ From 96fcccf5294e1ed381096b731207674807ce6222 Mon Sep 17 00:00:00 2001 From: Dennis Camera Date: Tue, 9 Jun 2020 21:39:28 +0200 Subject: [PATCH 24/84] [type/__mail_alias] Improve documentation --- type/__mail_alias/explorer/aliases | 43 ++++++++++++------ type/__mail_alias/explorer/aliases_file | 2 +- type/__mail_alias/gencode-remote | 59 ++++++++++++++++--------- 3 files changed, 69 insertions(+), 35 deletions(-) diff --git a/type/__mail_alias/explorer/aliases b/type/__mail_alias/explorer/aliases index 66940d5..0a8da94 100755 --- a/type/__mail_alias/explorer/aliases +++ b/type/__mail_alias/explorer/aliases @@ -32,26 +32,41 @@ function print_aliases(aliases, matches) { } /^#/ { - # comment - select = 0; cont = 0; next -} - -{ - cont = ($0 ~ /\\$/) - if (cont) sub(/[ \t]*\\$/, "", $0) -} - -/^[[:blank:]]/ || cont { - # continuation line - if (select) print_aliases($0) + # comment line (ignore) + select = 0; cont = 0 # comments terminate alias lists and continuations next } -$1 == ENVIRON["__object_id"] { +/^[ \t]/ || cont { + # continuation line (either the previous line ended in a backslash or the + # line starts with whitespace) + + if (select) + print_aliases($0) +} + +{ + # detect if the line is a line to be continued (ends with a backslash) + cont = ($0 ~ /\\$/) + + # if it is, we drop the backslash from the line and skip to next line + # (the contents have been printed above if they should) + if (cont) { + sub(/[ \t]*\\$/, "", $0) + next + } +} + +$1 == ENVIRON["__object_id"] && !select { + # "target" user -> print alias list + # (only if !select; because of whitespacecontinuation lines) select = 1 print_aliases($2) next } -{ select = 0 } +{ + # other user + select = 0 +} ' "${aliases_file}" diff --git a/type/__mail_alias/explorer/aliases_file b/type/__mail_alias/explorer/aliases_file index f7c4596..2710792 100755 --- a/type/__mail_alias/explorer/aliases_file +++ b/type/__mail_alias/explorer/aliases_file @@ -17,7 +17,7 @@ # You should have received a copy of the GNU General Public License # along with cdist. If not, see . # -# This explorer tries to find the correct aliases file. +# This explorer finds the aliases file to modify. found() { echo "$*"; exit 0; } diff --git a/type/__mail_alias/gencode-remote b/type/__mail_alias/gencode-remote index 7778536..f4cbf46 100755 --- a/type/__mail_alias/gencode-remote +++ b/type/__mail_alias/gencode-remote @@ -29,7 +29,13 @@ in exit 0 fi - echo "set aliases" >>"$__messages_out" + if test -s "${__object}/explorer/aliases" + then + echo "update aliases" >>"$__messages_out" + else + echo "add aliases" >>"$__messages_out" + fi + mode=1 ;; (absent) @@ -37,6 +43,7 @@ in test -s "${__object}/explorer/aliases" || exit 0 echo "delete aliases" >>"$__messages_out" + mode=0 ;; (*) @@ -46,11 +53,10 @@ esac aliases_file=$(cat "${__object}/explorer/aliases_file") -if test -z "${aliases_file}" -then +test -n "${aliases_file}" || { echo 'Could not determine aliases file path.' >&2 exit 1 -fi +} # "export" variables to remote printf 'mode=%u\n' "${mode}" @@ -58,16 +64,18 @@ printf "aliases_file='%s'\n" "${aliases_file}" cat <<'EOF' test -f "${aliases_file}" || touch "${aliases_file}" -awk -F ':[ \t]*' -v mode="${mode}" ' -function sepafter(f, default, _) { + +awk -F ':[ \t]*' -v mode=$mode ' +function sepafter(f, default, _) { + # finds the separator between field $f and $(f+1) _ = substr($0, length($f) + 1, index(substr($0, length($f)+1), $(f+1)) - 1) - if (_) return _ - else return default + return _ ? _ : default } function write_aliases() { if (aliases_written) return + # print aliases line printf "%s%s", ENVIRON["__object_id"], sepafter(1, ": ") while ((getline < aliases_should_file) > 0) { if (aliases_written) printf ", " @@ -83,36 +91,45 @@ BEGIN { } /^#/ { - # comment - select = 0; cont = 0 + # comment line (leave alone) + select = 0; cont = 0 # comments terminate alias lists and continuations print next } -{ - cont = ($0 ~ /\\$/) - if (cont) sub(/[ \t]*\\$/, "", $0) -} - /^[ \t]/ || cont { - # continuation line + # continuation line (either the previous line ended in a backslash or the + # line starts with whitespace) + + # if in the alias list of the "target" user, we drop the line as it has been + # rewritten previously if (select) next } +{ + # detect if the line is a line to be continued (ends with a backslash) + cont = ($0 ~ /\\$/) + # if it is, we drop the backslash from the line. + if (cont) sub(/[ \t]*\\$/, "", $0) +} + $1 == ENVIRON["__object_id"] { - in_list = 1 + # "target" user -> rewrite aliases list + select = 1 if (mode) write_aliases() next } { - in_list = 0 + # other user + select = 0 print } END { - # if the last line as an alias definition, the separator will be reused - if (mode && !aliases_written) write_aliases() + # if the last line was an alias, the separator will be reused (looks better) + if (mode && !aliases_written) + write_aliases() } ' <"${aliases_file}" >"${aliases_file}.tmp" || { echo 'Generating new aliases file failed!' >&2 @@ -121,9 +138,11 @@ END { if ! cmp -s "${aliases_file}" "${aliases_file}.tmp" then + # aliases file was modified, replace and run `newaliases` mv "${aliases_file}.tmp" "${aliases_file}" newaliases else + # no modifications were made, delete the temp file. rm "${aliases_file}.tmp" fi EOF From ca9e011d50ff2296fa0e4db74d99ecadbcee680f Mon Sep 17 00:00:00 2001 From: Dennis Camera Date: Thu, 11 Jun 2020 15:09:51 +0200 Subject: [PATCH 25/84] [type/__dma_auth] Fix off-by-one error --- type/__dma_auth/explorer/state | 2 +- type/__dma_auth/gencode-remote | 7 +++++-- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/type/__dma_auth/explorer/state b/type/__dma_auth/explorer/state index 18e13ce..0e6f7be 100755 --- a/type/__dma_auth/explorer/state +++ b/type/__dma_auth/explorer/state @@ -64,7 +64,7 @@ BEGIN { host = substr($0, length(login) + 2) if (match(host, DP)) { - passwd = substr(host, RSTART) + passwd = substr(host, RSTART + 1) host = substr(host, 1, RSTART - 1) } else { passwd = "" diff --git a/type/__dma_auth/gencode-remote b/type/__dma_auth/gencode-remote index 262a17a..c49779f 100755 --- a/type/__dma_auth/gencode-remote +++ b/type/__dma_auth/gencode-remote @@ -99,7 +99,10 @@ BEGIN { } # skip comments and empty lines -/^#/ || /^$/ { print; next } +/^#/ || /^$/ { + print + next +} { # parse line @@ -110,7 +113,7 @@ BEGIN { host = substr($0, length(login) + 2) if (match(host, DP)) { - passwd = substr(host, RSTART) + passwd = substr(host, RSTART + 1) host = substr(host, 1, RSTART - 1) } else { passwd = "" From 5b8ae33b4e0bad18f8b76b3cb326884dc16b9550 Mon Sep 17 00:00:00 2001 From: Dennis Camera Date: Thu, 11 Jun 2020 15:21:35 +0200 Subject: [PATCH 26/84] [type/__dma_auth] Improve documentation and handle duplicate lines better The state explorer gained a new value "multiple" (it is not used anywhere, just informative). The code will only write a "should" line once and drop duplicate lines. --- type/__dma_auth/explorer/state | 22 ++++++++++++++++------ type/__dma_auth/gencode-remote | 10 +++++++--- 2 files changed, 23 insertions(+), 9 deletions(-) diff --git a/type/__dma_auth/explorer/state b/type/__dma_auth/explorer/state index 0e6f7be..668b50f 100755 --- a/type/__dma_auth/explorer/state +++ b/type/__dma_auth/explorer/state @@ -17,8 +17,13 @@ # You should have received a copy of the GNU General Public License # along with cdist. If not, see . # -# This explorer looks for lines matching the server parameter in dma's auth.conf -# and reports the login and server fields (password is cksummed) +# This explorer looks for a line matching the login and server parameters +# in dma's auth.conf and reports: +# present: a line matching login + host + password exists +# absent: no line matching login + host exists +# different_password: a line exists but with a different pasword +# multiple: multiple lines matching login + host exist +# (should never happen) auth_conf=$("${__type_explorer}/auth_conf") test -r "${auth_conf}" || exit 0 @@ -32,6 +37,7 @@ fi awk -F'\n' -v server="${server}" ' function getvalue(path) { + # Reads the first line of the file located at path and returns it. getline < path close(path) return $0 @@ -42,6 +48,7 @@ BEGIN { parameter_dir = ENVIRON["__object"] "/parameter/" + # Read the parameters of this object host_param = getvalue(parameter_dir "server") if (!host_param) host_param = ENVIRON["__object_id"] login_param = getvalue(parameter_dir "login") @@ -72,10 +79,13 @@ BEGIN { } host == host_param && login == login_param { - if (passwd == passwd_param) - state = "present" - else - state = "different_password" + # a match… + if (state == "absent") { + state = ((passwd == passwd_param) ? "present" : "different_password") + } else { + # report "multiple" to that the type can remove the duplicates. + state = "multiple" + } } END { diff --git a/type/__dma_auth/gencode-remote b/type/__dma_auth/gencode-remote index c49779f..46d9f31 100755 --- a/type/__dma_auth/gencode-remote +++ b/type/__dma_auth/gencode-remote @@ -78,6 +78,7 @@ test -f "${auth_conf}" || touch "${auth_conf}" awk -F '\n' -v mode=$mode ' function getvalue(path) { + # Reads the first line of the file located at path and returns it. getline < path close(path) return $0 @@ -124,11 +125,12 @@ host == host_param { if (mode) { # state_should == present if (login == login_param && !written) { - # replace line if host and login match + # replace line if host and login match (but only if no line has + # been written already -> no duplicates) print_should() written = 1 - next } + next } else { # state_should == absent if (!login_param || login == login_param) { @@ -139,7 +141,9 @@ host == host_param { } # leave other lines alone -{ print } +{ + print +} END { if (mode && !written) { From 193b1780dee58be94010e06bf3f3e296f7b4b283 Mon Sep 17 00:00:00 2001 From: Dennis Camera Date: Thu, 11 Jun 2020 15:38:34 +0200 Subject: [PATCH 27/84] Improve error message when invalid --state is used. --- type/__dma_auth/gencode-remote | 3 ++- type/__mail_alias/gencode-remote | 3 ++- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/type/__dma_auth/gencode-remote b/type/__dma_auth/gencode-remote index 46d9f31..c57e5cc 100755 --- a/type/__dma_auth/gencode-remote +++ b/type/__dma_auth/gencode-remote @@ -55,7 +55,8 @@ in printf 'delete authuser %s on %s\n' "${login}" "${server}" >>"${__messages_out}" ;; (*) - printf 'Invalid --state: %s' "${state_should}" >&2 + printf 'Invalid --state: %s.\n' "${state_should}" >&2 + printf 'Acceptable values are: present, absent.\n' >&2 exit 1 ;; esac diff --git a/type/__mail_alias/gencode-remote b/type/__mail_alias/gencode-remote index f4cbf46..22ae89b 100755 --- a/type/__mail_alias/gencode-remote +++ b/type/__mail_alias/gencode-remote @@ -47,7 +47,8 @@ in mode=0 ;; (*) - printf 'Invalid --state given: %s\n' "$state_should" >&2 + printf 'Invalid --state: %s.\n' "$state_should" >&2 + printf 'Acceptable values are: present, absent.\n' >&2 exit 1 esac From 551348509717b4b44394a59bd11034e6363d5fbd Mon Sep 17 00:00:00 2001 From: Dennis Camera Date: Thu, 11 Jun 2020 17:01:22 +0200 Subject: [PATCH 28/84] [type/__dma] Improve documentation --- type/__dma/explorer/conf | 8 +++- type/__dma/gencode-remote | 96 ++++++++++++++++++++++++++------------- type/__dma/man.rst | 7 ++- 3 files changed, 75 insertions(+), 36 deletions(-) diff --git a/type/__dma/explorer/conf b/type/__dma/explorer/conf index 129e3c3..b4d6d26 100755 --- a/type/__dma/explorer/conf +++ b/type/__dma/explorer/conf @@ -17,8 +17,12 @@ # You should have received a copy of the GNU General Public License # along with cdist. If not, see . # -# This explorer looks for lines matching the server parameter in dma's auth.conf -# and reports the login and server fields (password is cksummed) +# This explorer returns a sorted list of "active" (= non-commented) lines +# in the dma.conf file. +# "Trailing" line comments are stripped off. +# +# NOTE: This explorer assumes that the sort(1) utility supports the non-POXIX +# -s (stable sort) option. CONF_PATH=/etc/dma # set in Makefile dma_conf="${CONF_PATH:?}/dma.conf" diff --git a/type/__dma/gencode-remote b/type/__dma/gencode-remote index e4760d8..01537bf 100755 --- a/type/__dma/gencode-remote +++ b/type/__dma/gencode-remote @@ -20,7 +20,7 @@ else fi -# Generate config +# Generate "should" values for config conf_should=$( if test -s "${__object}/parameter/smarthost" then @@ -60,7 +60,7 @@ conf_should=$( if test -s "${__object}/parameter/port" then printf 'PORT %u\n' "$(cat "${__object}/parameter/port")" - elif test "${default_smtp_port}" -ne 25 + elif test "${default_smtp_port}" -ne 25 # DMA uses port 25 by default then printf 'PORT %u\n' "${default_smtp_port}" fi @@ -93,6 +93,7 @@ conf_should=$( echo 'NULLCLIENT' fi ) +# Sort conf_should to compare against "conf_is" conf_should=$(echo "$conf_should" | sort -s -k 1,1) config_updated=false @@ -100,24 +101,55 @@ if ! echo "$conf_should" | cmp -s "${__object}/explorer/conf" - then # config needs to be updated echo "dma_conf='${CONF_PATH:?}/dma.conf'" + + # The following AWK script will output the new config file to be stored on + # disk. To do so it reads the current dma.conf file and the config options + # that should be set (from stdin). + # Note that the path to the current dma.conf is passed to AWK twice, because + # the new file cannot be generated in one pass. + + # The logic tries to place options at a sensible location, that is: + # a) if the option is already used in the config file: + # group all similar options (e.g. MASQUERADE) at one place in the order + # they are listed in stdin. + # b) if it is a new option and a "default comment" (e.g. "#PORT 25") exists: + # place options grouped directly after the comment (the comment is left + # alone) + # c) otherwise: + # options are grouped by word (the first word in the line) and appended + # at the end of the file. + cat <<'EOF' awk -F '\n' ' -function comment_line(line) { return match(line, /^[ \t]*#+[ \t]*/) } -function empty_line(line) { return match(line, /^[ \t]*$/) } -function is_word(s) { return s ~ /^[A-Z_]+$/ } +function comment_line(line) { + # returns the position in line at which the comment's text starts + # (0 if the line is not a comment) + match(line, /^[ \t]*\#+[ \t]*/) + return RSTART ? (RLENGTH + 1) : 0 +} +function empty_line(line) { return line ~ /^[ \t]*$/ } +function is_word(s) { return s ~ /^[A-Z_]+$/ } # "looks like a plausible word" function first(line, sep) { + # returns the part of the line until sep is found + # (or the whole line if sep is not found) if (!sep) sep = SUBSEP return index(line, sep) ? substr(line, 1, index(line, sep) - 1) : line } function rest(line, sep) { + # returns the part of the line after the first occurrence of sep is found. + # (or nothing if sep is not found) if (!sep) sep = SUBSEP if (index(line, sep)) return substr(line, index(line, sep) + 1) } function conf_pop(word, value) { + # returns the next value for the config `word` and delete it from the list. + # if value is set, this function will only return value if it is the first + # option in the list, otherwise it returns 0. + if (!(word in conf)) return 0 if (!value) { if (index(conf[word], SUBSEP)) # more than one element? @@ -137,12 +169,14 @@ function conf_pop(word, value) { } function print_conf(word, value) { + # print a config line with the given parameters printf "%s", word if (value) printf " %s", value printf "\n" } function print_confs(word, value) { + # print config lines for all values stored in conf[word]. if (!(word in conf)) return if (conf[word]) { while (value = conf_pop(word)) @@ -154,6 +188,7 @@ function print_confs(word, value) { } BEGIN { + # read the "should" state into the `conf` array. while (getline < "/dev/stdin") { word = first($0, " ") if ((word in conf)) @@ -163,11 +198,12 @@ BEGIN { } } -# first pass, gather information +# first pass, gather information about where which information is stored in the +# current config file. This information will be used in the second pass. NR == FNR { if (comment_line($0)) { # comment line - word = first(substr($0, RLENGTH + 1), " ") + word = first(substr($0, comment_line($0) + 1), " ") if (is_word(word)) last_occ["#" word] = FNR } else { word = first($0, " ") @@ -175,19 +211,22 @@ NR == FNR { } } +# before second pass prepare hashes containing location information to be used +# in the second pass. NR > FNR && FNR == 1 { - # before second pass prepare hashes - + # First we drop the locations of commented-out options if a non-commented + # option is available. If a non-commented option is available, we will + # append new config options there to have them all at one place. for (k in last_occ) if (k ~ /^\#/ && (substr(k, 2) in last_occ)) delete last_occ[k] - for (k in last_occ) { - line_map[last_occ[k]] = k - } + # Reverse the option => line mapping. The line_map allows for easier lookups + # in the second pass. + for (k in last_occ) line_map[last_occ[k]] = k } -# second pass, output new config +# second pass, generate and output new config NR > FNR { if (comment_line($0) || empty_line($0)) { # comment or empty line @@ -195,21 +234,24 @@ NR > FNR { if ((FNR in line_map)) { if (line_map[FNR] ~ /^\#/) { - # the "matching" comment line is here + # This line contains a commented config option. If the conf hash + # contains options to be set, we output them here because this + # option is not used in the current config. k = substr(line_map[FNR], 2) if ((k in conf)) print_confs(k) } if (("INSECURE" in conf) && line_map[FNR] ~ /^\#?SECURE$/) { - # INSECURE goes where SECURE comment is + # INSECURE goes where SECURE comment is. print_confs("INSECURE") } } } else { - sub(/[ \t]*\#.*$/, "", $0) # ignore comments word = first($0, " ") + value = rest($0, " ") + sub(/[ \t]*\#.*$/, "", value) # ignore comments in value - if ((word in conf) && rest($0, " ") == first(conf[word])) { + if ((word in conf) && value == first(conf[word])) { # keep config options we want conf_pop(word) print @@ -223,12 +265,13 @@ NR > FNR { } END { - # print rest of config options + # print rest of config options ( for (word in conf) print_confs(word) } ' "${dma_conf}" "${dma_conf}" <<'EOF' >"${dma_conf}.tmp" \ && mv "${dma_conf}.tmp" "${dma_conf}" EOF + # Pass in "conf_should" via stdin echo "${conf_should}" echo 'EOF' @@ -239,20 +282,9 @@ fi if test -f "${__object}/parameter/send-test-email" then - modified=false - - if grep -q '^__mail_alias/root:' "${__messages_in}" - then - modified=true - elif grep -q '^__dma_auth/' "${__messages_in}" - then - modified=true - elif $config_updated - then - modified=true - fi - - if $modified + if grep -q '^__mail_alias/root:' "${__messages_in}" \ + || grep -q '^__dma_auth/' "${__messages_in}" \ + || $config_updated then cat <<-EOF sendmail root < Date: Thu, 11 Jun 2020 18:07:28 +0200 Subject: [PATCH 29/84] [type/__dma] Use EQS to split config lines --- type/__dma/gencode-remote | 31 +++++++++++++++++-------------- 1 file changed, 17 insertions(+), 14 deletions(-) diff --git a/type/__dma/gencode-remote b/type/__dma/gencode-remote index 01537bf..cb2cdbe 100755 --- a/type/__dma/gencode-remote +++ b/type/__dma/gencode-remote @@ -130,19 +130,20 @@ function comment_line(line) { function empty_line(line) { return line ~ /^[ \t]*$/ } function is_word(s) { return s ~ /^[A-Z_]+$/ } # "looks like a plausible word" -function first(line, sep) { +function first(line, sep_re) { # returns the part of the line until sep is found # (or the whole line if sep is not found) - if (!sep) sep = SUBSEP - return index(line, sep) ? substr(line, 1, index(line, sep) - 1) : line + if (!sep_re) sep_re = "[" SUBSEP "]" + match(line, sep_re) + return RSTART ? substr(line, 1, RSTART - 1) : line } -function rest(line, sep) { +function rest(line, sep_re) { # returns the part of the line after the first occurrence of sep is found. # (or nothing if sep is not found) - if (!sep) sep = SUBSEP - if (index(line, sep)) - return substr(line, index(line, sep) + 1) + if (!sep_re) sep_re = "[" SUBSEP "]" + if (match(line, sep_re)) + return substr(line, RSTART + RLENGTH + 1) } function conf_pop(word, value) { @@ -188,13 +189,15 @@ function print_confs(word, value) { } BEGIN { + EQS = /[ \t]/ # copied from dma/conf.c + # read the "should" state into the `conf` array. while (getline < "/dev/stdin") { - word = first($0, " ") + word = first($0, EQS) if ((word in conf)) - conf[word] = conf[word] SUBSEP rest($0, " ") + conf[word] = conf[word] SUBSEP rest($0, EQS) else - conf[word] = rest($0, " ") + conf[word] = rest($0, EQS) } } @@ -203,10 +206,10 @@ BEGIN { NR == FNR { if (comment_line($0)) { # comment line - word = first(substr($0, comment_line($0) + 1), " ") + word = first(substr($0, comment_line($0) + 1), /[ ]/) if (is_word(word)) last_occ["#" word] = FNR } else { - word = first($0, " ") + word = first($0, EQS) if (is_word(word)) last_occ[word] = FNR } } @@ -247,8 +250,8 @@ NR > FNR { } } } else { - word = first($0, " ") - value = rest($0, " ") + word = first($0, EQS) + value = rest($0, EQS) sub(/[ \t]*\#.*$/, "", value) # ignore comments in value if ((word in conf) && value == first(conf[word])) { From 27102340de8bfde2fa03ebf8dfca7157dbe8ea9f Mon Sep 17 00:00:00 2001 From: Dennis Camera Date: Thu, 11 Jun 2020 20:50:42 +0200 Subject: [PATCH 30/84] [type/__mail_alias] Add bug notice about commas --- type/__mail_alias/man.rst | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/type/__mail_alias/man.rst b/type/__mail_alias/man.rst index d6c7873..3782ffb 100644 --- a/type/__mail_alias/man.rst +++ b/type/__mail_alias/man.rst @@ -44,6 +44,15 @@ EXAMPLES # Disable redirection of mail for joe __mail_alias joe --state absent + +BUGS +---- +- Quoted strings are not parsed by this type. As a result, email addresses + containing ``,`` (commas) are treated incorrectly (they are treated as two + addresses/aliases.) + Make sure that email addresses do not contain commas. + + SEE ALSO -------- :strong:`aliases`\ (5) From c777a2b1c27ca81f5296c3b4395fa22db74478e1 Mon Sep 17 00:00:00 2001 From: Dennis Camera Date: Thu, 11 Jun 2020 21:58:47 +0200 Subject: [PATCH 31/84] [type/__mail_alias] Some fixes in continuation line processing --- type/__mail_alias/explorer/aliases | 25 ++++++++++++++----------- type/__mail_alias/gencode-remote | 25 +++++++++++++------------ 2 files changed, 27 insertions(+), 23 deletions(-) diff --git a/type/__mail_alias/explorer/aliases b/type/__mail_alias/explorer/aliases index 0a8da94..4fffd3b 100755 --- a/type/__mail_alias/explorer/aliases +++ b/type/__mail_alias/explorer/aliases @@ -17,13 +17,15 @@ # You should have received a copy of the GNU General Public License # along with cdist. If not, see . # -# Find aliases for a given name and print the aliases line separated +# Find aliases for a given user name and print the aliases (each one on a +# separate line) aliases_file=$("${__type_explorer}/aliases_file") test -r "${aliases_file}" || exit 0 awk -F ':[ \t]*' ' function print_aliases(aliases, matches) { + # prints comma-separated aliases (one per line) split(aliases, matches, /,[ \t]*/) for (i in matches) { gsub(/^[ \t]*|[ \t]*$/, "", matches[i]) @@ -37,15 +39,11 @@ function print_aliases(aliases, matches) { next } -/^[ \t]/ || cont { - # continuation line (either the previous line ended in a backslash or the - # line starts with whitespace) - - if (select) - print_aliases($0) -} - { + # is this line a continuation line? + # (the prev. line ended in a backslash or the line starts with whitespace) + is_cont = /^[ \t]/ || cont + # detect if the line is a line to be continued (ends with a backslash) cont = ($0 ~ /\\$/) @@ -57,9 +55,14 @@ function print_aliases(aliases, matches) { } } -$1 == ENVIRON["__object_id"] && !select { +is_cont { + # if in the alias list of the "target" user, we also print these aliases. + if (select) print_aliases($0) + next +} + +$1 == ENVIRON["__object_id"] { # "target" user -> print alias list - # (only if !select; because of whitespacecontinuation lines) select = 1 print_aliases($2) next diff --git a/type/__mail_alias/gencode-remote b/type/__mail_alias/gencode-remote index 22ae89b..cc5fc42 100755 --- a/type/__mail_alias/gencode-remote +++ b/type/__mail_alias/gencode-remote @@ -69,7 +69,7 @@ test -f "${aliases_file}" || touch "${aliases_file}" awk -F ':[ \t]*' -v mode=$mode ' function sepafter(f, default, _) { # finds the separator between field $f and $(f+1) - _ = substr($0, length($f) + 1, index(substr($0, length($f)+1), $(f+1)) - 1) + _ = substr($0, length($f)+1, index(substr($0, length($f)+1), $(f+1))-1) return _ ? _ : default } @@ -91,29 +91,30 @@ BEGIN { aliases_should_file = (ENVIRON["__object"] "/parameter/alias") } -/^#/ { +/^[ \t]*\#/ { # comment line (leave alone) select = 0; cont = 0 # comments terminate alias lists and continuations print next } -/^[ \t]/ || cont { - # continuation line (either the previous line ended in a backslash or the - # line starts with whitespace) - - # if in the alias list of the "target" user, we drop the line as it has been - # rewritten previously - if (select) next -} - { + # is this line a continuation line? + # (the prev. line ended in a backslash or the line starts with whitespace) + is_cont = /^[ \t]/ || cont + # detect if the line is a line to be continued (ends with a backslash) cont = ($0 ~ /\\$/) # if it is, we drop the backslash from the line. if (cont) sub(/[ \t]*\\$/, "", $0) } +is_cont { + # we ignore the line as it has been rewritten previously or is not + # interesting + next +} + $1 == ENVIRON["__object_id"] { # "target" user -> rewrite aliases list select = 1 @@ -139,7 +140,7 @@ END { if ! cmp -s "${aliases_file}" "${aliases_file}.tmp" then - # aliases file was modified, replace and run `newaliases` + # aliases file was modified, replace and run `newaliases`. mv "${aliases_file}.tmp" "${aliases_file}" newaliases else From 0f81b89f709e26a98a369d6e8b0797eb3ca85909 Mon Sep 17 00:00:00 2001 From: Dennis Camera Date: Mon, 22 Jun 2020 13:29:28 +0200 Subject: [PATCH 32/84] [type/__dma] Make --smarthost optional --- type/__dma/parameter/optional | 1 + type/__dma/parameter/required | 1 - 2 files changed, 1 insertion(+), 1 deletion(-) delete mode 100644 type/__dma/parameter/required diff --git a/type/__dma/parameter/optional b/type/__dma/parameter/optional index 3f6cb5d..615c189 100644 --- a/type/__dma/parameter/optional +++ b/type/__dma/parameter/optional @@ -1,3 +1,4 @@ mailname port security +smarthost diff --git a/type/__dma/parameter/required b/type/__dma/parameter/required deleted file mode 100644 index 0753fb6..0000000 --- a/type/__dma/parameter/required +++ /dev/null @@ -1 +0,0 @@ -smarthost From 27b832f2127fc0b475a6390cacb9219b9516328f Mon Sep 17 00:00:00 2001 From: Dennis Camera Date: Mon, 22 Jun 2020 14:02:13 +0200 Subject: [PATCH 33/84] [type/__dma] Add support for Alpine Linux requires the testing repository, currently. --- type/__dma/gencode-remote | 8 ++++---- type/__dma/manifest | 4 ++++ 2 files changed, 8 insertions(+), 4 deletions(-) diff --git a/type/__dma/gencode-remote b/type/__dma/gencode-remote index cb2cdbe..a6aca0d 100755 --- a/type/__dma/gencode-remote +++ b/type/__dma/gencode-remote @@ -122,7 +122,7 @@ then cat <<'EOF' awk -F '\n' ' function comment_line(line) { - # returns the position in line at which the comment's text starts + # returns the position in line at which the comment'\''s text starts # (0 if the line is not a comment) match(line, /^[ \t]*\#+[ \t]*/) return RSTART ? (RLENGTH + 1) : 0 @@ -143,7 +143,7 @@ function rest(line, sep_re) { # (or nothing if sep is not found) if (!sep_re) sep_re = "[" SUBSEP "]" if (match(line, sep_re)) - return substr(line, RSTART + RLENGTH + 1) + return substr(line, RSTART + RLENGTH) } function conf_pop(word, value) { @@ -189,7 +189,7 @@ function print_confs(word, value) { } BEGIN { - EQS = /[ \t]/ # copied from dma/conf.c + EQS = "[ \t]" # copied from dma/conf.c # read the "should" state into the `conf` array. while (getline < "/dev/stdin") { @@ -206,7 +206,7 @@ BEGIN { NR == FNR { if (comment_line($0)) { # comment line - word = first(substr($0, comment_line($0) + 1), /[ ]/) + word = first(substr($0, comment_line($0)), " ") if (is_word(word)) last_occ["#" word] = FNR } else { word = first($0, EQS) diff --git a/type/__dma/manifest b/type/__dma/manifest index 7abd7c8..75e42d7 100755 --- a/type/__dma/manifest +++ b/type/__dma/manifest @@ -5,6 +5,10 @@ os=$(cat "${__global}/explorer/os") # Install DMA case $os in + (alpine) + __package dma --state present + export require='__package/dma' + ;; (debian|devuan|ubuntu) __package dma --state present export require='__package/dma' From aa605cada45d5a91da5c4153fa822d95a8214d80 Mon Sep 17 00:00:00 2001 From: Dennis Camera Date: Mon, 22 Jun 2020 14:02:42 +0200 Subject: [PATCH 34/84] [type/__mail_aliases] Add support for Alpine Linux Alpine's DMA package has a typo and installs "newailases" instead of "newaliases". I adjusted the code-remote to only run newaliases if it is available. Otherwise, tough luck, user gotta either fix his system or run manually. --- type/__mail_alias/explorer/aliases_file | 4 ++-- type/__mail_alias/gencode-remote | 4 +++- 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/type/__mail_alias/explorer/aliases_file b/type/__mail_alias/explorer/aliases_file index 2710792..90bccde 100755 --- a/type/__mail_alias/explorer/aliases_file +++ b/type/__mail_alias/explorer/aliases_file @@ -28,7 +28,7 @@ check_file() { fi } -case $("$__explorer/os") +case $("${__explorer}/os") in (freebsd|openbsd|solaris) check_file /etc/mail/aliases @@ -36,7 +36,7 @@ in # default found /etc/mail/aliases ;; - (debian|devuan|ubuntu) + (alpine|debian|devuan|ubuntu) check_file /etc/aliases # default diff --git a/type/__mail_alias/gencode-remote b/type/__mail_alias/gencode-remote index cc5fc42..3eaad75 100755 --- a/type/__mail_alias/gencode-remote +++ b/type/__mail_alias/gencode-remote @@ -142,7 +142,9 @@ if ! cmp -s "${aliases_file}" "${aliases_file}.tmp" then # aliases file was modified, replace and run `newaliases`. mv "${aliases_file}.tmp" "${aliases_file}" - newaliases + + # run newaliases if present + command -v newaliases >/dev/null 2>&1 && newaliases || true else # no modifications were made, delete the temp file. rm "${aliases_file}.tmp" From f6a36a60c0f92ae212c2e1274cba64ffdc0c856c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Timoth=C3=A9e=20Floure?= Date: Thu, 25 Jun 2020 11:15:23 +0200 Subject: [PATCH 35/84] Import __matrix_riot from ungleich's dot-cdist --- type/__matrix_riot/files/config.json.sh | 90 +++++++++++++++ type/__matrix_riot/gencode-remote | 73 +++++++++++++ type/__matrix_riot/man.rst | 87 +++++++++++++++ type/__matrix_riot/manifest | 103 ++++++++++++++++++ type/__matrix_riot/parameter/boolean | 1 + type/__matrix_riot/parameter/default/brand | 1 + .../parameter/default/cookie_policy_url | 1 + .../parameter/default/default_country_code | 1 + .../parameter/default/default_server_name | 1 + .../parameter/default/default_server_url | 1 + type/__matrix_riot/parameter/default/owner | 1 + .../parameter/default/privacy_policy_url | 1 + .../parameter/default/room_directory_servers | 1 + type/__matrix_riot/parameter/optional | 13 +++ .../__matrix_riot/parameter/optional_multiple | 1 + type/__matrix_riot/parameter/required | 2 + 16 files changed, 378 insertions(+) create mode 100755 type/__matrix_riot/files/config.json.sh create mode 100755 type/__matrix_riot/gencode-remote create mode 100644 type/__matrix_riot/man.rst create mode 100755 type/__matrix_riot/manifest create mode 100644 type/__matrix_riot/parameter/boolean create mode 100644 type/__matrix_riot/parameter/default/brand create mode 100644 type/__matrix_riot/parameter/default/cookie_policy_url create mode 100644 type/__matrix_riot/parameter/default/default_country_code create mode 100644 type/__matrix_riot/parameter/default/default_server_name create mode 100644 type/__matrix_riot/parameter/default/default_server_url create mode 100644 type/__matrix_riot/parameter/default/owner create mode 100644 type/__matrix_riot/parameter/default/privacy_policy_url create mode 100644 type/__matrix_riot/parameter/default/room_directory_servers create mode 100644 type/__matrix_riot/parameter/optional create mode 100644 type/__matrix_riot/parameter/optional_multiple create mode 100644 type/__matrix_riot/parameter/required diff --git a/type/__matrix_riot/files/config.json.sh b/type/__matrix_riot/files/config.json.sh new file mode 100755 index 0000000..e7fca72 --- /dev/null +++ b/type/__matrix_riot/files/config.json.sh @@ -0,0 +1,90 @@ +#!/bin/sh +# +# Upstream configuration guide/documentation: +# https://github.com/vector-im/riot-web/blob/develop/docs/config.md + +generate_embedded_pages () { + if [ $EMBED_HOMEPAGE ]; then + cat << EOF + "embeddedPages": { + "homeUrl": "home.html" + }, +EOF + fi +} + +generate_jitsi_config () { + if [ "$JITSI_DOMAIN" != "" ]; then + cat << EOF + "jitsi": { + "preferredDomain": "$JITSI_DOMAIN" + }, +EOF + fi +} + +generate_branding () { + echo '"branding": {' + + if [ "$BRANDING_AUTH_HEADER_LOGO_URL" != "" ]; then + cat << EOF + "authHeaderLogoUrl": "$BRANDING_AUTH_HEADER_LOGO_URL", +EOF + fi + + if [ "$BRANDING_AUTH_FOOTER_LINKS" != "" ]; then + cat << EOF + "authFooterLinks": "$BRANDING_AUTH_FOOTER_LINKS", +EOF + fi + + cat << EOF + "welcomeBackgroundUrl": "themes/riot/img/backgrounds/valley.jpg" +EOF + echo '},' +} + +cat << EOF +{ + "default_server_config": { + "m.homeserver": { + "base_url": "$DEFAULT_SERVER_URL", + "server_name": "$DEFAULT_SERVER_NAME" + }, + "m.identity_server": { + "base_url": "https://vector.im" + } + }, + "brand": "$BRAND", + $(generate_branding) + "defaultCountryCode": "$DEFAULT_COUNTRY_CODE", + "integrations_ui_url": "https://scalar.vector.im/", + "integrations_rest_url": "https://scalar.vector.im/api", + "integrations_widgets_urls": [ + "https://scalar.vector.im/_matrix/integrations/v1", + "https://scalar.vector.im/api", + "https://scalar-staging.vector.im/_matrix/integrations/v1", + "https://scalar-staging.vector.im/api", + "https://scalar-staging.riot.im/scalar/api" + ], + "bug_report_endpoint_url": "https://riot.im/bugreports/submit", + "roomDirectory": { + "servers": [ + $ROOM_DIRECTORY_SERVERS + ] + }, + "disable_custom_urls": "$DISABLE_CUSTOM_URLS", + $(generate_embedded_pages) + $(generate_jitsi_config) + "terms_and_conditions_links": [ + { + "url": "$PRIVACY_POLICY_URL", + "text": "Privacy Policy" + }, + { + "url": "$COOKIE_POLICY_URL", + "text": "Cookie Policy" + } + ] +} +EOF diff --git a/type/__matrix_riot/gencode-remote b/type/__matrix_riot/gencode-remote new file mode 100755 index 0000000..97c4777 --- /dev/null +++ b/type/__matrix_riot/gencode-remote @@ -0,0 +1,73 @@ +#!/bin/sh -e +# +# 2019 Timothée Floure (timothee.floure@ungleich.ch) +# +# This file is part of cdist. +# +# cdist is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# cdist is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with cdist. If not, see . +# + +VERSION=$(cat "$__object/parameter/version") +INSTALL_DIR=$(cat "$__object/parameter/install_dir") +OWNER=$(cat "$__object/parameter/owner") + +src="riot-v$VERSION" +archive="$src.tar.gz" +config='config.json' +homepage='home.html' +welcomepage='welcome.html' +welcomelogo='welcome-logo.svg' +url="https://github.com/vector-im/riot-web/releases/download/v$VERSION/$archive" + +# tar and curl are installed by the __matrix-riot manifest. mktemp is usually +# provided by coreutils and assumed installed. +cat << EOF +set -e + +# Ensure that coreutils is installed. +if [ ! -x \$(which mktemp) ]; then + echo "mktemp is not available on the remote host." >&2 + exit 1 +fi + +# Create temporary working directory. +tmpdir=\$(mktemp -d) +custom_files_dir="\$tmpdir/custom_files" +cd \$tmpdir + +# Download and extract sources. +curl -L '$url' > $archive +tar xf $archive + +# Backup files deployed by __matrix_riot. +mkdir -p \$custom_files_dir +for file in $INSTALL_DIR/cdist/*; do + cp "\$file" "\$custom_files_dir" +done + +# Deploy sources and restore configuration. +rm -r '$INSTALL_DIR' +mv '$src' '$INSTALL_DIR' + +for file in \$custom_files_dir/*; do + cp "\$file" '$INSTALL_DIR' +done + +# Chown deployed files to requested owner. +chown -R '$OWNER' '$INSTALL_DIR' + +# Remove temporary working directory. +cd / +rm -r \$tmpdir +EOF diff --git a/type/__matrix_riot/man.rst b/type/__matrix_riot/man.rst new file mode 100644 index 0000000..2fe8eae --- /dev/null +++ b/type/__matrix_riot/man.rst @@ -0,0 +1,87 @@ +cdist-type__matrix_riot(7) +====================== + +NAME +---- +cdist-type__matrix_riot - Install and configure Riot, a web Matrix client. + + +DESCRIPTION +----------- +This type install and configure the Riot web client. + + +REQUIRED PARAMETERS +------------------- +install_dir + Root directory of Riot's static files. + +version + Release of Riot to install. + +OPTIONAL PARAMETERS +------------------- +default_server_name + Name of matrix homeserver to connect to, defaults to 'matrix.org'. + +default_server_url + URL of matrix homeserver to connect to, defaults to 'https://matrix-client.matrix.org'. + +owner + Owner of the deployed files, passed to `chown`. Defaults to 'root'. + +brand + Web UI branding, defaults to 'Riot'. + +default_country_code + ISO 3166 alpha2 country code to use when showing country selectors, such as + phone number inputs. Defaults to GB. + +privacy_policy_url + Defaults to 'https://riot.im/privacy'. + +cookie_policy_url + Defaults to 'https://matrix.org/docs/guides/riot_im_cookie_policy'. + +jitsi_domain + Domain name of preferred Jitsi instance (default is jitsi.riot.im). This is + used whenever a user clicks on the voice/video call buttons. + +homepage + Path to custom homepage, displayed once logged in. + +welcomepage + Path to custom welcome (= login) page. + +custom_asset + Serve a file a the top-level directory (e.g. /my-custom-logo.svg). Can be specified multiple times. + +BOOLEAN PARAMETERS +------------------- +disable_custom_urls + Disallow the user to change the default homeserver when signing up or logging in. + +EXAMPLES +-------- + +.. code-block:: sh + + __matrix_riot my-riot --install_dir /var/www/riot-web --version 1.5.6 + + +SEE ALSO +-------- +- `cdist-type__matrix_synapse(7) `_ + + +AUTHORS +------- +Timothée Floure + + +COPYING +------- +Copyright \(C) 2019 Timothée Floure. You can redistribute it +and/or modify it under the terms of the GNU General Public License as +published by the Free Software Foundation, either version 3 of the +License, or (at your option) any later version. diff --git a/type/__matrix_riot/manifest b/type/__matrix_riot/manifest new file mode 100755 index 0000000..a843f4b --- /dev/null +++ b/type/__matrix_riot/manifest @@ -0,0 +1,103 @@ +#!/bin/sh -e +# +# 2019 Timothée Floure (timothee.floure@ungleich.ch) +# +# This file is part of cdist. +# +# cdist is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# cdist is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with cdist. If not, see . +# + +INSTALL_DIR=$(cat "$__object/parameter/install_dir") + +export DEFAULT_SERVER_NAME=$(cat "$__object/parameter/default_server_name") +export DEFAULT_SERVER_URL=$(cat "$__object/parameter/default_server_url") +export BRAND=$(cat "$__object/parameter/brand") +export DEFAULT_COUNTRY_CODE=$(cat "$__object/parameter/default_country_code") +export ROOM_DIRECTORY_SERVERS=$(cat "$__object/parameter/room_directory_servers") +export PRIVACY_POLICY_URL=$(cat "$__object/parameter/privacy_policy_url") +export COOKIE_POLICY_URL=$(cat "$__object/parameter/cookie_policy_url") + +if [ -f "$__object/parameter/jitsi_domain" ]; then + export JITSI_DOMAIN=$(cat "$__object/parameter/jitsi_domain") +fi + +if [ -f "$__object/parameter/branding_auth_header_logo_url" ]; then + export BRANDING_AUTH_HEADER_LOGO_URL=$(cat "$__object/parameter/branding_auth_header_logo_url") +fi + +if [ -f "$__object/parameter/branding_auth_footer_links" ]; then + export BRANDING_AUTH_FOOTER_LINKS=$(cat "$__object/parameter/branding_auth_footer_links") +fi + +if [ -f "$__object/parameter/homepage" ]; then + export EMBED_HOMEPAGE=1 + homepage=$(cat "$__object/parameter/homepage") +fi + +if [ -f "$__object/parameter/welcomepage" ]; then + export EMBED_WELCOMEPAGE=1 + welcomepage=$(cat "$__object/parameter/welcomepage") +fi + +if [ -f "$__object/parameter/custom_asset" ]; then + for file in $(cat "$__object/parameter/custom_asset"); do + require="__directory/$INSTALL_DIR/cdist" __file "$INSTALL_DIR/cdist/$(basename $file)" \ + --source "$file" \ + --mode 0664 \ + --state present + done +fi + +if [ -f "$__object/parameter/disable_custom_urls" ]; then + export DISABLE_CUSTOM_URLS='true' +else + export DISABLE_CUSTOM_URLS='false' +fi + +# Owner of the uploaded files. +owner=$(cat "$__object/parameter/owner") + +# Ensure that curl and tar are installed, as they will be required by the +# gencode-remote script. +__package curl --state present +__package tar --state present + +# Generate and deploy configuration file. +mkdir -p "$__object/files" +"$__type/files/config.json.sh" > "$__object/files/config.json" + +# Install the config.json configuration file. The application's sources are +# downloaded and deployed by gencode-remote. +__directory "$INSTALL_DIR/cdist" \ + --owner "$owner" --mode 0755 --parents \ + --state present + +require="__directory/$INSTALL_DIR/cdist" __file "$INSTALL_DIR/cdist/config.json" \ + --source "$__object/files/config.json" \ + --mode 0664 \ + --state present + +if [ $EMBED_HOMEPAGE ]; then + require="__directory/$INSTALL_DIR/cdist" __file "$INSTALL_DIR/cdist/home.html" \ + --source "$homepage" \ + --mode 0664 \ + --state present +fi + +if [ $EMBED_WELCOMEPAGE ]; then + require="__directory/$INSTALL_DIR/cdist" __file "$INSTALL_DIR/cdist/welcome.html" \ + --source "$welcomepage" \ + --mode 0664 \ + --state present +fi diff --git a/type/__matrix_riot/parameter/boolean b/type/__matrix_riot/parameter/boolean new file mode 100644 index 0000000..4d77768 --- /dev/null +++ b/type/__matrix_riot/parameter/boolean @@ -0,0 +1 @@ +disable_custom_urls diff --git a/type/__matrix_riot/parameter/default/brand b/type/__matrix_riot/parameter/default/brand new file mode 100644 index 0000000..e8095bb --- /dev/null +++ b/type/__matrix_riot/parameter/default/brand @@ -0,0 +1 @@ +Riot diff --git a/type/__matrix_riot/parameter/default/cookie_policy_url b/type/__matrix_riot/parameter/default/cookie_policy_url new file mode 100644 index 0000000..04e9c2b --- /dev/null +++ b/type/__matrix_riot/parameter/default/cookie_policy_url @@ -0,0 +1 @@ +https://matrix.org/docs/guides/riot_im_cookie_policy diff --git a/type/__matrix_riot/parameter/default/default_country_code b/type/__matrix_riot/parameter/default/default_country_code new file mode 100644 index 0000000..30ac4a3 --- /dev/null +++ b/type/__matrix_riot/parameter/default/default_country_code @@ -0,0 +1 @@ +GB diff --git a/type/__matrix_riot/parameter/default/default_server_name b/type/__matrix_riot/parameter/default/default_server_name new file mode 100644 index 0000000..5528ffd --- /dev/null +++ b/type/__matrix_riot/parameter/default/default_server_name @@ -0,0 +1 @@ +matrix.org diff --git a/type/__matrix_riot/parameter/default/default_server_url b/type/__matrix_riot/parameter/default/default_server_url new file mode 100644 index 0000000..2cb9227 --- /dev/null +++ b/type/__matrix_riot/parameter/default/default_server_url @@ -0,0 +1 @@ +https://matrix-client.matrix.org diff --git a/type/__matrix_riot/parameter/default/owner b/type/__matrix_riot/parameter/default/owner new file mode 100644 index 0000000..d8649da --- /dev/null +++ b/type/__matrix_riot/parameter/default/owner @@ -0,0 +1 @@ +root diff --git a/type/__matrix_riot/parameter/default/privacy_policy_url b/type/__matrix_riot/parameter/default/privacy_policy_url new file mode 100644 index 0000000..4cdd12c --- /dev/null +++ b/type/__matrix_riot/parameter/default/privacy_policy_url @@ -0,0 +1 @@ +https://riot.im/privacy diff --git a/type/__matrix_riot/parameter/default/room_directory_servers b/type/__matrix_riot/parameter/default/room_directory_servers new file mode 100644 index 0000000..4ea73ad --- /dev/null +++ b/type/__matrix_riot/parameter/default/room_directory_servers @@ -0,0 +1 @@ +"matrix.org" diff --git a/type/__matrix_riot/parameter/optional b/type/__matrix_riot/parameter/optional new file mode 100644 index 0000000..21a2faf --- /dev/null +++ b/type/__matrix_riot/parameter/optional @@ -0,0 +1,13 @@ +default_server_url +default_server_name +brand +default_country_code +privacy_policy_url +cookie_policy_url +room_directory_servers +owner +homepage +welcomepage +jitsi_domain +branding_auth_header_logo_url +branding_auth_footer_links diff --git a/type/__matrix_riot/parameter/optional_multiple b/type/__matrix_riot/parameter/optional_multiple new file mode 100644 index 0000000..4c2ca54 --- /dev/null +++ b/type/__matrix_riot/parameter/optional_multiple @@ -0,0 +1 @@ +custom_asset diff --git a/type/__matrix_riot/parameter/required b/type/__matrix_riot/parameter/required new file mode 100644 index 0000000..a76477e --- /dev/null +++ b/type/__matrix_riot/parameter/required @@ -0,0 +1,2 @@ +version +install_dir From 43c59985d0aba80ae6b41a56143e3247423c23a5 Mon Sep 17 00:00:00 2001 From: Dennis Camera Date: Thu, 25 Jun 2020 18:07:51 +0200 Subject: [PATCH 36/84] [type/__mail_alias] Fallback to /etc/aliases instead of /etc/mail/aliases --- type/__mail_alias/explorer/aliases_file | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/type/__mail_alias/explorer/aliases_file b/type/__mail_alias/explorer/aliases_file index 90bccde..a59bb99 100755 --- a/type/__mail_alias/explorer/aliases_file +++ b/type/__mail_alias/explorer/aliases_file @@ -47,6 +47,6 @@ in check_file /etc/aliases # default - found /etc/mail/aliases + found /etc/aliases ;; esac From 331461219387b733d7978171aa0947954ecedbe1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Timoth=C3=A9e=20Floure?= Date: Sat, 11 Jul 2020 09:21:37 +0200 Subject: [PATCH 37/84] __matrix_riot: improve friendship with shellcheck --- type/__matrix_riot/files/config.json.sh | 2 +- type/__matrix_riot/gencode-remote | 4 ---- type/__matrix_riot/manifest | 9 ++++++--- 3 files changed, 7 insertions(+), 8 deletions(-) diff --git a/type/__matrix_riot/files/config.json.sh b/type/__matrix_riot/files/config.json.sh index e7fca72..6cd1648 100755 --- a/type/__matrix_riot/files/config.json.sh +++ b/type/__matrix_riot/files/config.json.sh @@ -4,7 +4,7 @@ # https://github.com/vector-im/riot-web/blob/develop/docs/config.md generate_embedded_pages () { - if [ $EMBED_HOMEPAGE ]; then + if [ "$EMBED_HOMEPAGE" != "" ]; then cat << EOF "embeddedPages": { "homeUrl": "home.html" diff --git a/type/__matrix_riot/gencode-remote b/type/__matrix_riot/gencode-remote index 97c4777..dbc886c 100755 --- a/type/__matrix_riot/gencode-remote +++ b/type/__matrix_riot/gencode-remote @@ -24,10 +24,6 @@ OWNER=$(cat "$__object/parameter/owner") src="riot-v$VERSION" archive="$src.tar.gz" -config='config.json' -homepage='home.html' -welcomepage='welcome.html' -welcomelogo='welcome-logo.svg' url="https://github.com/vector-im/riot-web/releases/download/v$VERSION/$archive" # tar and curl are installed by the __matrix-riot manifest. mktemp is usually diff --git a/type/__matrix_riot/manifest b/type/__matrix_riot/manifest index a843f4b..544bd96 100755 --- a/type/__matrix_riot/manifest +++ b/type/__matrix_riot/manifest @@ -16,7 +16,10 @@ # # You should have received a copy of the GNU General Public License # along with cdist. If not, see . -# + +# Ignore "Declare and assign separately to avoid masking return values. [SC2155]" +# => not relevant for the type arguments. +# shellcheck disable=SC2155 INSTALL_DIR=$(cat "$__object/parameter/install_dir") @@ -51,8 +54,8 @@ if [ -f "$__object/parameter/welcomepage" ]; then fi if [ -f "$__object/parameter/custom_asset" ]; then - for file in $(cat "$__object/parameter/custom_asset"); do - require="__directory/$INSTALL_DIR/cdist" __file "$INSTALL_DIR/cdist/$(basename $file)" \ + "$__object/parameter/custom_asset" | while IFS= read -r file; do + require="__directory/$INSTALL_DIR/cdist" __file "$INSTALL_DIR/cdist/$(basename "$file")" \ --source "$file" \ --mode 0664 \ --state present From e2f01bbb3b3c297cd17400437eb8bd13f4697a14 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Timoth=C3=A9e=20Floure?= Date: Wed, 22 Jul 2020 17:14:06 +0200 Subject: [PATCH 38/84] __matrix_riot: rename to __matrix_element --- .../files/config.json.sh | 2 +- .../gencode-remote | 2 +- .../man.rst | 20 +++++++++---------- .../manifest | 0 .../parameter/boolean | 0 type/__matrix_element/parameter/default/brand | 1 + .../parameter/default/cookie_policy_url | 0 .../parameter/default/default_country_code | 0 .../parameter/default/default_server_name | 0 .../parameter/default/default_server_url | 0 .../parameter/default/owner | 0 .../parameter/default/privacy_policy_url | 1 + .../parameter/default/room_directory_servers | 0 .../parameter/optional | 0 .../parameter/optional_multiple | 0 .../parameter/required | 0 type/__matrix_riot/parameter/default/brand | 1 - .../parameter/default/privacy_policy_url | 1 - 18 files changed, 14 insertions(+), 14 deletions(-) rename type/{__matrix_riot => __matrix_element}/files/config.json.sh (96%) rename type/{__matrix_riot => __matrix_element}/gencode-remote (97%) rename type/{__matrix_riot => __matrix_element}/man.rst (73%) rename type/{__matrix_riot => __matrix_element}/manifest (100%) rename type/{__matrix_riot => __matrix_element}/parameter/boolean (100%) create mode 100644 type/__matrix_element/parameter/default/brand rename type/{__matrix_riot => __matrix_element}/parameter/default/cookie_policy_url (100%) rename type/{__matrix_riot => __matrix_element}/parameter/default/default_country_code (100%) rename type/{__matrix_riot => __matrix_element}/parameter/default/default_server_name (100%) rename type/{__matrix_riot => __matrix_element}/parameter/default/default_server_url (100%) rename type/{__matrix_riot => __matrix_element}/parameter/default/owner (100%) create mode 100644 type/__matrix_element/parameter/default/privacy_policy_url rename type/{__matrix_riot => __matrix_element}/parameter/default/room_directory_servers (100%) rename type/{__matrix_riot => __matrix_element}/parameter/optional (100%) rename type/{__matrix_riot => __matrix_element}/parameter/optional_multiple (100%) rename type/{__matrix_riot => __matrix_element}/parameter/required (100%) delete mode 100644 type/__matrix_riot/parameter/default/brand delete mode 100644 type/__matrix_riot/parameter/default/privacy_policy_url diff --git a/type/__matrix_riot/files/config.json.sh b/type/__matrix_element/files/config.json.sh similarity index 96% rename from type/__matrix_riot/files/config.json.sh rename to type/__matrix_element/files/config.json.sh index 6cd1648..9791f38 100755 --- a/type/__matrix_riot/files/config.json.sh +++ b/type/__matrix_element/files/config.json.sh @@ -39,7 +39,7 @@ EOF fi cat << EOF - "welcomeBackgroundUrl": "themes/riot/img/backgrounds/valley.jpg" + "welcomeBackgroundUrl": "themes/element/img/backgrounds/lake.jpg" EOF echo '},' } diff --git a/type/__matrix_riot/gencode-remote b/type/__matrix_element/gencode-remote similarity index 97% rename from type/__matrix_riot/gencode-remote rename to type/__matrix_element/gencode-remote index dbc886c..e643976 100755 --- a/type/__matrix_riot/gencode-remote +++ b/type/__matrix_element/gencode-remote @@ -46,7 +46,7 @@ cd \$tmpdir curl -L '$url' > $archive tar xf $archive -# Backup files deployed by __matrix_riot. +# Backup files deployed by __matrix_element. mkdir -p \$custom_files_dir for file in $INSTALL_DIR/cdist/*; do cp "\$file" "\$custom_files_dir" diff --git a/type/__matrix_riot/man.rst b/type/__matrix_element/man.rst similarity index 73% rename from type/__matrix_riot/man.rst rename to type/__matrix_element/man.rst index 2fe8eae..c3e0d5a 100644 --- a/type/__matrix_riot/man.rst +++ b/type/__matrix_element/man.rst @@ -1,23 +1,23 @@ -cdist-type__matrix_riot(7) +cdist-type__matrix_element(7) ====================== NAME ---- -cdist-type__matrix_riot - Install and configure Riot, a web Matrix client. +cdist-type__matrix_element - Install and configure Element, a web Matrix client. DESCRIPTION ----------- -This type install and configure the Riot web client. +This type install and configure the Element web client. REQUIRED PARAMETERS ------------------- install_dir - Root directory of Riot's static files. + Root directory of Element's static files. version - Release of Riot to install. + Release of Element to install. OPTIONAL PARAMETERS ------------------- @@ -31,20 +31,20 @@ owner Owner of the deployed files, passed to `chown`. Defaults to 'root'. brand - Web UI branding, defaults to 'Riot'. + Web UI branding, defaults to 'Element'. default_country_code ISO 3166 alpha2 country code to use when showing country selectors, such as phone number inputs. Defaults to GB. privacy_policy_url - Defaults to 'https://riot.im/privacy'. + Defaults to 'https://element.io/privacy'. cookie_policy_url - Defaults to 'https://matrix.org/docs/guides/riot_im_cookie_policy'. + Defaults to 'https://matrix.org/docs/guides/element_im_cookie_policy'. jitsi_domain - Domain name of preferred Jitsi instance (default is jitsi.riot.im). This is + Domain name of preferred Jitsi instance (default is jitsi.element.im). This is used whenever a user clicks on the voice/video call buttons. homepage @@ -66,7 +66,7 @@ EXAMPLES .. code-block:: sh - __matrix_riot my-riot --install_dir /var/www/riot-web --version 1.5.6 + __matrix_element my-element --install_dir /var/www/element-web --version 1.5.6 SEE ALSO diff --git a/type/__matrix_riot/manifest b/type/__matrix_element/manifest similarity index 100% rename from type/__matrix_riot/manifest rename to type/__matrix_element/manifest diff --git a/type/__matrix_riot/parameter/boolean b/type/__matrix_element/parameter/boolean similarity index 100% rename from type/__matrix_riot/parameter/boolean rename to type/__matrix_element/parameter/boolean diff --git a/type/__matrix_element/parameter/default/brand b/type/__matrix_element/parameter/default/brand new file mode 100644 index 0000000..907f907 --- /dev/null +++ b/type/__matrix_element/parameter/default/brand @@ -0,0 +1 @@ +Element diff --git a/type/__matrix_riot/parameter/default/cookie_policy_url b/type/__matrix_element/parameter/default/cookie_policy_url similarity index 100% rename from type/__matrix_riot/parameter/default/cookie_policy_url rename to type/__matrix_element/parameter/default/cookie_policy_url diff --git a/type/__matrix_riot/parameter/default/default_country_code b/type/__matrix_element/parameter/default/default_country_code similarity index 100% rename from type/__matrix_riot/parameter/default/default_country_code rename to type/__matrix_element/parameter/default/default_country_code diff --git a/type/__matrix_riot/parameter/default/default_server_name b/type/__matrix_element/parameter/default/default_server_name similarity index 100% rename from type/__matrix_riot/parameter/default/default_server_name rename to type/__matrix_element/parameter/default/default_server_name diff --git a/type/__matrix_riot/parameter/default/default_server_url b/type/__matrix_element/parameter/default/default_server_url similarity index 100% rename from type/__matrix_riot/parameter/default/default_server_url rename to type/__matrix_element/parameter/default/default_server_url diff --git a/type/__matrix_riot/parameter/default/owner b/type/__matrix_element/parameter/default/owner similarity index 100% rename from type/__matrix_riot/parameter/default/owner rename to type/__matrix_element/parameter/default/owner diff --git a/type/__matrix_element/parameter/default/privacy_policy_url b/type/__matrix_element/parameter/default/privacy_policy_url new file mode 100644 index 0000000..37fa4bc --- /dev/null +++ b/type/__matrix_element/parameter/default/privacy_policy_url @@ -0,0 +1 @@ +https://element.io/privacy diff --git a/type/__matrix_riot/parameter/default/room_directory_servers b/type/__matrix_element/parameter/default/room_directory_servers similarity index 100% rename from type/__matrix_riot/parameter/default/room_directory_servers rename to type/__matrix_element/parameter/default/room_directory_servers diff --git a/type/__matrix_riot/parameter/optional b/type/__matrix_element/parameter/optional similarity index 100% rename from type/__matrix_riot/parameter/optional rename to type/__matrix_element/parameter/optional diff --git a/type/__matrix_riot/parameter/optional_multiple b/type/__matrix_element/parameter/optional_multiple similarity index 100% rename from type/__matrix_riot/parameter/optional_multiple rename to type/__matrix_element/parameter/optional_multiple diff --git a/type/__matrix_riot/parameter/required b/type/__matrix_element/parameter/required similarity index 100% rename from type/__matrix_riot/parameter/required rename to type/__matrix_element/parameter/required diff --git a/type/__matrix_riot/parameter/default/brand b/type/__matrix_riot/parameter/default/brand deleted file mode 100644 index e8095bb..0000000 --- a/type/__matrix_riot/parameter/default/brand +++ /dev/null @@ -1 +0,0 @@ -Riot diff --git a/type/__matrix_riot/parameter/default/privacy_policy_url b/type/__matrix_riot/parameter/default/privacy_policy_url deleted file mode 100644 index 4cdd12c..0000000 --- a/type/__matrix_riot/parameter/default/privacy_policy_url +++ /dev/null @@ -1 +0,0 @@ -https://riot.im/privacy From 5960356e7b0e540ed49af17ec05a0ba608dfaae6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Timoth=C3=A9e=20Floure?= Date: Fri, 10 Jul 2020 10:41:20 +0200 Subject: [PATCH 39/84] __unbound: add --local_data flag --- type/__unbound/files/unbound.conf.sh | 9 +++++++++ type/__unbound/man.rst | 4 ++++ type/__unbound/manifest | 5 +++++ type/__unbound/parameter/optional_multiple | 1 + 4 files changed, 19 insertions(+) diff --git a/type/__unbound/files/unbound.conf.sh b/type/__unbound/files/unbound.conf.sh index 46d2824..2f7ecff 100755 --- a/type/__unbound/files/unbound.conf.sh +++ b/type/__unbound/files/unbound.conf.sh @@ -18,6 +18,14 @@ generate_forward_addr() { done } +generate_local_data() { + IFS=' +' + for entry in $LOCAL_DATA; do + echo " local-data: \"$entry\"" + done +} + cat << EOF # # THIS FILE HAS BEEN GENERATED BY CDIST, DO NOT EDIT BY HAND. @@ -720,6 +728,7 @@ $(generate_access_control) # (this makes example.com, www.example.com, etc, all go to 192.0.2.3) # local-zone: "example.com" redirect # local-data: "example.com A 192.0.2.3" +$(generate_local_data) # # Shorthand to make PTR records, "IPv4 name" or "IPv6 name". # You can also add PTR records using local-data directly, but then diff --git a/type/__unbound/man.rst b/type/__unbound/man.rst index 679e601..316d011 100644 --- a/type/__unbound/man.rst +++ b/type/__unbound/man.rst @@ -34,6 +34,10 @@ access_control rc_interface Address or path to socket used for remote control (see `--enable_control`. Defaults to `127.0.0.1`). +local_data + Configure local data, which is served in reply to queries for it. Can be + specified multiple times. + BOOLEAN PARAMETERS ------------------ disable-ip4 diff --git a/type/__unbound/manifest b/type/__unbound/manifest index 346f30c..5d6b50f 100755 --- a/type/__unbound/manifest +++ b/type/__unbound/manifest @@ -54,6 +54,11 @@ if [ -f "$__object/parameter/rc_interface" ]; then export RC_INTERFACE fi +if [ -f "$__object/parameter/local_data" ]; then + LOCAL_DATA=$(cat "$__object/parameter/local_data") + export LOCAL_DATA +fi + # Boolean parameters: if [ -f "$__object/parameter/disable_ip4" ] && \ [ -f "$__object/parameter/disable_ip6" ]; then diff --git a/type/__unbound/parameter/optional_multiple b/type/__unbound/parameter/optional_multiple index ecacd1d..3fe7eca 100644 --- a/type/__unbound/parameter/optional_multiple +++ b/type/__unbound/parameter/optional_multiple @@ -1,2 +1,3 @@ access_control +local_data interface From 7eecc99c73f2304c5f4837dd9324a5d925256782 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Timoth=C3=A9e=20Floure?= Date: Mon, 27 Jul 2020 14:53:45 +0200 Subject: [PATCH 40/84] __unbound: fix typo in gencode-remote / service start --- type/__unbound/gencode-remote | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/type/__unbound/gencode-remote b/type/__unbound/gencode-remote index d12a395..ba6d92b 100755 --- a/type/__unbound/gencode-remote +++ b/type/__unbound/gencode-remote @@ -11,6 +11,6 @@ cat << EOF if pgrep unbound; then service unbound reload else - service unbounb start + service unbound start fi EOF From f73bf49e4b510b426dce4c04d1d63e08455f1ce0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Timoth=C3=A9e=20Floure?= Date: Tue, 28 Jul 2020 14:23:30 +0200 Subject: [PATCH 41/84] Remove manual / outdated CHANGELOG --- CHANGELOG.md | 6 ------ README.md | 4 ++-- 2 files changed, 2 insertions(+), 8 deletions(-) delete mode 100644 CHANGELOG.md diff --git a/CHANGELOG.md b/CHANGELOG.md deleted file mode 100644 index df26f7e..0000000 --- a/CHANGELOG.md +++ /dev/null @@ -1,6 +0,0 @@ -# cdist-contrib changes - -* 2020-06-07: New type: __unbound_exporter (Timothée Floure) -* 2020-06-07: Extended type: wire remote control configuration for __unbond (Timothée Floure) -* 2020-06-03: New type: __unbound (Timothée Floure) -* 2020-04-28: New type: __find_exec (Ander Punnar) diff --git a/README.md b/README.md index ef4b2c3..4231de2 100644 --- a/README.md +++ b/README.md @@ -5,8 +5,8 @@ tool with community-maitained types which are either too specific to fit/be maintained in cdist itself or were not accepted in code cdist but could still be useful. -This project does not have releases and is continously updated: see -`CHANGELOG.md` for details. +This project does not have releases and is continously updated: see git history +for change log. ## Using cdist-contrib From bf5f85068d8614f97e190e5115e34f5442ba7924 Mon Sep 17 00:00:00 2001 From: Joachim Desroches Date: Fri, 7 Aug 2020 10:39:38 +0200 Subject: [PATCH 42/84] Add a type to create a borg repository. --- type/__borg_repo/gencode-remote | 36 ++++++++++++++++ type/__borg_repo/man.rst | 43 +++++++++++++++++++ type/__borg_repo/manifest | 14 ++++++ type/__borg_repo/parameter/boolean | 1 + type/__borg_repo/parameter/default/encryption | 1 + type/__borg_repo/parameter/optional | 1 + type/__borg_repo/parameter/required | 1 + 7 files changed, 97 insertions(+) create mode 100644 type/__borg_repo/gencode-remote create mode 100644 type/__borg_repo/man.rst create mode 100644 type/__borg_repo/manifest create mode 100644 type/__borg_repo/parameter/boolean create mode 100644 type/__borg_repo/parameter/default/encryption create mode 100644 type/__borg_repo/parameter/optional create mode 100644 type/__borg_repo/parameter/required diff --git a/type/__borg_repo/gencode-remote b/type/__borg_repo/gencode-remote new file mode 100644 index 0000000..542bf5f --- /dev/null +++ b/type/__borg_repo/gencode-remote @@ -0,0 +1,36 @@ +#!/bin/sh + +passphrase= +appendonly= + +case "$(cat "${__object:?}/parameter/encryption")" in + none) + enc=none + ;; + repokey) + enc=repokey + if [ -f "${__object:?}/parameter/passphrase" ]; + then + passphrase="$(cat "${__object:?}/parameter/passphrase")" + else + echo "__borg_repo cannot use repokey encryption with no passphrase. Aborting." >&2; + exit 1; + fi + ;; + *) + echo "$enc is not a known encryption mode for __borg_repo. Aborting." >&2 + exit 1; +esac + +if [ -f "${__object:?}/parameter/append-only" ]; +then + appendonly='--append-only' +fi + +cat <<- EOF + if ! borg check --repository-only 1>&2 2>/dev/null "/${__object_id:?}"; + then + BORG_NEW_PASSPHRASE=$passphrase borg init -e ${enc:?} $appendonly /${__object_id:?} + fi +EOF + diff --git a/type/__borg_repo/man.rst b/type/__borg_repo/man.rst new file mode 100644 index 0000000..38ab0c9 --- /dev/null +++ b/type/__borg_repo/man.rst @@ -0,0 +1,43 @@ +cdist-type__borg_repo(7) +======================== + +NAME +---- +cdist-type__borg_repo - Configure a borg repository on host + + +DESCRIPTION +----------- + +Initializes a borg repository at the location specified in the +`${__object_id}`. Nothing is done if the repository already exists. + +Currently, only `none` and `repokey` are supported as encryption modes; +`repokey` requires the `passphrase` argument to be given. The default is +`none`. + +REQUIRED PARAMETERS +------------------- +encryption + The encryption to use. + +OPTIONAL PARAMETERS +------------------- +passphrase + The passphrase to encrypt the keyfile with. + +BOOLEAN PARAMETERS +------------------ +append-only + If the repository is append-only + +AUTHORS +------- +Joachim Desroches + +COPYING +------- +Copyright \(C) 2020 Joachim Desroches. You can redistribute it +and/or modify it under the terms of the GNU General Public License as +published by the Free Software Foundation, either version 3 of the +License, or (at your option) any later version. diff --git a/type/__borg_repo/manifest b/type/__borg_repo/manifest new file mode 100644 index 0000000..fe18c9c --- /dev/null +++ b/type/__borg_repo/manifest @@ -0,0 +1,14 @@ +#!/bin/sh + +os="$(cat "${__global:?}"/explorer/os)" + +case "$os" in + "alpine") + borg_package=borgbackup + ;; + *) + echo "__borg_repo is not yet implemented for os $os. Aborting." >&2; + exit 1; +esac + +__package "$borg_package" diff --git a/type/__borg_repo/parameter/boolean b/type/__borg_repo/parameter/boolean new file mode 100644 index 0000000..f8ee7c6 --- /dev/null +++ b/type/__borg_repo/parameter/boolean @@ -0,0 +1 @@ +append-only diff --git a/type/__borg_repo/parameter/default/encryption b/type/__borg_repo/parameter/default/encryption new file mode 100644 index 0000000..621e94f --- /dev/null +++ b/type/__borg_repo/parameter/default/encryption @@ -0,0 +1 @@ +none diff --git a/type/__borg_repo/parameter/optional b/type/__borg_repo/parameter/optional new file mode 100644 index 0000000..f63b25b --- /dev/null +++ b/type/__borg_repo/parameter/optional @@ -0,0 +1 @@ +passphrase diff --git a/type/__borg_repo/parameter/required b/type/__borg_repo/parameter/required new file mode 100644 index 0000000..a5465f8 --- /dev/null +++ b/type/__borg_repo/parameter/required @@ -0,0 +1 @@ +encryption From 49d39eaee50bc848840cb4fda91e2ed0cb4a14f1 Mon Sep 17 00:00:00 2001 From: Dennis Camera Date: Wed, 26 Aug 2020 18:01:52 +0200 Subject: [PATCH 43/84] [type/__mail_alias] Fix error with some AWK implementations Some AWK implementations seem to have a problem with parameters named default. awk: cmd. line:2: function sepafter(f, default, _) { awk: cmd. line:2: ^ syntax error awk: cmd. line:5: return _ ? _ : default awk: cmd. line:5: ^ syntax error In addition the temp file is removed if an error occurs. --- type/__mail_alias/gencode-remote | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/type/__mail_alias/gencode-remote b/type/__mail_alias/gencode-remote index 3eaad75..9f4af1b 100755 --- a/type/__mail_alias/gencode-remote +++ b/type/__mail_alias/gencode-remote @@ -67,10 +67,10 @@ cat <<'EOF' test -f "${aliases_file}" || touch "${aliases_file}" awk -F ':[ \t]*' -v mode=$mode ' -function sepafter(f, default, _) { +function sepafter(f, def, _) { # finds the separator between field $f and $(f+1) _ = substr($0, length($f)+1, index(substr($0, length($f)+1), $(f+1))-1) - return _ ? _ : default + return _ ? _ : def } function write_aliases() { @@ -134,6 +134,7 @@ END { write_aliases() } ' <"${aliases_file}" >"${aliases_file}.tmp" || { + rm -f "${aliases_file}.tmp" echo 'Generating new aliases file failed!' >&2 exit 1 } From 445bc75deba18b8fa978e7d5d8ed8189908457d6 Mon Sep 17 00:00:00 2001 From: Dennis Camera Date: Mon, 28 Sep 2020 10:59:13 +0200 Subject: [PATCH 44/84] [type/__dma_auth] Drop --server parameter Currently, dma does not differentiate between login users on the SMTP server. It will pick whatever entry it finds first (https://github.com/corecode/dma/blob/v0.13/net.c#L531). As a result, the --server parameter only adds confusion. --- type/__dma_auth/explorer/state | 29 +++++++++++++---------------- type/__dma_auth/gencode-remote | 24 +++++++++--------------- type/__dma_auth/man.rst | 6 ++++-- type/__dma_auth/parameter/optional | 1 - 4 files changed, 26 insertions(+), 34 deletions(-) diff --git a/type/__dma_auth/explorer/state b/type/__dma_auth/explorer/state index 668b50f..621e5a2 100755 --- a/type/__dma_auth/explorer/state +++ b/type/__dma_auth/explorer/state @@ -17,25 +17,18 @@ # You should have received a copy of the GNU General Public License # along with cdist. If not, see . # -# This explorer looks for a line matching the login and server parameters +# This explorer looks for a line matching the server parameter # in dma's auth.conf and reports: # present: a line matching login + host + password exists # absent: no line matching login + host exists -# different_password: a line exists but with a different pasword -# multiple: multiple lines matching login + host exist -# (should never happen) +# different_login: a line exists but with a different login user +# different_password: a line exists but with a different password +# multiple: multiple lines matching host exist (should not happen) auth_conf=$("${__type_explorer}/auth_conf") test -r "${auth_conf}" || exit 0 -if test -f "${__object}/parameter/server" -then - server=$(cat "${__object}/parameter/server") -else - server=$__object_id -fi - -awk -F'\n' -v server="${server}" ' +awk -F'\n' ' function getvalue(path) { # Reads the first line of the file located at path and returns it. getline < path @@ -49,8 +42,7 @@ BEGIN { parameter_dir = ENVIRON["__object"] "/parameter/" # Read the parameters of this object - host_param = getvalue(parameter_dir "server") - if (!host_param) host_param = ENVIRON["__object_id"] + host_param = ENVIRON["__object_id"] login_param = getvalue(parameter_dir "login") passwd_param = getvalue(parameter_dir "password") @@ -78,10 +70,15 @@ BEGIN { } } -host == host_param && login == login_param { +host == host_param { # a match… if (state == "absent") { - state = ((passwd == passwd_param) ? "present" : "different_password") + if (login != login_param) + state = "different_login" + else if (passwd != passwd_param) + state = "different_password" + else + state = "present" } else { # report "multiple" to that the type can remove the duplicates. state = "multiple" diff --git a/type/__dma_auth/gencode-remote b/type/__dma_auth/gencode-remote index c57e5cc..e73c424 100755 --- a/type/__dma_auth/gencode-remote +++ b/type/__dma_auth/gencode-remote @@ -21,14 +21,16 @@ state_is=$(cat "${__object}/explorer/state") state_should=$(cat "${__object}/parameter/state") -if test -f "${__object}/parameter/server" -then - server=$(cat "${__object}/parameter/server") -else - server=$__object_id -fi +server=$__object_id login=$(cat "${__object}/parameter/login") + +auth_conf=$(cat "${__object}/explorer/auth_conf") +test -n "${auth_conf}" || { + echo 'Cannot determine path of dma auth.conf' >&2 + exit 1 +} + if test "${state_is}" = "${state_should}" then # state is as it should @@ -61,13 +63,6 @@ in ;; esac -auth_conf=$(cat "${__object}/explorer/auth_conf") - -test -n "${auth_conf}" || { - echo 'Cannot determine path of dma auth.conf' >&2 - exit 1 -} - cat < Date: Mon, 28 Sep 2020 16:34:12 +0200 Subject: [PATCH 45/84] Move auth_conf explorer from __dma_auth to __dma --- type/__dma/explorer/auth_conf | 50 +++++++++++++++++++++++++++++- type/__dma_auth/explorer/auth_conf | 50 +----------------------------- 2 files changed, 50 insertions(+), 50 deletions(-) mode change 120000 => 100755 type/__dma/explorer/auth_conf mode change 100755 => 120000 type/__dma_auth/explorer/auth_conf diff --git a/type/__dma/explorer/auth_conf b/type/__dma/explorer/auth_conf deleted file mode 120000 index db038ae..0000000 --- a/type/__dma/explorer/auth_conf +++ /dev/null @@ -1 +0,0 @@ -../../__dma_auth/explorer/auth_conf \ No newline at end of file diff --git a/type/__dma/explorer/auth_conf b/type/__dma/explorer/auth_conf new file mode 100755 index 0000000..cef0aca --- /dev/null +++ b/type/__dma/explorer/auth_conf @@ -0,0 +1,49 @@ +#!/bin/sh -e +# +# 2020 Dennis Camera (dennis.camera at ssrq-sds-fds.ch) +# +# This file is part of cdist. +# +# cdist is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# cdist is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with cdist. If not, see . +# +# This explorer determines the path of dma's auth.conf file + +# No dma.conf -> use default +test -f /etc/dma/dma.conf || { + echo /etc/dma/auth.conf + exit 0 +} +test -r /etc/dma/dma.conf || { + echo 'Cannot read /etc/dma/dma.conf' >&2 + exit 1 +} + +# Get AUTHPATH from dma.conf +awk -F'[ \t]' ' +{ + sub(/#.*$/, "", $0) # remove comments + if (!$0) next # ignore empty lines +} +$1 == "AUTHPATH" { + # Store authpath. In dma conf parsing last wins. + if ($2) authpath = substr($0, index($0, " ") + 1) +} +END { + if (authpath) { + print authpath + exit 0 + } else exit 1 +} +' /etc/dma/dma.conf \ +|| echo /etc/dma/auth.conf # default diff --git a/type/__dma_auth/explorer/auth_conf b/type/__dma_auth/explorer/auth_conf deleted file mode 100755 index cef0aca..0000000 --- a/type/__dma_auth/explorer/auth_conf +++ /dev/null @@ -1,49 +0,0 @@ -#!/bin/sh -e -# -# 2020 Dennis Camera (dennis.camera at ssrq-sds-fds.ch) -# -# This file is part of cdist. -# -# cdist is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# cdist is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with cdist. If not, see . -# -# This explorer determines the path of dma's auth.conf file - -# No dma.conf -> use default -test -f /etc/dma/dma.conf || { - echo /etc/dma/auth.conf - exit 0 -} -test -r /etc/dma/dma.conf || { - echo 'Cannot read /etc/dma/dma.conf' >&2 - exit 1 -} - -# Get AUTHPATH from dma.conf -awk -F'[ \t]' ' -{ - sub(/#.*$/, "", $0) # remove comments - if (!$0) next # ignore empty lines -} -$1 == "AUTHPATH" { - # Store authpath. In dma conf parsing last wins. - if ($2) authpath = substr($0, index($0, " ") + 1) -} -END { - if (authpath) { - print authpath - exit 0 - } else exit 1 -} -' /etc/dma/dma.conf \ -|| echo /etc/dma/auth.conf # default diff --git a/type/__dma_auth/explorer/auth_conf b/type/__dma_auth/explorer/auth_conf new file mode 120000 index 0000000..e89de93 --- /dev/null +++ b/type/__dma_auth/explorer/auth_conf @@ -0,0 +1 @@ +../../__dma/explorer/auth_conf \ No newline at end of file From 3feaea1d96a361bf16893f1a2442ce4338ac6c89 Mon Sep 17 00:00:00 2001 From: Marko Seric Date: Mon, 28 Sep 2020 16:43:31 +0200 Subject: [PATCH 46/84] [type/__dma_auth] Externalise AWK update script to separate file --- type/__dma_auth/files/update_dma_auth.awk | 93 +++++++++++++++++++++++ type/__dma_auth/gencode-remote | 90 ++-------------------- 2 files changed, 98 insertions(+), 85 deletions(-) create mode 100644 type/__dma_auth/files/update_dma_auth.awk diff --git a/type/__dma_auth/files/update_dma_auth.awk b/type/__dma_auth/files/update_dma_auth.awk new file mode 100644 index 0000000..c50198b --- /dev/null +++ b/type/__dma_auth/files/update_dma_auth.awk @@ -0,0 +1,93 @@ +#!/usr/bin/awk -f +# +# 2020 Dennis Camera (dennis.camera@ssrq-sds-fds.ch) +# +# This file is part of cdist. +# +# cdist is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# cdist is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with cdist. If not, see . +# + +function getvalue(path) { + # Reads the first line of the file located at path and returns it. + getline < path + close(path) + return $0 +} + +function print_should() { + printf "%s|%s:%s\n", login_param, host_param, passwd_param +} + +BEGIN { + FS = "\n" + DP = "[: \t]" # copied from dma/conf.c + + parameter_dir = ENVIRON["__object"] "/parameter/" + + mode = (getvalue(parameter_dir "state") != "absent") + + host_param = ENVIRON["__object_id"] + login_param = getvalue(parameter_dir "login") + passwd_param = getvalue(parameter_dir "password") +} + +# skip comments and empty lines +/^#/ || /^$/ { + print + next +} + +{ + # parse line (like dma/conf.c would) + + login = substr($0, 1, index($0, "|") - 1) + if (!login) { login = $0 } # if no "|" found + + host = substr($0, length(login) + 2) + + if (match(host, DP)) { + passwd = substr(host, RSTART + 1) + host = substr(host, 1, RSTART - 1) + } else { + passwd = "" + } +} + +host == host_param { + if (mode) { + # state_should == present + if (!written) { + # replace first line if host matches (but only if no line has + # been written already -> no duplicates) + print_should() + written = 1 + } + next + } else { + # state_should == absent + next + } +} + +# leave other lines alone +{ + print +} + +END { + if (mode && !written) { + # append line if no match to replace was found + print_should() + } +} diff --git a/type/__dma_auth/gencode-remote b/type/__dma_auth/gencode-remote index e73c424..d8be7e8 100755 --- a/type/__dma_auth/gencode-remote +++ b/type/__dma_auth/gencode-remote @@ -18,6 +18,8 @@ # along with cdist. If not, see . # +drop_awk_comments() { sed '/^[[:blank:]]*#.*$/d;/^$/d' "$@"; } + state_is=$(cat "${__object}/explorer/state") state_should=$(cat "${__object}/parameter/state") @@ -42,8 +44,6 @@ in (present) test -n "${login}" || { echo '--login must be non-empty' >&2; exit 1; } - mode=1 - if test "${state_is}" = 'absent' then printf 'add authuser %s on %s\n' "${login}" "${server}" >>"${__messages_out}" @@ -52,8 +52,6 @@ in fi ;; (absent) - mode=0 - printf 'delete authuser %s on %s\n' "${login}" "${server}" >>"${__messages_out}" ;; (*) @@ -65,87 +63,9 @@ esac cat < no duplicates) - print_should() - written = 1 - } - next - } else { - # state_should == absent - if (!login_param || login == login_param) { - # empty --login -> drop all lines for this host - next - } - } -} - -# leave other lines alone -{ - print -} - -END { - if (mode && !written) { - # append line if no match to replace was found - print_should() - } -} -' <"${auth_conf}" >"${auth_conf}.tmp" \ - && mv "${auth_conf}.tmp" "${auth_conf}" +awk '$(drop_awk_comments "${__type}/files/update_dma_auth.awk")' <'${auth_conf}' >'${auth_conf}.tmp' \ +&& cat '${auth_conf}.tmp' >'${auth_conf}' +rm -f '${auth_conf}.tmp' EOF From 6ae08085607f1a73832b80a20ad4671950e5c82e Mon Sep 17 00:00:00 2001 From: Dennis Camera Date: Mon, 28 Sep 2020 16:54:21 +0200 Subject: [PATCH 47/84] [type/__dma] Externalise AWK update script to separate file --- type/__dma/files/update_dma_conf.awk | 170 +++++++++++++++++++++++++++ type/__dma/gencode-remote | 167 ++------------------------ 2 files changed, 179 insertions(+), 158 deletions(-) create mode 100644 type/__dma/files/update_dma_conf.awk diff --git a/type/__dma/files/update_dma_conf.awk b/type/__dma/files/update_dma_conf.awk new file mode 100644 index 0000000..67661fd --- /dev/null +++ b/type/__dma/files/update_dma_conf.awk @@ -0,0 +1,170 @@ +#!/usr/bin/awk -f +# +# 2020 Dennis Camera (dennis.camera at ssrq-sds-fds.ch) +# +# This file is part of cdist. +# +# cdist is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# cdist is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with cdist. If not, see . + +function comment_line(line) { + # returns the position in line at which the comment'\''s text starts + # (0 if the line is not a comment) + match(line, /^[ \t]*\#+[ \t]*/) + return RSTART ? (RLENGTH + 1) : 0 +} +function empty_line(line) { return line ~ /^[ \t]*$/ } +function is_word(s) { return s ~ /^[A-Z_]+$/ } # "looks like a plausible word" + +function first(line, sep_re) { + # returns the part of the line until sep is found + # (or the whole line if sep is not found) + if (!sep_re) sep_re = "[" SUBSEP "]" + match(line, sep_re) + return RSTART ? substr(line, 1, RSTART - 1) : line +} + +function rest(line, sep_re) { + # returns the part of the line after the first occurrence of sep is found. + # (or nothing if sep is not found) + if (!sep_re) sep_re = "[" SUBSEP "]" + if (match(line, sep_re)) + return substr(line, RSTART + RLENGTH) +} + +function conf_pop(word, value) { + # returns the next value for the config `word` and delete it from the list. + # if value is set, this function will only return value if it is the first + # option in the list, otherwise it returns 0. + + if (!(word in conf)) return 0 + if (!value) { + if (index(conf[word], SUBSEP)) # more than one element? + value = substr(conf[word], 1, index(conf[word], SUBSEP) - 1) + else + value = conf[word] + } + + if (index(conf[word], SUBSEP)) { + if (index(conf[word], value SUBSEP) != 1) return 0 + conf[word] = substr(conf[word], length(value) + 2) + } else { + if (conf[word] != value) return 0 + delete conf[word] + } + return value +} + +function print_conf(word, value) { + # print a config line with the given parameters + printf "%s", word + if (value) printf " %s", value + printf "\n" +} + +function print_confs(word, value) { + # print config lines for all values stored in conf[word]. + if (!(word in conf)) return + if (conf[word]) { + while (value = conf_pop(word)) + print_conf(word, value) + } else { + print_conf(word) + delete conf[word] + } +} + +BEGIN { + FS = "\n" + EQS = "[ \t]" # copied from dma/conf.c + + # read the "should" state into the `conf` array. + while (getline < "/dev/stdin") { + word = first($0, EQS) + if ((word in conf)) + conf[word] = conf[word] SUBSEP rest($0, EQS) + else + conf[word] = rest($0, EQS) + } +} + +# first pass, gather information about where which information is stored in the +# current config file. This information will be used in the second pass. +NR == FNR { + if (comment_line($0)) { + # comment line + word = first(substr($0, comment_line($0)), " ") + if (is_word(word)) last_occ["#" word] = FNR + } else { + word = first($0, EQS) + if (is_word(word)) last_occ[word] = FNR + } +} + +# before second pass prepare hashes containing location information to be used +# in the second pass. +NR > FNR && FNR == 1 { + # First we drop the locations of commented-out options if a non-commented + # option is available. If a non-commented option is available, we will + # append new config options there to have them all at one place. + for (k in last_occ) + if (k ~ /^\#/ && (substr(k, 2) in last_occ)) + delete last_occ[k] + + # Reverse the option => line mapping. The line_map allows for easier lookups + # in the second pass. + for (k in last_occ) line_map[last_occ[k]] = k +} + +# second pass, generate and output new config +NR > FNR { + if (comment_line($0) || empty_line($0)) { + # comment or empty line + print + + if ((FNR in line_map)) { + if (line_map[FNR] ~ /^\#/) { + # This line contains a commented config option. If the conf hash + # contains options to be set, we output them here because this + # option is not used in the current config. + k = substr(line_map[FNR], 2) + if ((k in conf)) print_confs(k) + } + + if (("INSECURE" in conf) && line_map[FNR] ~ /^\#?SECURE$/) { + # INSECURE goes where SECURE comment is. + print_confs("INSECURE") + } + } + } else { + word = first($0, EQS) + value = rest($0, EQS) + sub(/[ \t]*\#.*$/, "", value) # ignore comments in value + + if ((word in conf) && value == first(conf[word])) { + # keep config options we want + conf_pop(word) + print + } + + if ((FNR in line_map) && line_map[FNR] == word) { + # rest of config options should be here + print_confs(word) + } + } +} + +END { + # print rest of config options ( + for (word in conf) print_confs(word) +} diff --git a/type/__dma/gencode-remote b/type/__dma/gencode-remote index a6aca0d..8177de9 100755 --- a/type/__dma/gencode-remote +++ b/type/__dma/gencode-remote @@ -1,5 +1,7 @@ #!/bin/sh -e +drop_awk_comments() { sed '/^[[:blank:]]*#.*$/d;/^$/d' "$@"; } + CONF_PATH=/etc/dma # set in Makefile # Determine mailname @@ -100,7 +102,7 @@ config_updated=false if ! echo "$conf_should" | cmp -s "${__object}/explorer/conf" - then # config needs to be updated - echo "dma_conf='${CONF_PATH:?}/dma.conf'" + dma_conf="${CONF_PATH:?}/dma.conf" # The following AWK script will output the new config file to be stored on # disk. To do so it reads the current dma.conf file and the config options @@ -119,164 +121,13 @@ then # options are grouped by word (the first word in the line) and appended # at the end of the file. - cat <<'EOF' -awk -F '\n' ' -function comment_line(line) { - # returns the position in line at which the comment'\''s text starts - # (0 if the line is not a comment) - match(line, /^[ \t]*\#+[ \t]*/) - return RSTART ? (RLENGTH + 1) : 0 -} -function empty_line(line) { return line ~ /^[ \t]*$/ } -function is_word(s) { return s ~ /^[A-Z_]+$/ } # "looks like a plausible word" - -function first(line, sep_re) { - # returns the part of the line until sep is found - # (or the whole line if sep is not found) - if (!sep_re) sep_re = "[" SUBSEP "]" - match(line, sep_re) - return RSTART ? substr(line, 1, RSTART - 1) : line -} - -function rest(line, sep_re) { - # returns the part of the line after the first occurrence of sep is found. - # (or nothing if sep is not found) - if (!sep_re) sep_re = "[" SUBSEP "]" - if (match(line, sep_re)) - return substr(line, RSTART + RLENGTH) -} - -function conf_pop(word, value) { - # returns the next value for the config `word` and delete it from the list. - # if value is set, this function will only return value if it is the first - # option in the list, otherwise it returns 0. - - if (!(word in conf)) return 0 - if (!value) { - if (index(conf[word], SUBSEP)) # more than one element? - value = substr(conf[word], 1, index(conf[word], SUBSEP) - 1) - else - value = conf[word] - } - - if (index(conf[word], SUBSEP)) { - if (index(conf[word], value SUBSEP) != 1) return 0 - conf[word] = substr(conf[word], length(value) + 2) - } else { - if (conf[word] != value) return 0 - delete conf[word] - } - return value -} - -function print_conf(word, value) { - # print a config line with the given parameters - printf "%s", word - if (value) printf " %s", value - printf "\n" -} - -function print_confs(word, value) { - # print config lines for all values stored in conf[word]. - if (!(word in conf)) return - if (conf[word]) { - while (value = conf_pop(word)) - print_conf(word, value) - } else { - print_conf(word) - delete conf[word] - } -} - -BEGIN { - EQS = "[ \t]" # copied from dma/conf.c - - # read the "should" state into the `conf` array. - while (getline < "/dev/stdin") { - word = first($0, EQS) - if ((word in conf)) - conf[word] = conf[word] SUBSEP rest($0, EQS) - else - conf[word] = rest($0, EQS) - } -} - -# first pass, gather information about where which information is stored in the -# current config file. This information will be used in the second pass. -NR == FNR { - if (comment_line($0)) { - # comment line - word = first(substr($0, comment_line($0)), " ") - if (is_word(word)) last_occ["#" word] = FNR - } else { - word = first($0, EQS) - if (is_word(word)) last_occ[word] = FNR - } -} - -# before second pass prepare hashes containing location information to be used -# in the second pass. -NR > FNR && FNR == 1 { - # First we drop the locations of commented-out options if a non-commented - # option is available. If a non-commented option is available, we will - # append new config options there to have them all at one place. - for (k in last_occ) - if (k ~ /^\#/ && (substr(k, 2) in last_occ)) - delete last_occ[k] - - # Reverse the option => line mapping. The line_map allows for easier lookups - # in the second pass. - for (k in last_occ) line_map[last_occ[k]] = k -} - -# second pass, generate and output new config -NR > FNR { - if (comment_line($0) || empty_line($0)) { - # comment or empty line - print - - if ((FNR in line_map)) { - if (line_map[FNR] ~ /^\#/) { - # This line contains a commented config option. If the conf hash - # contains options to be set, we output them here because this - # option is not used in the current config. - k = substr(line_map[FNR], 2) - if ((k in conf)) print_confs(k) - } - - if (("INSECURE" in conf) && line_map[FNR] ~ /^\#?SECURE$/) { - # INSECURE goes where SECURE comment is. - print_confs("INSECURE") - } - } - } else { - word = first($0, EQS) - value = rest($0, EQS) - sub(/[ \t]*\#.*$/, "", value) # ignore comments in value - - if ((word in conf) && value == first(conf[word])) { - # keep config options we want - conf_pop(word) - print - } - - if ((FNR in line_map) && line_map[FNR] == word) { - # rest of config options should be here - print_confs(word) - } - } -} - -END { - # print rest of config options ( - for (word in conf) print_confs(word) -} -' "${dma_conf}" "${dma_conf}" <<'EOF' >"${dma_conf}.tmp" \ - && mv "${dma_conf}.tmp" "${dma_conf}" + cat <'${dma_conf}.tmp' \ +&& cat '${dma_conf}.tmp' >'${dma_conf}' +${conf_should} EOF - # Pass in "conf_should" via stdin - echo "${conf_should}" - echo 'EOF' +rm '${dma_conf}.tmp' +CODE config_updated=true echo 'config updated' >>"${__messages_out}" From b48b48e4047d8855e9ee2d635a0c345cad007997 Mon Sep 17 00:00:00 2001 From: Dennis Camera Date: Mon, 28 Sep 2020 17:29:41 +0200 Subject: [PATCH 48/84] [type/__mail_alias] Externalise AWK update script to separate file --- type/__mail_alias/files/update_aliases.awk | 98 ++++++++++++++++++ type/__mail_alias/gencode-remote | 115 ++++----------------- 2 files changed, 119 insertions(+), 94 deletions(-) create mode 100644 type/__mail_alias/files/update_aliases.awk diff --git a/type/__mail_alias/files/update_aliases.awk b/type/__mail_alias/files/update_aliases.awk new file mode 100644 index 0000000..87ea202 --- /dev/null +++ b/type/__mail_alias/files/update_aliases.awk @@ -0,0 +1,98 @@ +#!/usr/bin/awk -f +# +# 2020 Dennis Camera (dennis.camera@ssrq-sds-fds.ch) +# +# This file is part of cdist. +# +# cdist is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# cdist is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with cdist. If not, see . +# + +function getvalue(path) { + # Reads the first line of the file located at path and returns it. + getline < path + close(path) + return $0 +} + +function sepafter(f, def, _) { + # finds the separator between field $f and $(f+1) + _ = substr($0, length($f)+1, index(substr($0, length($f)+1), $(f+1))-1) + return _ ? _ : def +} + +function write_aliases() { + if (aliases_written) return + + # print aliases line + printf "%s%s", ENVIRON["__object_id"], sepafter(1, ": ") + while ((getline < aliases_should_file) > 0) { + if (aliases_written) printf ", " + printf "%s", $0 + aliases_written = 1 + } + printf "\n" + close(aliases_should_file) +} + +BEGIN { + FS = ":[ \t]*" + + parameter_dir = ENVIRON["__object"] "/parameter/" + + mode = (getvalue(parameter_dir "state") != "absent") + aliases_should_file = (parameter_dir "/alias") +} + +/^[ \t]*\#/ { + # comment line (leave alone) + select = 0; cont = 0 # comments terminate alias lists and continuations + print + next +} + +{ + # is this line a continuation line? + # (the prev. line ended in a backslash or the line starts with whitespace) + is_cont = /^[ \t]/ || cont + + # detect if the line is a line to be continued (ends with a backslash) + cont = ($0 ~ /\\$/) + # if it is, we drop the backslash from the line. + if (cont) sub(/[ \t]*\\$/, "", $0) +} + +is_cont { + # we ignore the line as it has been rewritten previously or is not + # interesting + next +} + +$1 == ENVIRON["__object_id"] { + # "target" user -> rewrite aliases list + select = 1 + if (mode) write_aliases() + next +} + +{ + # other user + select = 0 + print +} + +END { + # if the last line was an alias, the separator will be reused (looks better) + if (mode && !aliases_written) + write_aliases() +} diff --git a/type/__mail_alias/gencode-remote b/type/__mail_alias/gencode-remote index 9f4af1b..e5bc2b7 100755 --- a/type/__mail_alias/gencode-remote +++ b/type/__mail_alias/gencode-remote @@ -18,6 +18,16 @@ # along with cdist. If not, see . # +drop_awk_comments() { sed '/^[[:blank:]]*#.*$/d;/^$/d' "$@"; } + +aliases_file=$(cat "${__object}/explorer/aliases_file") + +test -n "${aliases_file}" || { + echo 'Could not determine aliases file path.' >&2 + exit 1 +} + + state_should=$(cat "${__object}/parameter/state") case $state_should @@ -35,119 +45,36 @@ in else echo "add aliases" >>"$__messages_out" fi - - mode=1 ;; (absent) # nothing to do if no aliases found. test -s "${__object}/explorer/aliases" || exit 0 echo "delete aliases" >>"$__messages_out" - - mode=0 ;; (*) - printf 'Invalid --state: %s.\n' "$state_should" >&2 + printf 'Invalid --state: %s.\n' "${state_should}" >&2 printf 'Acceptable values are: present, absent.\n' >&2 exit 1 esac -aliases_file=$(cat "${__object}/explorer/aliases_file") +cat <&2 - exit 1 -} - -# "export" variables to remote -printf 'mode=%u\n' "${mode}" -printf "aliases_file='%s'\n" "${aliases_file}" - -cat <<'EOF' -test -f "${aliases_file}" || touch "${aliases_file}" - -awk -F ':[ \t]*' -v mode=$mode ' -function sepafter(f, def, _) { - # finds the separator between field $f and $(f+1) - _ = substr($0, length($f)+1, index(substr($0, length($f)+1), $(f+1))-1) - return _ ? _ : def -} - -function write_aliases() { - if (aliases_written) return - - # print aliases line - printf "%s%s", ENVIRON["__object_id"], sepafter(1, ": ") - while ((getline < aliases_should_file) > 0) { - if (aliases_written) printf ", " - printf "%s", $0 - aliases_written = 1 - } - printf "\n" - close(aliases_should_file) -} - -BEGIN { - aliases_should_file = (ENVIRON["__object"] "/parameter/alias") -} - -/^[ \t]*\#/ { - # comment line (leave alone) - select = 0; cont = 0 # comments terminate alias lists and continuations - print - next -} - -{ - # is this line a continuation line? - # (the prev. line ended in a backslash or the line starts with whitespace) - is_cont = /^[ \t]/ || cont - - # detect if the line is a line to be continued (ends with a backslash) - cont = ($0 ~ /\\$/) - # if it is, we drop the backslash from the line. - if (cont) sub(/[ \t]*\\$/, "", $0) -} - -is_cont { - # we ignore the line as it has been rewritten previously or is not - # interesting - next -} - -$1 == ENVIRON["__object_id"] { - # "target" user -> rewrite aliases list - select = 1 - if (mode) write_aliases() - next -} - -{ - # other user - select = 0 - print -} - -END { - # if the last line was an alias, the separator will be reused (looks better) - if (mode && !aliases_written) - write_aliases() -} -' <"${aliases_file}" >"${aliases_file}.tmp" || { - rm -f "${aliases_file}.tmp" +awk '$(drop_awk_comments "${__type}/files/update_aliases.awk")' <'${aliases_file}' >'${aliases_file}.tmp' \ +|| { + rm -f '${aliases_file}.tmp' echo 'Generating new aliases file failed!' >&2 exit 1 } -if ! cmp -s "${aliases_file}" "${aliases_file}.tmp" +if ! cmp -s '${aliases_file}' '${aliases_file}.tmp' then - # aliases file was modified, replace and run `newaliases`. - mv "${aliases_file}.tmp" "${aliases_file}" + # aliases file was modified, replace: + cat '${aliases_file}.tmp' >'${aliases_file}' - # run newaliases if present + # then, run newaliases if present ("missing" on Alpine Linux because of typo) command -v newaliases >/dev/null 2>&1 && newaliases || true -else - # no modifications were made, delete the temp file. - rm "${aliases_file}.tmp" fi +rm -f '${aliases_file}.tmp' EOF From 2270c32ddb7d2fa2c9bd904755e20fd0fbae13dc Mon Sep 17 00:00:00 2001 From: Dennis Camera Date: Mon, 28 Sep 2020 17:30:53 +0200 Subject: [PATCH 49/84] [type/__dma] Add missing license headers --- type/__dma/gencode-remote | 18 ++++++++++++++++++ type/__dma/manifest | 18 ++++++++++++++++++ 2 files changed, 36 insertions(+) diff --git a/type/__dma/gencode-remote b/type/__dma/gencode-remote index 8177de9..bcd4530 100755 --- a/type/__dma/gencode-remote +++ b/type/__dma/gencode-remote @@ -1,4 +1,22 @@ #!/bin/sh -e +# +# 2020 Dennis Camera (dennis.camera@ssrq-sds-fds.ch) +# +# This file is part of cdist. +# +# cdist is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# cdist is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with cdist. If not, see . +# drop_awk_comments() { sed '/^[[:blank:]]*#.*$/d;/^$/d' "$@"; } diff --git a/type/__dma/manifest b/type/__dma/manifest index 75e42d7..df62308 100755 --- a/type/__dma/manifest +++ b/type/__dma/manifest @@ -1,4 +1,22 @@ #!/bin/sh -e +# +# 2020 Dennis Camera (dennis.camera@ssrq-sds-fds.ch) +# +# This file is part of cdist. +# +# cdist is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# cdist is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with cdist. If not, see . +# os=$(cat "${__global}/explorer/os") From 231f96de18cad4b53232baa504b8bf266bd015de Mon Sep 17 00:00:00 2001 From: Dennis Camera Date: Mon, 28 Sep 2020 17:37:41 +0200 Subject: [PATCH 50/84] Error if expected environment variables are unset --- type/__dma/gencode-remote | 58 ++++++++++++------------- type/__dma/manifest | 2 +- type/__dma_auth/gencode-remote | 18 ++++---- type/__mail_alias/explorer/aliases | 4 +- type/__mail_alias/explorer/aliases_file | 2 +- type/__mail_alias/gencode-remote | 18 ++++---- 6 files changed, 52 insertions(+), 50 deletions(-) diff --git a/type/__dma/gencode-remote b/type/__dma/gencode-remote index bcd4530..e254323 100755 --- a/type/__dma/gencode-remote +++ b/type/__dma/gencode-remote @@ -23,18 +23,18 @@ drop_awk_comments() { sed '/^[[:blank:]]*#.*$/d;/^$/d' "$@"; } CONF_PATH=/etc/dma # set in Makefile # Determine mailname -if test -f "${__object}/parameter/mailname" +if test -f "${__object:?}/parameter/mailname" then - mailname=$(cat "${__object}/parameter/mailname") + mailname=$(cat "${__object:?}/parameter/mailname") else - case $(cat "${__global}/explorer/os") + case $(cat "${__global:?}/explorer/os") in (debian|devuan|ubuntu) # On Debian-like systems use /etc/mailname unless --mailname is used mailname='/etc/mailname' ;; (*) - mailname=$__target_fqdn + mailname=${__target_fqdn:?} ;; esac fi @@ -42,19 +42,19 @@ fi # Generate "should" values for config conf_should=$( - if test -s "${__object}/parameter/smarthost" + if test -s "${__object:?}/parameter/smarthost" then - printf 'SMARTHOST %s\n' "$(cat "${__object}/parameter/smarthost")" + printf 'SMARTHOST %s\n' "$(cat "${__object:?}/parameter/smarthost")" fi printf 'MAILNAME %s\n' "${mailname}" - if test -s "${__object}/explorer/auth_conf" + if test -s "${__object:?}/explorer/auth_conf" then - printf "AUTHPATH %s\n" "$(cat "${__object}/explorer/auth_conf")" + printf "AUTHPATH %s\n" "$(cat "${__object:?}/explorer/auth_conf")" fi - case $(cat "${__object}/parameter/security") + case $(cat "${__object:?}/parameter/security") in (ssl|tls) default_smtp_port=465 @@ -77,35 +77,35 @@ conf_should=$( ;; esac - if test -s "${__object}/parameter/port" + if test -s "${__object:?}/parameter/port" then - printf 'PORT %u\n' "$(cat "${__object}/parameter/port")" + printf 'PORT %u\n' "$(cat "${__object:?}/parameter/port")" elif test "${default_smtp_port}" -ne 25 # DMA uses port 25 by default then printf 'PORT %u\n' "${default_smtp_port}" fi - if test -f "${__object}/parameter/masquerade" + if test -f "${__object:?}/parameter/masquerade" then while read -r line do printf 'MASQUERADE %s\n' "${line}" - done <"${__object}/parameter/masquerade" + done <"${__object:?}/parameter/masquerade" fi - if test -f "${__object}/parameter/defer" + if test -f "${__object:?}/parameter/defer" then echo 'DEFER' fi - if test -f "${__object}/parameter/fullbounce" + if test -f "${__object:?}/parameter/fullbounce" then echo 'FULLBOUNCE' fi - if test -f "${__object}/parameter/nullclient" + if test -f "${__object:?}/parameter/nullclient" then - test -s "${__object}/parameter/smarthost" || { + test -s "${__object:?}/parameter/smarthost" || { echo '--nullclient requires a --smarthost to be defined' >&2 exit 1 } @@ -114,10 +114,10 @@ conf_should=$( fi ) # Sort conf_should to compare against "conf_is" -conf_should=$(echo "$conf_should" | sort -s -k 1,1) +conf_should=$(echo "${conf_should}" | sort -s -k 1,1) config_updated=false -if ! echo "$conf_should" | cmp -s "${__object}/explorer/conf" - +if ! echo "${conf_should}" | cmp -s "${__object:?}/explorer/conf" - then # config needs to be updated dma_conf="${CONF_PATH:?}/dma.conf" @@ -140,7 +140,7 @@ then # at the end of the file. cat <'${dma_conf}.tmp' \ +awk '$(drop_awk_comments "${__type:?}/files/update_dma_conf.awk")' '${dma_conf}' '${dma_conf}' <<'EOF' >'${dma_conf}.tmp' \ && cat '${dma_conf}.tmp' >'${dma_conf}' ${conf_should} EOF @@ -148,28 +148,28 @@ rm '${dma_conf}.tmp' CODE config_updated=true - echo 'config updated' >>"${__messages_out}" + echo 'config updated' >>"${__messages_out:?}" fi -if test -f "${__object}/parameter/send-test-email" +if test -f "${__object:?}/parameter/send-test-email" then - if grep -q '^__mail_alias/root:' "${__messages_in}" \ - || grep -q '^__dma_auth/' "${__messages_in}" \ + if grep -q '^__mail_alias/root:' "${__messages_in:?}" \ + || grep -q '^__dma_auth/' "${__messages_in:?}" \ || $config_updated then - cat <<-EOF - sendmail root <. # -os=$(cat "${__global}/explorer/os") +os=$(cat "${__global:?}/explorer/os") # Install DMA case $os diff --git a/type/__dma_auth/gencode-remote b/type/__dma_auth/gencode-remote index d8be7e8..aee4d7f 100755 --- a/type/__dma_auth/gencode-remote +++ b/type/__dma_auth/gencode-remote @@ -20,14 +20,14 @@ drop_awk_comments() { sed '/^[[:blank:]]*#.*$/d;/^$/d' "$@"; } -state_is=$(cat "${__object}/explorer/state") -state_should=$(cat "${__object}/parameter/state") +state_is=$(cat "${__object:?}/explorer/state") +state_should=$(cat "${__object:?}/parameter/state") -server=$__object_id -login=$(cat "${__object}/parameter/login") +server=${__object_id:?} +login=$(cat "${__object:?}/parameter/login") -auth_conf=$(cat "${__object}/explorer/auth_conf") +auth_conf=$(cat "${__object:?}/explorer/auth_conf") test -n "${auth_conf}" || { echo 'Cannot determine path of dma auth.conf' >&2 exit 1 @@ -46,13 +46,13 @@ in if test "${state_is}" = 'absent' then - printf 'add authuser %s on %s\n' "${login}" "${server}" >>"${__messages_out}" + printf 'add authuser %s on %s\n' "${login}" "${server}" >>"${__messages_out:?}" else - printf 'set authuser %s on %s\n' "${login}" "${server}" >>"${__messages_out}" + printf 'set authuser %s on %s\n' "${login}" "${server}" >>"${__messages_out:?}" fi ;; (absent) - printf 'delete authuser %s on %s\n' "${login}" "${server}" >>"${__messages_out}" + printf 'delete authuser %s on %s\n' "${login}" "${server}" >>"${__messages_out:?}" ;; (*) printf 'Invalid --state: %s.\n' "${state_should}" >&2 @@ -65,7 +65,7 @@ esac cat <'${auth_conf}.tmp' \ +awk '$(drop_awk_comments "${__type:?}/files/update_dma_auth.awk")' <'${auth_conf}' >'${auth_conf}.tmp' \ && cat '${auth_conf}.tmp' >'${auth_conf}' rm -f '${auth_conf}.tmp' EOF diff --git a/type/__mail_alias/explorer/aliases b/type/__mail_alias/explorer/aliases index 4fffd3b..5b5d68d 100755 --- a/type/__mail_alias/explorer/aliases +++ b/type/__mail_alias/explorer/aliases @@ -20,9 +20,11 @@ # Find aliases for a given user name and print the aliases (each one on a # separate line) -aliases_file=$("${__type_explorer}/aliases_file") +aliases_file=$("${__type_explorer:?}/aliases_file") test -r "${aliases_file}" || exit 0 +: "${__object_id:?}" # assert __object_id is set, because it is used in AWK + awk -F ':[ \t]*' ' function print_aliases(aliases, matches) { # prints comma-separated aliases (one per line) diff --git a/type/__mail_alias/explorer/aliases_file b/type/__mail_alias/explorer/aliases_file index a59bb99..7f09f88 100755 --- a/type/__mail_alias/explorer/aliases_file +++ b/type/__mail_alias/explorer/aliases_file @@ -28,7 +28,7 @@ check_file() { fi } -case $("${__explorer}/os") +case $("${__explorer:?}/os") in (freebsd|openbsd|solaris) check_file /etc/mail/aliases diff --git a/type/__mail_alias/gencode-remote b/type/__mail_alias/gencode-remote index e5bc2b7..7ef2f7c 100755 --- a/type/__mail_alias/gencode-remote +++ b/type/__mail_alias/gencode-remote @@ -20,7 +20,7 @@ drop_awk_comments() { sed '/^[[:blank:]]*#.*$/d;/^$/d' "$@"; } -aliases_file=$(cat "${__object}/explorer/aliases_file") +aliases_file=$(cat "${__object:?}/explorer/aliases_file") test -n "${aliases_file}" || { echo 'Could not determine aliases file path.' >&2 @@ -28,29 +28,29 @@ test -n "${aliases_file}" || { } -state_should=$(cat "${__object}/parameter/state") +state_should=$(cat "${__object:?}/parameter/state") case $state_should in (present) - if cmp -s "${__object}/explorer/aliases" "${__object}/parameter/alias" + if cmp -s "${__object:?}/explorer/aliases" "${__object:?}/parameter/alias" then # all good! exit 0 fi - if test -s "${__object}/explorer/aliases" + if test -s "${__object:?}/explorer/aliases" then - echo "update aliases" >>"$__messages_out" + echo "update aliases" >>"${__messages_out:?}" else - echo "add aliases" >>"$__messages_out" + echo "add aliases" >>"${__messages_out:?}" fi ;; (absent) # nothing to do if no aliases found. - test -s "${__object}/explorer/aliases" || exit 0 + test -s "${__object:?}/explorer/aliases" || exit 0 - echo "delete aliases" >>"$__messages_out" + echo "delete aliases" >>"${__messages_out:?}" ;; (*) printf 'Invalid --state: %s.\n' "${state_should}" >&2 @@ -61,7 +61,7 @@ esac cat <'${aliases_file}.tmp' \ +awk '$(drop_awk_comments "${__type:?}/files/update_aliases.awk")' <'${aliases_file}' >'${aliases_file}.tmp' \ || { rm -f '${aliases_file}.tmp' echo 'Generating new aliases file failed!' >&2 From 161e1e85f4b7696036bc1684426e33962d713fa7 Mon Sep 17 00:00:00 2001 From: Dennis Camera Date: Mon, 28 Sep 2020 17:54:35 +0200 Subject: [PATCH 51/84] [scripts/run-shellcheck.sh] Do not shellcheck AWK and Python scripts --- scripts/run-shellcheck.sh | 26 +++++++++++++++++--------- 1 file changed, 17 insertions(+), 9 deletions(-) diff --git a/scripts/run-shellcheck.sh b/scripts/run-shellcheck.sh index 769f853..fcca722 100755 --- a/scripts/run-shellcheck.sh +++ b/scripts/run-shellcheck.sh @@ -1,21 +1,29 @@ -#!/bin/sh +#!/bin/sh -eu -SHELLCHECKCMD="shellcheck -s sh -f gcc -x" +SHELLCHECKCMD='shellcheck -s sh -f gcc -x' # Skip SC2154 for variables starting with __ since such variables are cdist # environment variables. SHELLCHECK_SKIP=': __.*is referenced but not assigned.*\[SC2154\]' -SHELLCHECKTMP=".shellcheck.tmp" +SHELLCHECKTMP='.shellcheck.tmp' # Move to top-level cdist-contrib directory. -cd $(dirname $0)/.. +cd "$(dirname $0)"/.. -check () { - find type/ -type f $1 $2 -exec ${SHELLCHECKCMD} {} + | grep -v "${SHELLCHECK_SKIP}" > "${SHELLCHECKTMP}" - test ! -s "${SHELLCHECKTMP}" || { cat "${SHELLCHECKTMP}"; exit 1; } +check() { + find type/ -type f "$@" -exec ${SHELLCHECKCMD} {} + \ + | grep -v "${SHELLCHECK_SKIP}" >>"${SHELLCHECKTMP}" || true } -check -path "*/explorer/*" -check -path "*/files/*" +rm -f "${SHELLCHECKTMP}" + +check -path '*/explorer/*' +check -path '*/files/*' ! -name '*.awk' ! -name '*.py' check -name manifest check -name gencode-local check -name gencode-remote + +if test -s "${SHELLCHECKTMP}" +then + cat "${SHELLCHECKTMP}" >&2 + exit 1 +fi From c6b795b3f9ac5472b00818fd53b6da02feabb52a Mon Sep 17 00:00:00 2001 From: Dennis Camera Date: Thu, 1 Oct 2020 12:55:38 +0200 Subject: [PATCH 52/84] [type/__mail_alias] Update man.rst and make --alias required --- type/__mail_alias/gencode-remote | 6 ++++++ type/__mail_alias/man.rst | 15 ++++++++------- 2 files changed, 14 insertions(+), 7 deletions(-) diff --git a/type/__mail_alias/gencode-remote b/type/__mail_alias/gencode-remote index 7ef2f7c..3eea452 100755 --- a/type/__mail_alias/gencode-remote +++ b/type/__mail_alias/gencode-remote @@ -39,6 +39,12 @@ in exit 0 fi + test -s "${__object:?}/parameter/alias" || { + printf 'The --alias parameter is required if --state present.\n' >&2 + printf 'Use --state absent to remove all aliases.\n' >&2 + exit 1 + } + if test -s "${__object:?}/explorer/aliases" then echo "update aliases" >>"${__messages_out:?}" diff --git a/type/__mail_alias/man.rst b/type/__mail_alias/man.rst index 3782ffb..d6d9742 100644 --- a/type/__mail_alias/man.rst +++ b/type/__mail_alias/man.rst @@ -8,7 +8,7 @@ cdist-type__mail_alias - Manage mail aliases. DESCRIPTION ----------- -This cdist type allows you to configure mail aliases (/etc/mail/aliases). +This cdist type allows you to configure mail aliases (/etc/aliases). REQUIRED PARAMETERS @@ -21,11 +21,12 @@ OPTIONAL PARAMETERS state 'present' or 'absent', defaults to 'present' alias - the aliases where mail for the given user should be redirected to. - This parameter can be specified multiple times to redirect to more than one - recipient. - See the `aliases(5)` man page for the different forms this parameter can - take.. + an alias, i.e. a mail address where mail for the user should be redirected + to. + This parameter can be specified multiple times to redirect to multiple + recipients. + If ``--state`` is ``present`` this parameter is required. + See `aliases(5)` for the different forms this parameter can take. BOOLEAN PARAMETERS @@ -51,7 +52,7 @@ BUGS containing ``,`` (commas) are treated incorrectly (they are treated as two addresses/aliases.) Make sure that email addresses do not contain commas. - +- ``:include:`` directives in the aliases file are ignored by this type. SEE ALSO -------- From f202d11124347783dbd679ae521f1bcb09e73cbb Mon Sep 17 00:00:00 2001 From: Dennis Camera Date: Thu, 1 Oct 2020 13:45:20 +0200 Subject: [PATCH 53/84] [type/__mail_alias] Fix continuation line processing --- type/__mail_alias/explorer/aliases | 12 ++++-------- type/__mail_alias/files/update_aliases.awk | 8 +++----- 2 files changed, 7 insertions(+), 13 deletions(-) diff --git a/type/__mail_alias/explorer/aliases b/type/__mail_alias/explorer/aliases index 5b5d68d..ac13d7c 100755 --- a/type/__mail_alias/explorer/aliases +++ b/type/__mail_alias/explorer/aliases @@ -31,7 +31,7 @@ function print_aliases(aliases, matches) { split(aliases, matches, /,[ \t]*/) for (i in matches) { gsub(/^[ \t]*|[ \t]*$/, "", matches[i]) - print matches[i] + if (matches[i]) print matches[i] } } @@ -47,14 +47,10 @@ function print_aliases(aliases, matches) { is_cont = /^[ \t]/ || cont # detect if the line is a line to be continued (ends with a backslash) - cont = ($0 ~ /\\$/) + cont = /\\$/ - # if it is, we drop the backslash from the line and skip to next line - # (the contents have been printed above if they should) - if (cont) { - sub(/[ \t]*\\$/, "", $0) - next - } + # if it is, we drop the backslash from the line + if (cont) sub(/[ \t]*\\$/, "", $0) } is_cont { diff --git a/type/__mail_alias/files/update_aliases.awk b/type/__mail_alias/files/update_aliases.awk index 87ea202..336009f 100644 --- a/type/__mail_alias/files/update_aliases.awk +++ b/type/__mail_alias/files/update_aliases.awk @@ -67,14 +67,12 @@ BEGIN { is_cont = /^[ \t]/ || cont # detect if the line is a line to be continued (ends with a backslash) - cont = ($0 ~ /\\$/) - # if it is, we drop the backslash from the line. - if (cont) sub(/[ \t]*\\$/, "", $0) + cont = /\\$/ } is_cont { - # we ignore the line as it has been rewritten previously or is not - # interesting + # we only print the line if it has not been rewritten (select) + if (!select) print next } From 1c9ab6e07b1808ce708cc9926bce4983a7faf0d7 Mon Sep 17 00:00:00 2001 From: Dennis Camera Date: Thu, 1 Oct 2020 17:18:01 +0200 Subject: [PATCH 54/84] [type/__dma] Update man.rst --- type/__dma/gencode-remote | 5 ++-- type/__dma/man.rst | 56 ++++++++++++++++++++++----------------- 2 files changed, 35 insertions(+), 26 deletions(-) diff --git a/type/__dma/gencode-remote b/type/__dma/gencode-remote index e254323..1987106 100755 --- a/type/__dma/gencode-remote +++ b/type/__dma/gencode-remote @@ -66,7 +66,7 @@ conf_should=$( echo 'STARTTLS' ;; (opportunistic) - default_smtp_port=25 # XXX: correct? + default_smtp_port=25 echo 'SECURETRANSFER' echo 'STARTTLS' echo 'OPPORTUNISTIC_TLS' @@ -152,7 +152,8 @@ CODE fi -if test -f "${__object:?}/parameter/send-test-email" +# Send a test email if enabled and necessary (=configuration changed) +if test -f "${__object:?}/parameter/send-test-mail" then if grep -q '^__mail_alias/root:' "${__messages_in:?}" \ || grep -q '^__dma_auth/' "${__messages_in:?}" \ diff --git a/type/__dma/man.rst b/type/__dma/man.rst index ba4a5a6..29a71fa 100644 --- a/type/__dma/man.rst +++ b/type/__dma/man.rst @@ -8,47 +8,46 @@ cdist-type__dma - Setup the DragonFly Mail Agent as the MTA. DESCRIPTION ----------- -This (singleton) type uses dma, a small Mail Transport Agent (MTA), to accept -mails from locally installed Mail User Agents (MUA) and deliver the mails -to a remote destination. - -Remote delivery happens over TLS to one or more mailboxes that are local to the -mail server configured in the ``smarthost`` parameter. +This (singleton) type uses DMA, a small Mail Transport Agent (MTA), to accept +mails from locally installed Mail User Agents (MUA) and either deliver the mails +to a remote smart host for delivery or communicate with remote SMTP servers +directly. REQUIRED PARAMETERS ------------------- -smarthost - The mail server used to send email. - It must be configured to act as a relay for the host being configured by - this type so that mail can be sent to users non-local to the smarthost. +None. BOOLEAN PARAMETERS ------------------ defer - If enabled, the mail queue has to be manually flushed with the `-q` option. -full-bounce - Enable if the bounce message should include the complete original message, + If enabled, mail will not be sent immediately, but stored in a queue. + To flush the queue and send the mails, ```dma -q`` has to be run + periodically (e.g. using a cron job.) + This type does not manage such a cron job, but some operating systems ship + such a cron job with the package. +fullbounce + Enable if bounce messages should include the complete original message, not just the headers. -null-client +nullclient Enable to bypass aliases and local delivery, and instead forward all mails to the defined ``--smarthost``. -send-test-email - If present, after setup this type will send an email to root, to allow you - to easily test your setup. +send-test-mail + If set, this type will send a test email to root after setup, to check if + the configured settings work. OPTIONAL PARAMETERS ------------------- mailname If present, this will be the hostname used to identify this host and the - remote part of the from addresses. - If not defined, it defaults to `/etc/mailname` on Debian derivatives and to - `__target_fqdn` otherwise. + remote part of the sender addresses. + If not defined, it defaults to ``/etc/mailname`` on Debian derivatives and + to ``__target_fqdn`` otherwise. See `dma(8)` for more information. - Note: on Debian derivatives the `/etc/mailname` file should be updated + Note: on Debian derivatives the ``/etc/mailname`` file should be updated instead of using this parameter. masquerade Masquerade the envelope-from addresses with this address/hostname. @@ -59,7 +58,7 @@ masquerade port The port on which to deliver email. If not provided, a sensible default port will be used based on the - `--security` argument. + ``--security`` argument. security Configures whether and how DMA should use secure connections. @@ -74,14 +73,23 @@ security messages directly to the outside mail exchangers. insecure allow plain text SMTP login over an insecure connection. - Should really not be used anymore! + Should really *not* be used anymore! +smarthost + The mail server used to send email. + It must be configured to act as a relay for the host being configured by + this type so that mail can be sent to users non-local to the smarthost. + EXAMPLES -------- .. code-block:: sh - __dma --smarthost mx1.domain.tld --send-test-email + # Install DMA and use the smarthost mx1.domain.tld to send mail. + __dma --smarthost mx1.domain.tld --send-test-mail + + # Install DMA in a default configuration. + __dma SEE ALSO From f76bcd35742d4dc0db2af247b2be51fc6ae6132c Mon Sep 17 00:00:00 2001 From: Dennis Camera Date: Thu, 1 Oct 2020 17:21:19 +0200 Subject: [PATCH 55/84] [type/__dma_auth] Update man.rst --- type/__dma_auth/man.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/type/__dma_auth/man.rst b/type/__dma_auth/man.rst index f56bfb7..da76883 100644 --- a/type/__dma_auth/man.rst +++ b/type/__dma_auth/man.rst @@ -27,7 +27,7 @@ password OPTIONAL PARAMETERS ------------------- state - Either `present` or `absent`. Defaults to `present`. + Either ``present`` or ``absent``. Defaults to ``present``. BOOLEAN PARAMETERS ------------------ From 04076a75eb728b8d4ad50b31c1b0bd87a9d781a8 Mon Sep 17 00:00:00 2001 From: Dennis Camera Date: Mon, 16 Nov 2020 13:57:34 +0100 Subject: [PATCH 56/84] [type/__mail_alias] man.rst: Make bugs a list --- type/__mail_alias/man.rst | 14 +++++++++----- 1 file changed, 9 insertions(+), 5 deletions(-) diff --git a/type/__mail_alias/man.rst b/type/__mail_alias/man.rst index d6d9742..de40512 100644 --- a/type/__mail_alias/man.rst +++ b/type/__mail_alias/man.rst @@ -48,11 +48,15 @@ EXAMPLES BUGS ---- -- Quoted strings are not parsed by this type. As a result, email addresses - containing ``,`` (commas) are treated incorrectly (they are treated as two - addresses/aliases.) - Make sure that email addresses do not contain commas. -- ``:include:`` directives in the aliases file are ignored by this type. +- Quoted strings are not parsed by this type. As a result, aliases + containing ``,`` (commas) are treated incorrectly (they are treated as + separate aliases.) + Make sure that email addresses, file names, and pipe commands do not contain + commas. +- ``:include:`` directives in the aliases file are not evaluated by this type. + They are treated like a regular alias, the values of the included file are + not expanded. + SEE ALSO -------- From 7e20d13b9ff5126580c0ac9a9231c2ebea966985 Mon Sep 17 00:00:00 2001 From: Dennis Camera Date: Mon, 16 Nov 2020 13:58:05 +0100 Subject: [PATCH 57/84] [type/__mail_alias] Use explicit line variables in update_aliases.awk --- type/__mail_alias/files/update_aliases.awk | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/type/__mail_alias/files/update_aliases.awk b/type/__mail_alias/files/update_aliases.awk index 336009f..11a4c85 100644 --- a/type/__mail_alias/files/update_aliases.awk +++ b/type/__mail_alias/files/update_aliases.awk @@ -18,11 +18,11 @@ # along with cdist. If not, see . # -function getvalue(path) { +function getvalue(path, line) { # Reads the first line of the file located at path and returns it. - getline < path + getline line < path close(path) - return $0 + return line } function sepafter(f, def, _) { @@ -31,14 +31,14 @@ function sepafter(f, def, _) { return _ ? _ : def } -function write_aliases() { +function write_aliases( line) { if (aliases_written) return # print aliases line printf "%s%s", ENVIRON["__object_id"], sepafter(1, ": ") - while ((getline < aliases_should_file) > 0) { + while ((getline line < aliases_should_file) > 0) { if (aliases_written) printf ", " - printf "%s", $0 + printf "%s", line aliases_written = 1 } printf "\n" From 0932c9ccde66bdcb75e998f7a730624fdbd3068e Mon Sep 17 00:00:00 2001 From: Dennis Camera Date: Mon, 16 Nov 2020 14:10:30 +0100 Subject: [PATCH 58/84] [type/{__dma,__dma_auth,__mail_alias}] Quote things properly --- type/__dma/files/update_dma_conf.awk | 2 +- type/__dma/gencode-remote | 17 +++++++++-------- type/__dma_auth/gencode-remote | 11 ++++++----- type/__mail_alias/gencode-remote | 17 +++++++++-------- 4 files changed, 25 insertions(+), 22 deletions(-) diff --git a/type/__dma/files/update_dma_conf.awk b/type/__dma/files/update_dma_conf.awk index 67661fd..2f60a3d 100644 --- a/type/__dma/files/update_dma_conf.awk +++ b/type/__dma/files/update_dma_conf.awk @@ -18,7 +18,7 @@ # along with cdist. If not, see . function comment_line(line) { - # returns the position in line at which the comment'\''s text starts + # returns the position in line at which the comment's text starts # (0 if the line is not a comment) match(line, /^[ \t]*\#+[ \t]*/) return RSTART ? (RLENGTH + 1) : 0 diff --git a/type/__dma/gencode-remote b/type/__dma/gencode-remote index 1987106..a33388d 100755 --- a/type/__dma/gencode-remote +++ b/type/__dma/gencode-remote @@ -18,7 +18,8 @@ # along with cdist. If not, see . # -drop_awk_comments() { sed '/^[[:blank:]]*#.*$/d;/^$/d' "$@"; } +quote() { printf "'%s'" "$(printf '%s' "$*" | sed -e "s/'/'\\\\''/g")"; } +drop_awk_comments() { quote "$(sed '/^[[:blank:]]*#.*$/d;/^$/d' "$@")"; } CONF_PATH=/etc/dma # set in Makefile @@ -139,13 +140,13 @@ then # options are grouped by word (the first word in the line) and appended # at the end of the file. - cat <'${dma_conf}.tmp' \ -&& cat '${dma_conf}.tmp' >'${dma_conf}' -${conf_should} -EOF -rm '${dma_conf}.tmp' -CODE + cat <<-CODE + awk $(drop_awk_comments "${__type:?}/files/update_dma_conf.awk") $(quote "${dma_conf}") $(quote "${dma_conf}") <<'EOF' >$(quote "${dma_conf}.tmp") \ + && cat $(quote "${dma_conf}.tmp") >$(quote "${dma_conf}") + ${conf_should} + EOF + rm $(quote "${dma_conf}.tmp") + CODE config_updated=true echo 'config updated' >>"${__messages_out:?}" diff --git a/type/__dma_auth/gencode-remote b/type/__dma_auth/gencode-remote index aee4d7f..4279b7a 100755 --- a/type/__dma_auth/gencode-remote +++ b/type/__dma_auth/gencode-remote @@ -18,7 +18,8 @@ # along with cdist. If not, see . # -drop_awk_comments() { sed '/^[[:blank:]]*#.*$/d;/^$/d' "$@"; } +quote() { printf "'%s'" "$(printf '%s' "$*" | sed -e "s/'/'\\\\''/g")"; } +drop_awk_comments() { quote "$(sed '/^[[:blank:]]*#.*$/d;/^$/d' "$@")"; } state_is=$(cat "${__object:?}/explorer/state") state_should=$(cat "${__object:?}/parameter/state") @@ -63,9 +64,9 @@ esac cat <'${auth_conf}.tmp' \ -&& cat '${auth_conf}.tmp' >'${auth_conf}' -rm -f '${auth_conf}.tmp' +awk $(drop_awk_comments "${__type:?}/files/update_dma_auth.awk") <$(quote "${auth_conf}") >$(quote "${auth_conf}.tmp") \ +&& cat $(quote "${auth_conf}.tmp") >$(quote "${auth_conf}") +rm -f $(quote "${auth_conf}.tmp") EOF diff --git a/type/__mail_alias/gencode-remote b/type/__mail_alias/gencode-remote index 3eea452..4a8f889 100755 --- a/type/__mail_alias/gencode-remote +++ b/type/__mail_alias/gencode-remote @@ -18,7 +18,8 @@ # along with cdist. If not, see . # -drop_awk_comments() { sed '/^[[:blank:]]*#.*$/d;/^$/d' "$@"; } +quote() { printf "'%s'" "$(printf '%s' "$*" | sed -e "s/'/'\\\\''/g")"; } +drop_awk_comments() { quote "$(sed '/^[[:blank:]]*#.*$/d;/^$/d' "$@")"; } aliases_file=$(cat "${__object:?}/explorer/aliases_file") @@ -30,7 +31,7 @@ test -n "${aliases_file}" || { state_should=$(cat "${__object:?}/parameter/state") -case $state_should +case ${state_should} in (present) if cmp -s "${__object:?}/explorer/aliases" "${__object:?}/parameter/alias" @@ -65,22 +66,22 @@ in esac cat <'${aliases_file}.tmp' \ +awk $(drop_awk_comments "${__type:?}/files/update_aliases.awk") <$(quote "${aliases_file}") >$(quote "${aliases_file}.tmp") \ || { - rm -f '${aliases_file}.tmp' + rm -f $(quote "${aliases_file}.tmp") echo 'Generating new aliases file failed!' >&2 exit 1 } -if ! cmp -s '${aliases_file}' '${aliases_file}.tmp' +if ! cmp -s $(quote "${aliases_file}") $(quote "${aliases_file}.tmp") then # aliases file was modified, replace: - cat '${aliases_file}.tmp' >'${aliases_file}' + cat $(quote "${aliases_file}.tmp") >$(quote "${aliases_file}") # then, run newaliases if present ("missing" on Alpine Linux because of typo) command -v newaliases >/dev/null 2>&1 && newaliases || true fi -rm -f '${aliases_file}.tmp' +rm -f $(quote "${aliases_file}.tmp") EOF From 487574c865c0b150d83bc37bfda44c0051f91973 Mon Sep 17 00:00:00 2001 From: Dennis Camera Date: Mon, 16 Nov 2020 14:15:52 +0100 Subject: [PATCH 59/84] [type/__dma] Convert AWK to loop over same file twice --- type/__dma/files/update_dma_conf.awk | 8 ++++++++ type/__dma/gencode-remote | 2 +- 2 files changed, 9 insertions(+), 1 deletion(-) diff --git a/type/__dma/files/update_dma_conf.awk b/type/__dma/files/update_dma_conf.awk index 2f60a3d..15ef7bf 100644 --- a/type/__dma/files/update_dma_conf.awk +++ b/type/__dma/files/update_dma_conf.awk @@ -88,6 +88,12 @@ BEGIN { FS = "\n" EQS = "[ \t]" # copied from dma/conf.c + if (ARGV[2]) exit (e=1) + + # Loop over file twice! + ARGV[2] = ARGV[1] + ARGC++ + # read the "should" state into the `conf` array. while (getline < "/dev/stdin") { word = first($0, EQS) @@ -165,6 +171,8 @@ NR > FNR { } END { + if (e) exit + # print rest of config options ( for (word in conf) print_confs(word) } diff --git a/type/__dma/gencode-remote b/type/__dma/gencode-remote index a33388d..fa676d4 100755 --- a/type/__dma/gencode-remote +++ b/type/__dma/gencode-remote @@ -141,7 +141,7 @@ then # at the end of the file. cat <<-CODE - awk $(drop_awk_comments "${__type:?}/files/update_dma_conf.awk") $(quote "${dma_conf}") $(quote "${dma_conf}") <<'EOF' >$(quote "${dma_conf}.tmp") \ + awk $(drop_awk_comments "${__type:?}/files/update_dma_conf.awk") $(quote "${dma_conf}") <<'EOF' >$(quote "${dma_conf}.tmp") \ && cat $(quote "${dma_conf}.tmp") >$(quote "${dma_conf}") ${conf_should} EOF From 006987307f9a93d8297260becea880e27bceb347 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Timoth=C3=A9e=20Floure?= Date: Mon, 4 Jan 2021 09:43:37 +0100 Subject: [PATCH 60/84] __unbound: make the --dns64-prefix flag optional --- type/__unbound/files/unbound.conf.sh | 16 ++++++++++++++-- type/__unbound/man.rst | 6 +++--- type/__unbound/manifest | 7 +++++-- type/__unbound/parameter/required | 1 - 4 files changed, 22 insertions(+), 8 deletions(-) delete mode 100644 type/__unbound/parameter/required diff --git a/type/__unbound/files/unbound.conf.sh b/type/__unbound/files/unbound.conf.sh index 2f7ecff..39443d8 100755 --- a/type/__unbound/files/unbound.conf.sh +++ b/type/__unbound/files/unbound.conf.sh @@ -1,5 +1,10 @@ #!/bin/sh +module_config="validator iterator" +if [ -n "$DNS64_PREFIX" ]; then + module_config="dns64 $module_config" +fi + generate_interface() { for i in $INTERFACES; do echo " interface: $i" @@ -26,6 +31,12 @@ generate_local_data() { done } +generate_dns64_prefix() { + if [ -n "$DNS64_PREFIX" ]; then + echo " dns64-prefix: $DNS64_PREFIX" + fi +} + cat << EOF # # THIS FILE HAS BEEN GENERATED BY CDIST, DO NOT EDIT BY HAND. @@ -506,7 +517,7 @@ $(generate_access_control) # most modules have to be listed at the beginning of the line, # except cachedb(just before iterator), and python (at the beginning, # or, just before the iterator). - module-config: "dns64 validator iterator" + module-config: "$module_config" # File with trusted keys, kept uptodate using RFC5011 probes, # initial file like trust-anchor-file, then it stores metadata. @@ -776,7 +787,8 @@ $(generate_local_data) # DNS64 prefix. Must be specified when DNS64 is use. # Enable dns64 in module-config. Used to synthesize IPv6 from IPv4. - dns64-prefix: $DNS64_PREFIX + # dns64-prefix: $DNS64_PREFIX" + $(generate_dns64_prefix) # DNS64 ignore AAAA records for these domains and use A instead. # dns64-ignore-aaaa: "example.com" diff --git a/type/__unbound/man.rst b/type/__unbound/man.rst index 316d011..05fce45 100644 --- a/type/__unbound/man.rst +++ b/type/__unbound/man.rst @@ -13,9 +13,6 @@ answers from specified upstrean DNS server. This is a singleton type. REQUIRED PARAMETERS ------------------- -dns64_prefix - IPv6 prefix used for DNS64. - forward_addr DNS servers used to lookup names, can be provided multiple times. It can be either an IPv4 or IPv6 address but no domain name. @@ -38,6 +35,9 @@ local_data Configure local data, which is served in reply to queries for it. Can be specified multiple times. +dns64_prefix + Enable DNS64 with specified prefix. + BOOLEAN PARAMETERS ------------------ disable-ip4 diff --git a/type/__unbound/manifest b/type/__unbound/manifest index 5d6b50f..53a8ab6 100755 --- a/type/__unbound/manifest +++ b/type/__unbound/manifest @@ -33,12 +33,15 @@ case "$os" in esac # Required parameters: -DNS64_PREFIX=$(cat "$__object/parameter/dns64_prefix") -export DNS64_PREFIX FORWARD_ADDRS=$(cat "$__object/parameter/forward_addr") export FORWARD_ADDRS # Optional parameters: +if [ -f "$__object/parameter/dns64_prefix" ]; then + DNS64_PREFIX=$(cat "$__object/parameter/dns64_prefix") + export DNS64_PREFIX +fi + if [ -f "$__object/parameter/interface" ]; then INTERFACES=$(cat "$__object/parameter/interface") export INTERFACES diff --git a/type/__unbound/parameter/required b/type/__unbound/parameter/required deleted file mode 100644 index 4ad232f..0000000 --- a/type/__unbound/parameter/required +++ /dev/null @@ -1 +0,0 @@ -dns64_prefix From 9f4a85901ef8d58e95924dd9f584ca6437934030 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Timoth=C3=A9e=20Floure?= Date: Mon, 4 Jan 2021 11:04:07 +0100 Subject: [PATCH 61/84] Import html/man doc generation logic from upstream cdist --- .gitlab-ci.yml | 10 +- Makefile | 70 ++++++++++ docs/src/Makefile | 235 ++++++++++++++++++++++++++++++++++ docs/src/conf.py | 101 +++++++++++++++ docs/src/index.rst.sh | 45 +++++++ docs/src/manpage.py | 87 +++++++++++++ type/__matrix_element/man.rst | 2 +- type/__matterbridge/man.rst | 4 +- type/__netbox/man.rst | 5 +- type/__netbox_uwsgi/man.rst | 5 +- 10 files changed, 552 insertions(+), 12 deletions(-) create mode 100644 Makefile create mode 100644 docs/src/Makefile create mode 100644 docs/src/conf.py create mode 100755 docs/src/index.rst.sh create mode 100644 docs/src/manpage.py diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index dba7864..79c532e 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -1,14 +1,20 @@ stages: - test + - doc image: code.ungleich.ch:5050/ungleich-public/cdist/cdist-ci:latest shellcheck: stage: test script: - - ./scripts/run-shellcheck.sh + - make lint manpages: stage: test script: - - ./scripts/run-manpage-checks.sh + - make check-manpages + +docs: + stage: doc + script: + - make docs diff --git a/Makefile b/Makefile new file mode 100644 index 0000000..1a0cfb3 --- /dev/null +++ b/Makefile @@ -0,0 +1,70 @@ +.PHONY: help +help: + @echo "Please use \`make ' where is one of" + @echo "man build only man user documentation" + @echo "html build only html user documentation" + @echo "docs build both man and html user documentation" + @echo "check-manpages check for manpage in types" + @echo "lint run shellcheck on types" + @echo "check run both type manpage checks and linting" + @echo "clean clean" + +DOCS_SRC_DIR=./docs/src +TYPEDIR=./type + +SPHINXM=make -C $(DOCS_SRC_DIR) man +SPHINXH=make -C $(DOCS_SRC_DIR) html +SPHINXC=make -C $(DOCS_SRC_DIR) clean + +################################################################################ +# Manpages +# +MAN7DSTDIR=$(DOCS_SRC_DIR)/man7 + +# Use shell / ls to get complete list - $(TYPEDIR)/*/man.rst does not work +# Using ls does not work if no file with given pattern exist, so use wildcard +MANTYPESRC=$(wildcard $(TYPEDIR)/*/man.rst) +MANTYPEPREFIX=$(subst $(TYPEDIR)/,$(MAN7DSTDIR)/cdist-type,$(MANTYPESRC)) +MANTYPES=$(subst /man.rst,.rst,$(MANTYPEPREFIX)) + +# Link manpage: do not create man.html but correct named file +$(MAN7DSTDIR)/cdist-type%.rst: $(TYPEDIR)/%/man.rst + mkdir -p $(MAN7DSTDIR) + ln -sf "../../../$^" $@ + +DOCSINDEX=$(MAN7DSTDIR)/index.rst +DOCSINDEXH=$(DOCS_SRC_DIR)/index.rst.sh + +$(DOCSINDEX): $(DOCSINDEXH) + $(DOCSINDEXH) + +# Manpages: .cdist Types +DOT_CDIST_PATH=${HOME}/.cdist +DOTMAN7DSTDIR=$(MAN7DSTDIR) +DOTTYPEDIR=$(DOT_CDIST_PATH)/type + +# Link manpage: do not create man.html but correct named file +$(DOTMAN7DSTDIR)/cdist-type%.rst: $(DOTTYPEDIR)/%/man.rst + ln -sf "$^" $@ + +man: $(MANTYPES) $(DOCSINDEX) + $(SPHINXM) + +html: $(MANTYPES) $(DOCSINDEX) + $(SPHINXH) + +docs: man html + +check-manpages: + ./scripts/run-manpage-checks.sh + +lint: + ./scripts/run-shellcheck.sh + +check: check-manpages lint + +clean: + $(SPHINXC) + rm -f docs/src/index.rst + rm -rf docs/src/man7/ + rm -rf docs/src/__pycache__/ diff --git a/docs/src/Makefile b/docs/src/Makefile new file mode 100644 index 0000000..2e9d6ce --- /dev/null +++ b/docs/src/Makefile @@ -0,0 +1,235 @@ +# Makefile for Sphinx documentation +# + +# You can set these variables from the command line. +SPHINXOPTS ?= +SPHINXBUILD ?= sphinx-build +PAPER ?= +BUILDDIR ?= ../dist +# for cache, etc. +_BUILDDIR = _build + +# User-friendly check for sphinx-build +ifeq ($(shell which $(SPHINXBUILD) >/dev/null 2>&1; echo $$?), 1) + $(error The '$(SPHINXBUILD)' command was not found. Make sure you have Sphinx installed, then set the SPHINXBUILD environment variable to point to the full path of the '$(SPHINXBUILD)' executable. Alternatively you can add the directory with the executable to your PATH. If you don\'t have Sphinx installed, grab it from http://sphinx-doc.org/) +endif + +# Internal variables. +PAPEROPT_a4 = -D latex_paper_size=a4 +PAPEROPT_letter = -D latex_paper_size=letter +ALLSPHINXOPTS = -d $(_BUILDDIR)/doctrees $(PAPEROPT_$(PAPER)) $(SPHINXOPTS) . +# the i18n builder cannot share the environment and doctrees with the others +I18NSPHINXOPTS = $(PAPEROPT_$(PAPER)) $(SPHINXOPTS) . + +.PHONY: help +help: + @echo "Please use \`make ' where is one of" + @echo " html to make standalone HTML files" + @echo " dirhtml to make HTML files named index.html in directories" + @echo " singlehtml to make a single large HTML file" + @echo " pickle to make pickle files" + @echo " json to make JSON files" + @echo " htmlhelp to make HTML files and a HTML help project" + @echo " qthelp to make HTML files and a qthelp project" + @echo " applehelp to make an Apple Help Book" + @echo " devhelp to make HTML files and a Devhelp project" + @echo " epub to make an epub" + @echo " epub3 to make an epub3" + @echo " latex to make LaTeX files, you can set PAPER=a4 or PAPER=letter" + @echo " latexpdf to make LaTeX files and run them through pdflatex" + @echo " latexpdfja to make LaTeX files and run them through platex/dvipdfmx" + @echo " text to make text files" + @echo " man to make manual pages" + @echo " texinfo to make Texinfo files" + @echo " info to make Texinfo files and run them through makeinfo" + @echo " gettext to make PO message catalogs" + @echo " changes to make an overview of all changed/added/deprecated items" + @echo " xml to make Docutils-native XML files" + @echo " pseudoxml to make pseudoxml-XML files for display purposes" + @echo " linkcheck to check all external links for integrity" + @echo " doctest to run all doctests embedded in the documentation (if enabled)" + @echo " coverage to run coverage check of the documentation (if enabled)" + @echo " dummy to check syntax errors of document sources" + +.PHONY: clean +clean: + rm -rf $(BUILDDIR)/* + rm -rf $(_BUILDDIR)/* + +.PHONY: html +html: + $(SPHINXBUILD) -b html $(ALLSPHINXOPTS) $(BUILDDIR)/html + @echo + @echo "Build finished. The HTML pages are in $(BUILDDIR)/html." + +.PHONY: dirhtml +dirhtml: + $(SPHINXBUILD) -b dirhtml $(ALLSPHINXOPTS) $(BUILDDIR)/dirhtml + @echo + @echo "Build finished. The HTML pages are in $(BUILDDIR)/dirhtml." + +.PHONY: singlehtml +singlehtml: + $(SPHINXBUILD) -b singlehtml $(ALLSPHINXOPTS) $(BUILDDIR)/singlehtml + @echo + @echo "Build finished. The HTML page is in $(BUILDDIR)/singlehtml." + +.PHONY: pickle +pickle: + $(SPHINXBUILD) -b pickle $(ALLSPHINXOPTS) $(BUILDDIR)/pickle + @echo + @echo "Build finished; now you can process the pickle files." + +.PHONY: json +json: + $(SPHINXBUILD) -b json $(ALLSPHINXOPTS) $(BUILDDIR)/json + @echo + @echo "Build finished; now you can process the JSON files." + +.PHONY: htmlhelp +htmlhelp: + $(SPHINXBUILD) -b htmlhelp $(ALLSPHINXOPTS) $(BUILDDIR)/htmlhelp + @echo + @echo "Build finished; now you can run HTML Help Workshop with the" \ + ".hhp project file in $(BUILDDIR)/htmlhelp." + +.PHONY: qthelp +qthelp: + $(SPHINXBUILD) -b qthelp $(ALLSPHINXOPTS) $(BUILDDIR)/qthelp + @echo + @echo "Build finished; now you can run "qcollectiongenerator" with the" \ + ".qhcp project file in $(BUILDDIR)/qthelp, like this:" + @echo "# qcollectiongenerator $(BUILDDIR)/qthelp/cdist-docs.qhcp" + @echo "To view the help file:" + @echo "# assistant -collectionFile $(BUILDDIR)/qthelp/cdist-docs.qhc" + +.PHONY: applehelp +applehelp: + $(SPHINXBUILD) -b applehelp $(ALLSPHINXOPTS) $(BUILDDIR)/applehelp + @echo + @echo "Build finished. The help book is in $(BUILDDIR)/applehelp." + @echo "N.B. You won't be able to view it unless you put it in" \ + "~/Library/Documentation/Help or install it in your application" \ + "bundle." + +.PHONY: devhelp +devhelp: + $(SPHINXBUILD) -b devhelp $(ALLSPHINXOPTS) $(BUILDDIR)/devhelp + @echo + @echo "Build finished." + @echo "To view the help file:" + @echo "# mkdir -p $$HOME/.local/share/devhelp/cdist-docs" + @echo "# ln -s $(BUILDDIR)/devhelp $$HOME/.local/share/devhelp/cdist-docs" + @echo "# devhelp" + +.PHONY: epub +epub: + $(SPHINXBUILD) -b epub $(ALLSPHINXOPTS) $(BUILDDIR)/epub + @echo + @echo "Build finished. The epub file is in $(BUILDDIR)/epub." + +.PHONY: epub3 +epub3: + $(SPHINXBUILD) -b epub3 $(ALLSPHINXOPTS) $(BUILDDIR)/epub3 + @echo + @echo "Build finished. The epub3 file is in $(BUILDDIR)/epub3." + +.PHONY: latex +latex: + $(SPHINXBUILD) -b latex $(ALLSPHINXOPTS) $(BUILDDIR)/latex + @echo + @echo "Build finished; the LaTeX files are in $(BUILDDIR)/latex." + @echo "Run \`make' in that directory to run these through (pdf)latex" \ + "(use \`make latexpdf' here to do that automatically)." + +.PHONY: latexpdf +latexpdf: + $(SPHINXBUILD) -b latex $(ALLSPHINXOPTS) $(BUILDDIR)/latex + @echo "Running LaTeX files through pdflatex..." + $(MAKE) -C $(BUILDDIR)/latex all-pdf + @echo "pdflatex finished; the PDF files are in $(BUILDDIR)/latex." + +.PHONY: latexpdfja +latexpdfja: + $(SPHINXBUILD) -b latex $(ALLSPHINXOPTS) $(BUILDDIR)/latex + @echo "Running LaTeX files through platex and dvipdfmx..." + $(MAKE) -C $(BUILDDIR)/latex all-pdf-ja + @echo "pdflatex finished; the PDF files are in $(BUILDDIR)/latex." + +.PHONY: text +text: + $(SPHINXBUILD) -b text $(ALLSPHINXOPTS) $(BUILDDIR)/text + @echo + @echo "Build finished. The text files are in $(BUILDDIR)/text." + +.PHONY: man +man: + $(SPHINXBUILD) -b cman $(ALLSPHINXOPTS) $(BUILDDIR)/man + mkdir -p $(BUILDDIR)/man/man7 + mv -f $(BUILDDIR)/man/*.7 $(BUILDDIR)/man/man7/ + @echo + @echo "Build finished. The manual pages are in $(BUILDDIR)/man." + +.PHONY: texinfo +texinfo: + $(SPHINXBUILD) -b texinfo $(ALLSPHINXOPTS) $(BUILDDIR)/texinfo + @echo + @echo "Build finished. The Texinfo files are in $(BUILDDIR)/texinfo." + @echo "Run \`make' in that directory to run these through makeinfo" \ + "(use \`make info' here to do that automatically)." + +.PHONY: info +info: + $(SPHINXBUILD) -b texinfo $(ALLSPHINXOPTS) $(BUILDDIR)/texinfo + @echo "Running Texinfo files through makeinfo..." + make -C $(BUILDDIR)/texinfo info + @echo "makeinfo finished; the Info files are in $(BUILDDIR)/texinfo." + +.PHONY: gettext +gettext: + $(SPHINXBUILD) -b gettext $(I18NSPHINXOPTS) $(BUILDDIR)/locale + @echo + @echo "Build finished. The message catalogs are in $(BUILDDIR)/locale." + +.PHONY: changes +changes: + $(SPHINXBUILD) -b changes $(ALLSPHINXOPTS) $(BUILDDIR)/changes + @echo + @echo "The overview file is in $(BUILDDIR)/changes." + +.PHONY: linkcheck +linkcheck: + $(SPHINXBUILD) -b linkcheck $(ALLSPHINXOPTS) $(BUILDDIR)/linkcheck + @echo + @echo "Link check complete; look for any errors in the above output " \ + "or in $(BUILDDIR)/linkcheck/output.txt." + +.PHONY: doctest +doctest: + $(SPHINXBUILD) -b doctest $(ALLSPHINXOPTS) $(BUILDDIR)/doctest + @echo "Testing of doctests in the sources finished, look at the " \ + "results in $(BUILDDIR)/doctest/output.txt." + +.PHONY: coverage +coverage: + $(SPHINXBUILD) -b coverage $(ALLSPHINXOPTS) $(BUILDDIR)/coverage + @echo "Testing of coverage in the sources finished, look at the " \ + "results in $(BUILDDIR)/coverage/python.txt." + +.PHONY: xml +xml: + $(SPHINXBUILD) -b xml $(ALLSPHINXOPTS) $(BUILDDIR)/xml + @echo + @echo "Build finished. The XML files are in $(BUILDDIR)/xml." + +.PHONY: pseudoxml +pseudoxml: + $(SPHINXBUILD) -b pseudoxml $(ALLSPHINXOPTS) $(BUILDDIR)/pseudoxml + @echo + @echo "Build finished. The pseudo-XML files are in $(BUILDDIR)/pseudoxml." + +.PHONY: dummy +dummy: + $(SPHINXBUILD) -b dummy $(ALLSPHINXOPTS) $(BUILDDIR)/dummy + @echo + @echo "Build finished. Dummy builder generates no files." diff --git a/docs/src/conf.py b/docs/src/conf.py new file mode 100644 index 0000000..19b2dfd --- /dev/null +++ b/docs/src/conf.py @@ -0,0 +1,101 @@ +#!/usr/bin/env python3 + +import sys +import os +import sphinx_rtd_theme + +from datetime import date + +# If extensions (or modules to document with autodoc) are in another directory, +# add these directories to sys.path here. If the directory is relative to the +# documentation root, use os.path.abspath to make it absolute, like shown here. +# sys.path.insert(0, os.path.abspath('.')) +sys.path.insert(0, os.path.abspath(os.path.join( + os.path.dirname(os.path.realpath(__file__)), "..", ".."))) + +# -- General configuration ------------------------------------------------ + +# If your documentation needs a minimal Sphinx version, state it here. +# needs_sphinx = '1.0' + +# Add any Sphinx extension module names here, as strings. They can be +# extensions coming with Sphinx (named 'sphinx.ext.*') or your custom +# ones. +extensions = [ + 'docs.src.manpage', + 'sphinx.ext.extlinks', +] + +# The suffix(es) of source filenames. +# You can specify multiple suffix as a list of string: +source_suffix = ['.rst'] + +# The encoding of source files. +# source_encoding = 'utf-8-sig' + +# The master toctree document. +master_doc = 'index' + +# General information about the project. +project = 'cdist-contrib' +copyright = 'cdist-contrib contributors' + +# The version info for the project you're documenting, acts as replacement for +# |version| and |release|, also used in various other places throughout the +# built documents. + +version = str(date.today()) +release = os.popen('git rev-parse HEAD').read() + +# The language for content autogenerated by Sphinx. Refer to documentation +# for a list of supported languages. +# +# This is also used if you do content translation via gettext catalogs. +# Usually you set "language" from the command line for these cases. +language = None + +# The name of the Pygments (syntax highlighting) style to use. +pygments_style = 'sphinx' + +# If true, `todo` and `todoList` produce output, else they produce nothing. +todo_include_todos = False + +# -- Options for HTML output ---------------------------------------------- + +# The theme to use for HTML and HTML Help pages. See the documentation for +# a list of builtin themes. +html_theme = 'sphinx_rtd_theme' +html_theme_path = [sphinx_rtd_theme.get_html_theme_path()] + +# Output file base name for HTML help builder. +htmlhelp_basename = 'cdistcontribdoc' + +# -- Options for manual page output --------------------------------------- + +# One entry per manual page. List of tuples +# (source start file, name, description, authors, manual section). +root_mandir = os.path.dirname(os.path.realpath(__file__)) +mandirs = [] +for mansubdir in ('man7',): + mandirs.append((os.path.join(root_mandir, mansubdir), mansubdir[-1])) +man_pages = [] +for mandir, section in mandirs: + for root, dirs, files in os.walk(mandir): + for fname in files: + froot, fext = os.path.splitext(fname) + if fext == '.rst': + man_page = (os.path.join('man' + str(section), froot), + froot, '', [], section) + man_pages.append(man_page) + +# man_pages = [ +# ('cdist-type', 'cdist-type', 'cdist-type documentation', +# [author], 1), +# ('man7/cdist-type__file', 'cdist-type__file', +# '', [], 1), +# ('cdist-type__directory', 'cdist-type__directory', +# 'cdist-type__directory documentation', [author], 1), +# ] + +# If true, show URL addresses after external links. +# man_show_urls = False diff --git a/docs/src/index.rst.sh b/docs/src/index.rst.sh new file mode 100755 index 0000000..28c5078 --- /dev/null +++ b/docs/src/index.rst.sh @@ -0,0 +1,45 @@ +#!/bin/sh + +__cdist_pwd="$(pwd -P)" +__cdist_mydir="${0%/*}"; +__cdist_abs_mydir="$(cd "$__cdist_mydir" && pwd -P)" +__cdist_myname=${0##*/}; +__cdist_abs_myname="$__cdist_abs_mydir/$__cdist_myname" + +filename="${__cdist_myname%.sh}" +dest="$__cdist_abs_mydir/$filename" + +cd "$__cdist_abs_mydir" + +exec > "$dest" +cat << EOF +cdist-contrib - Community maintained cdist types +================================================ + +This project extends the \`cdist \`_ configuration management +tool with community-maitained types which are either too specific to fit/be +maintained in cdist itself or were not accepted in code cdist but could still +be useful. + +Please note this project is a **rolling release**! The documentation you're +reading has been generated from the |version| state (commit |release|). +Sources are available on \`code.ungleich.ch +\`_. + + +.. toctree:: + :hidden: + +EOF + +# If there is no such file then ls prints error to stderr, +# so redirect stderr to /dev/null. +for type in $(ls man7/cdist-type__*.rst 2>/dev/null | LC_ALL=C sort); do + no_dir="${type#man7/}"; + no_type="${no_dir#cdist-type}"; + name="${no_type%.rst}"; + manref="${no_dir%.rst}" + man="${manref}(7)" + + echo " $name" "" +done diff --git a/docs/src/manpage.py b/docs/src/manpage.py new file mode 100644 index 0000000..1f8ac4f --- /dev/null +++ b/docs/src/manpage.py @@ -0,0 +1,87 @@ +import sphinx.builders.manpage +import sphinx.writers.manpage +from docutils.frontend import OptionParser +from sphinx.util.console import bold, darkgreen +from six import string_types +from docutils.io import FileOutput +from os import path +from sphinx.util.nodes import inline_all_toctrees +from sphinx import addnodes +from sphinx.util import logging + +""" + Extension based on sphinx builtin manpage. + It does not write its own .SH NAME based on config, + but leaves everything to actual reStructuredText file content. +""" + + +logger = logging.getLogger(__name__) + + +class ManualPageTranslator(sphinx.writers.manpage.ManualPageTranslator): + + def header(self): + tmpl = (".TH \"%(title_upper)s\" \"%(manual_section)s\"" + " \"%(date)s\" \"%(version)s\" \"%(manual_group)s\"\n") + return tmpl % self._docinfo + + +class ManualPageWriter(sphinx.writers.manpage.ManualPageWriter): + + def __init__(self, builder): + super().__init__(builder) + self.translator_class = ( + self.builder.get_translator_class() or ManualPageTranslator) + + +class ManualPageBuilder(sphinx.builders.manpage.ManualPageBuilder): + + name = 'cman' + default_translator_class = ManualPageTranslator + + def write(self, *ignored): + docwriter = ManualPageWriter(self) + docsettings = OptionParser( + defaults=self.env.settings, + components=(docwriter,), + read_config_files=True).get_default_values() + + logger.info(bold('writing... '), nonl=True) + + for info in self.config.man_pages: + docname, name, description, authors, section = info + if isinstance(authors, string_types): + if authors: + authors = [authors] + else: + authors = [] + + targetname = '%s.%s' % (name, section) + logger.info(darkgreen(targetname) + ' { ', nonl=True) + destination = FileOutput( + destination_path=path.join(self.outdir, targetname), + encoding='utf-8') + + tree = self.env.get_doctree(docname) + docnames = set() + largetree = inline_all_toctrees(self, docnames, docname, tree, + darkgreen, [docname]) + logger.info('} ', nonl=True) + self.env.resolve_references(largetree, docname, self) + # remove pending_xref nodes + for pendingnode in largetree.traverse(addnodes.pending_xref): + pendingnode.replace_self(pendingnode.children) + + largetree.settings = docsettings + largetree.settings.title = name + largetree.settings.subtitle = description + largetree.settings.authors = authors + largetree.settings.section = section + + docwriter.write(largetree, destination) + logger.info("") + + +def setup(app): + app.add_builder(ManualPageBuilder) diff --git a/type/__matrix_element/man.rst b/type/__matrix_element/man.rst index c3e0d5a..05f0685 100644 --- a/type/__matrix_element/man.rst +++ b/type/__matrix_element/man.rst @@ -1,5 +1,5 @@ cdist-type__matrix_element(7) -====================== +============================= NAME ---- diff --git a/type/__matterbridge/man.rst b/type/__matterbridge/man.rst index 02eef2c..babf34b 100644 --- a/type/__matterbridge/man.rst +++ b/type/__matterbridge/man.rst @@ -33,9 +33,9 @@ EXAMPLES .. code-block:: sh - __matterbridge --version 1.16.3 --config - << EOF + __matterbridge --version 1.16.3 --config - <<- EOF [...] -EOF + EOF SEE ALSO diff --git a/type/__netbox/man.rst b/type/__netbox/man.rst index 135304c..5f78f1d 100644 --- a/type/__netbox/man.rst +++ b/type/__netbox/man.rst @@ -122,7 +122,6 @@ basepath webroot ``/``. For example, if installed at https://example.com/netbox/, set the value ``netbox/``. -http-proxy https-proxy Proxy which will be used with any HTTP request like webhooks. @@ -171,12 +170,12 @@ redis-ssl smtp-use-tls Uses TLS to connect to the SMTP email server. `See documentation - `_ + `__ for more information. smtp-use-ssl Uses implicit TLS with the SMTP email server. `See documentation - `_ + `__ for more information. login-required diff --git a/type/__netbox_uwsgi/man.rst b/type/__netbox_uwsgi/man.rst index c5e51ca..13dc6dc 100644 --- a/type/__netbox_uwsgi/man.rst +++ b/type/__netbox_uwsgi/man.rst @@ -65,10 +65,7 @@ protocol parameter. Possible values are ``uwsgi``, ``http``, ``fastcgi`` and ``scgi``. If nothing given, it defaults to ``uwsgi``. -uwsgi-bind -http-bind -fastcgi-bind -scgi-bind +scgi-bind, uwsgi-bind, http-bind, fastcgi-bind Bind the application to a specific protocol instead of implicit uwsgi via ``--bind-to``. If such parameter given, ``--bind-to`` will be ignored. Must be a UNIX/TCP socket. Can be set multiple times. From cd833363224493e8a63d7b0b02a83958ffc97663 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Timoth=C3=A9e=20Floure?= Date: Mon, 4 Jan 2021 11:26:45 +0100 Subject: [PATCH 62/84] Use our own image for CI --- .gitlab-ci.yml | 2 +- scripts/ci-container/Dockerfile | 7 +++++++ 2 files changed, 8 insertions(+), 1 deletion(-) create mode 100644 scripts/ci-container/Dockerfile diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 79c532e..31505a5 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -2,7 +2,7 @@ stages: - test - doc -image: code.ungleich.ch:5050/ungleich-public/cdist/cdist-ci:latest +image: code.ungleich.ch:5050/ungleich-public/cdist-contrib/ci-container:latest shellcheck: stage: test diff --git a/scripts/ci-container/Dockerfile b/scripts/ci-container/Dockerfile new file mode 100644 index 0000000..33646f4 --- /dev/null +++ b/scripts/ci-container/Dockerfile @@ -0,0 +1,7 @@ +# This image is used in the cdist-contrib CI for linting and generating the +# documentation. +FROM fedora:latest +MAINTAINER Timothée Floure + +RUN dnf install -y git findutils make python3-sphinx python3-sphinx_rtd_theme \ + ShellCheck From 5a05b87bebb85c30d1af4878c0b5e134737df225 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Timoth=C3=A9e=20Floure?= Date: Mon, 4 Jan 2021 09:46:10 +0100 Subject: [PATCH 63/84] __unbound: normalize flag format --- type/__unbound/gencode-remote | 2 +- type/__unbound/man.rst | 22 +++++++-------- type/__unbound/manifest | 28 +++++++++---------- type/__unbound/parameter/boolean | 6 ++-- .../default/{rc_interface => rc-interface} | 0 type/__unbound/parameter/optional | 2 +- type/__unbound/parameter/optional_multiple | 4 +-- type/__unbound/parameter/required_multiple | 2 +- 8 files changed, 33 insertions(+), 33 deletions(-) rename type/__unbound/parameter/default/{rc_interface => rc-interface} (100%) diff --git a/type/__unbound/gencode-remote b/type/__unbound/gencode-remote index ba6d92b..7c271b7 100755 --- a/type/__unbound/gencode-remote +++ b/type/__unbound/gencode-remote @@ -2,7 +2,7 @@ UNBOUND_CERTS_DIR=/etc/unbound -if [ -f "$__object/parameter/enable_rc" ]; then +if [ -f "$__object/parameter/enable-rc" ]; then echo "unbound-control-setup -d $UNBOUND_CERTS_DIR" echo "chown unbound:unbound $UNBOUND_CERTS_DIR/*.pem $UNBOUND_CERTS_DIR/*.key" fi diff --git a/type/__unbound/man.rst b/type/__unbound/man.rst index 05fce45..350f1ea 100644 --- a/type/__unbound/man.rst +++ b/type/__unbound/man.rst @@ -23,19 +23,19 @@ interface Interface to listen on, can be provided multiple times. Defaults to '127.0.0.1' and '::1'. -access_control +access-control Controls which clients are allowed queries to the unbound service (everything but localhost is refused by default), can be provided multiple times. The format is described in unbound.conf(5). -rc_interface +rc-interface Address or path to socket used for remote control (see `--enable_control`. Defaults to `127.0.0.1`). -local_data +local-data Configure local data, which is served in reply to queries for it. Can be specified multiple times. -dns64_prefix +dns64-prefix Enable DNS64 with specified prefix. BOOLEAN PARAMETERS @@ -48,7 +48,7 @@ disable-ip6 Do not answer or issue queries over IPv6. Cannot be used alongside the `--disable-ip4` flag. -enable_rc +enable-rc Enable remote control (see `unbound-control(8)`). EXAMPLES @@ -58,12 +58,12 @@ EXAMPLES __ungleich_unbound \ --interface '::0' \ - --dns64_prefix '2a0a:e5c0:2:10::/96' \ - --forward_addr '2a0a:e5c0:2:1::5' \ - --forward_addr '2a0a:e5c0:2:1::6' \ - --access_control '::0/0 deny' \ - --access_control '2a0a:e5c0::/29 allow' \ - --access_control '2a09:2940::/29 allow' \ + --dns64-prefix '2a0a:e5c0:2:10::/96' \ + --forward-addr '2a0a:e5c0:2:1::5' \ + --forward-addr '2a0a:e5c0:2:1::6' \ + --access-control '::0/0 deny' \ + --access-control '2a0a:e5c0::/29 allow' \ + --access-control '2a09:2940::/29 allow' \ --ip6 SEE ALSO diff --git a/type/__unbound/manifest b/type/__unbound/manifest index 53a8ab6..1a23328 100755 --- a/type/__unbound/manifest +++ b/type/__unbound/manifest @@ -33,12 +33,12 @@ case "$os" in esac # Required parameters: -FORWARD_ADDRS=$(cat "$__object/parameter/forward_addr") +FORWARD_ADDRS=$(cat "$__object/parameter/forward-addr") export FORWARD_ADDRS # Optional parameters: -if [ -f "$__object/parameter/dns64_prefix" ]; then - DNS64_PREFIX=$(cat "$__object/parameter/dns64_prefix") +if [ -f "$__object/parameter/dns64-prefix" ]; then + DNS64_PREFIX=$(cat "$__object/parameter/dns64-prefix") export DNS64_PREFIX fi @@ -47,41 +47,41 @@ if [ -f "$__object/parameter/interface" ]; then export INTERFACES fi -if [ -f "$__object/parameter/access_control" ]; then - ACCESS_CONTROLS=$(cat "$__object/parameter/access_control") +if [ -f "$__object/parameter/access-control" ]; then + ACCESS_CONTROLS=$(cat "$__object/parameter/access-control") export ACCESS_CONTROLS fi -if [ -f "$__object/parameter/rc_interface" ]; then - RC_INTERFACE=$(cat "$__object/parameter/rc_interface") +if [ -f "$__object/parameter/rc-interface" ]; then + RC_INTERFACE=$(cat "$__object/parameter/rc-interface") export RC_INTERFACE fi -if [ -f "$__object/parameter/local_data" ]; then - LOCAL_DATA=$(cat "$__object/parameter/local_data") +if [ -f "$__object/parameter/local-data" ]; then + LOCAL_DATA=$(cat "$__object/parameter/local-data") export LOCAL_DATA fi # Boolean parameters: -if [ -f "$__object/parameter/disable_ip4" ] && \ - [ -f "$__object/parameter/disable_ip6" ]; then +if [ -f "$__object/parameter/disable-ip4" ] && \ + [ -f "$__object/parameter/disable-ip6" ]; then echo "--disable-ip4 and --disable-ip6 cannot be used at the same time." >&2 exit 1 fi -if [ -f "$__object/parameter/disable_ip4" ]; then +if [ -f "$__object/parameter/disable-ip4" ]; then export DO_IP4='no' else export DO_IP4='yes' fi -if [ -f "$__object/parameter/disable_ip6" ]; then +if [ -f "$__object/parameter/disable-ip6" ]; then export DO_IP6='no' else export DO_IP6='yes' fi -if [ -f "$__object/parameter/enable_rc" ]; then +if [ -f "$__object/parameter/enable-rc" ]; then export RC_ENABLE='yes' else export RC_ENABLE='no' diff --git a/type/__unbound/parameter/boolean b/type/__unbound/parameter/boolean index b6e53a1..f754fa2 100644 --- a/type/__unbound/parameter/boolean +++ b/type/__unbound/parameter/boolean @@ -1,3 +1,3 @@ -disable_ip6 -disable_ip4 -enable_rc +disable-ip6 +disable-ip4 +enable-rc diff --git a/type/__unbound/parameter/default/rc_interface b/type/__unbound/parameter/default/rc-interface similarity index 100% rename from type/__unbound/parameter/default/rc_interface rename to type/__unbound/parameter/default/rc-interface diff --git a/type/__unbound/parameter/optional b/type/__unbound/parameter/optional index 0826b6e..86a4400 100644 --- a/type/__unbound/parameter/optional +++ b/type/__unbound/parameter/optional @@ -1 +1 @@ -rc_interface +rc-interface diff --git a/type/__unbound/parameter/optional_multiple b/type/__unbound/parameter/optional_multiple index 3fe7eca..4d06e03 100644 --- a/type/__unbound/parameter/optional_multiple +++ b/type/__unbound/parameter/optional_multiple @@ -1,3 +1,3 @@ -access_control -local_data +access-control +local-data interface diff --git a/type/__unbound/parameter/required_multiple b/type/__unbound/parameter/required_multiple index 776abf5..74b99a2 100644 --- a/type/__unbound/parameter/required_multiple +++ b/type/__unbound/parameter/required_multiple @@ -1 +1 @@ -forward_addr +forward-addr From 2bedbe96870d492d7f7d6cd868c210a7ba0e4f72 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Timoth=C3=A9e=20Floure?= Date: Mon, 11 Jan 2021 10:55:25 +0100 Subject: [PATCH 64/84] Automatically deploy docs from master (at contrib.cdi.st) --- .gitlab-ci.yml | 11 +++++++++++ scripts/ci-container/Dockerfile | 2 +- 2 files changed, 12 insertions(+), 1 deletion(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 31505a5..4b61568 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -16,5 +16,16 @@ manpages: docs: stage: doc + only: + - master + before_script: + - eval $(ssh-agent -s) + - echo "$CD_SSH_PRIVATE_KEY" | tr -d '\r' | ssh-add - > /dev/null + - mkdir -p ~/.ssh + - echo "$CD_SSH_SERVER_HOSTKEYS" > ~/.ssh/known_hosts + - chmod 644 ~/.ssh/known_hosts script: - make docs + - sftp fnux@staticwebhosting.ungleich.ch:public_html/cdist-contrib <<- EOF + put -r docs/dist/html/* + EOF diff --git a/scripts/ci-container/Dockerfile b/scripts/ci-container/Dockerfile index 33646f4..daa0f26 100644 --- a/scripts/ci-container/Dockerfile +++ b/scripts/ci-container/Dockerfile @@ -4,4 +4,4 @@ FROM fedora:latest MAINTAINER Timothée Floure RUN dnf install -y git findutils make python3-sphinx python3-sphinx_rtd_theme \ - ShellCheck + ShellCheck openssh-clients From ec41ef34901bf164b5decb5fa8fa9f150c131a51 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Timoth=C3=A9e=20Floure?= Date: Mon, 11 Jan 2021 11:05:09 +0100 Subject: [PATCH 65/84] Patch sftp call for doc deployment in CI --- .gitlab-ci.yml | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 4b61568..9392cd9 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -26,6 +26,4 @@ docs: - chmod 644 ~/.ssh/known_hosts script: - make docs - - sftp fnux@staticwebhosting.ungleich.ch:public_html/cdist-contrib <<- EOF - put -r docs/dist/html/* - EOF + - sftp fnux@staticwebhosting.ungleich.ch:public_html/cdist-contrib <<< "put -r docs/dist/html/*" From ec0dc30c87a1b770c647641bb3f3abaa1f735032 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Timoth=C3=A9e=20Floure?= Date: Mon, 11 Jan 2021 11:34:54 +0100 Subject: [PATCH 66/84] Generate documentation homepage from README --- .gitlab-ci.yml | 2 +- README.md | 3 ++- docs/src/index.rst.sh | 21 ++++++++------------- scripts/ci-container/Dockerfile | 2 +- 4 files changed, 12 insertions(+), 16 deletions(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 9392cd9..81db798 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -25,5 +25,5 @@ docs: - echo "$CD_SSH_SERVER_HOSTKEYS" > ~/.ssh/known_hosts - chmod 644 ~/.ssh/known_hosts script: - - make docs + - make html - sftp fnux@staticwebhosting.ungleich.ch:public_html/cdist-contrib <<< "put -r docs/dist/html/*" diff --git a/README.md b/README.md index 4231de2..4d20c22 100644 --- a/README.md +++ b/README.md @@ -6,7 +6,8 @@ maintained in cdist itself or were not accepted in code cdist but could still be useful. This project does not have releases and is continously updated: see git history -for change log. +for change log. You will find HTML documentation at +[contrib.cdi.st](https://contrib.cdi.st). ## Using cdist-contrib diff --git a/docs/src/index.rst.sh b/docs/src/index.rst.sh index 28c5078..babc1d9 100755 --- a/docs/src/index.rst.sh +++ b/docs/src/index.rst.sh @@ -9,23 +9,18 @@ __cdist_abs_myname="$__cdist_abs_mydir/$__cdist_myname" filename="${__cdist_myname%.sh}" dest="$__cdist_abs_mydir/$filename" +if ! command -v pandoc > /dev/null; then + echo "Pandoc is required to generate HTML index from README." >&2 + exit 1 +fi + cd "$__cdist_abs_mydir" exec > "$dest" + +pandoc -f markdown -t rst ../../README.md + cat << EOF -cdist-contrib - Community maintained cdist types -================================================ - -This project extends the \`cdist \`_ configuration management -tool with community-maitained types which are either too specific to fit/be -maintained in cdist itself or were not accepted in code cdist but could still -be useful. - -Please note this project is a **rolling release**! The documentation you're -reading has been generated from the |version| state (commit |release|). -Sources are available on \`code.ungleich.ch -\`_. - .. toctree:: :hidden: diff --git a/scripts/ci-container/Dockerfile b/scripts/ci-container/Dockerfile index daa0f26..9900322 100644 --- a/scripts/ci-container/Dockerfile +++ b/scripts/ci-container/Dockerfile @@ -4,4 +4,4 @@ FROM fedora:latest MAINTAINER Timothée Floure RUN dnf install -y git findutils make python3-sphinx python3-sphinx_rtd_theme \ - ShellCheck openssh-clients + ShellCheck openssh-clients pandoc From 73e31e6d1ee69181f762847e6844c77e6a0b9db0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Timoth=C3=A9e=20Floure?= Date: Mon, 11 Jan 2021 11:56:37 +0100 Subject: [PATCH 67/84] Mention known external cdist resources in README --- README.md | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/README.md b/README.md index 4d20c22..d9c5e22 100644 --- a/README.md +++ b/README.md @@ -54,3 +54,11 @@ Every type in cdist-contrib must: * Have a `man.rst` documentation page. * Pass [shellcheck](http://shellcheck.net/) without errors. + +## Other resources + +Some people/organizations are known to keep some cdist types that might be of +interest to others: + +* [cdist-evilham](https://git.sr.ht/~evilham/cdist-evilham): Evilham's cdist-types +* [cdist-recycledcloud](https://code.recycled.cloud/e-Durable/cdist-recycledcloud): e-Durable SA / Recycled Cloud public types From f01f73f33d428ecc2e09bc8754d63e512862a61a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Timoth=C3=A9e=20Floure?= Date: Mon, 11 Jan 2021 11:58:21 +0100 Subject: [PATCH 68/84] Remove mention to legacy mattermost room from README --- README.md | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/README.md b/README.md index d9c5e22..28f54db 100644 --- a/README.md +++ b/README.md @@ -33,14 +33,11 @@ And you would run [cdist][cdist] from the same directory as follows: ## Participating in the [cdist][cdist] community -Join us on [#cdist:ungleich.ch][cdistmatrix] on matrix or on -[#cdist over mattermost][cdistmattermost]. - +Join us on [#cdist:ungleich.ch][cdistmatrix] on matrix! [cdist]: https://www.cdi.st/ [cdistconfig]: https://www.cdi.st/manual/latest/cdist-configuration.html [cdistmatrix]: https://matrix.to/#/#cdist:ungleich.ch -[cdistmattermost]: https://chat.ungleich.ch/ungleich/channels/cdist ## Contributing From f9f5c578f744cd157c138fca09ff84616cf805b6 Mon Sep 17 00:00:00 2001 From: Dennis Camera Date: Mon, 11 Jan 2021 12:16:09 +0100 Subject: [PATCH 69/84] [type/__dma*] Fix shellcheck errors --- type/__dma/gencode-remote | 2 +- type/__dma/manifest | 2 +- type/__dma_auth/explorer/state | 2 +- type/__dma_auth/gencode-remote | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/type/__dma/gencode-remote b/type/__dma/gencode-remote index fa676d4..580b22e 100755 --- a/type/__dma/gencode-remote +++ b/type/__dma/gencode-remote @@ -158,7 +158,7 @@ if test -f "${__object:?}/parameter/send-test-mail" then if grep -q '^__mail_alias/root:' "${__messages_in:?}" \ || grep -q '^__dma_auth/' "${__messages_in:?}" \ - || $config_updated + || ${config_updated} then cat <<-CODE sendmail root <<'EOF' diff --git a/type/__dma/manifest b/type/__dma/manifest index 2cbd1a5..530ad09 100755 --- a/type/__dma/manifest +++ b/type/__dma/manifest @@ -21,7 +21,7 @@ os=$(cat "${__global:?}/explorer/os") # Install DMA -case $os +case ${os} in (alpine) __package dma --state present diff --git a/type/__dma_auth/explorer/state b/type/__dma_auth/explorer/state index 621e5a2..c829cd4 100755 --- a/type/__dma_auth/explorer/state +++ b/type/__dma_auth/explorer/state @@ -25,7 +25,7 @@ # different_password: a line exists but with a different password # multiple: multiple lines matching host exist (should not happen) -auth_conf=$("${__type_explorer}/auth_conf") +auth_conf=$("${__type_explorer:?}/auth_conf") test -r "${auth_conf}" || exit 0 awk -F'\n' ' diff --git a/type/__dma_auth/gencode-remote b/type/__dma_auth/gencode-remote index 4279b7a..b6a0100 100755 --- a/type/__dma_auth/gencode-remote +++ b/type/__dma_auth/gencode-remote @@ -40,7 +40,7 @@ then exit 0 fi -case $state_should +case ${state_should} in (present) test -n "${login}" || { echo '--login must be non-empty' >&2; exit 1; } From f055527735e86f5ec280d08945b56cfd08e35959 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Timoth=C3=A9e=20Floure?= Date: Mon, 11 Jan 2021 11:52:14 +0100 Subject: [PATCH 70/84] Import evilham's jitsi types as-it --- .../prometheus-jitsi-meet-explorer-version | 7 + .../files/debconf_settings.sh | 56 ++ type/__evilham_jitsi_meet/files/ufw | 10 + type/__evilham_jitsi_meet/gencode-remote | 5 + type/__evilham_jitsi_meet/man.rst | 84 +++ type/__evilham_jitsi_meet/manifest | 197 +++++ type/__evilham_jitsi_meet/parameter/boolean | 1 + .../parameter/default/turn-server | 0 type/__evilham_jitsi_meet/parameter/optional | 2 + type/__evilham_jitsi_meet/singleton | 0 .../files/config.js.sh | 700 ++++++++++++++++++ .../files/config.js.sh.orig | 694 +++++++++++++++++ .../files/nginx.sh | 156 ++++ .../files/nginx.sh.orig | 139 ++++ .../gencode-remote | 5 + type/__evilham_jitsi_meet_domain/man.rst | 151 ++++ type/__evilham_jitsi_meet_domain/manifest | 88 +++ .../parameter/boolean | 2 + .../parameter/default/branding-index | 0 .../parameter/default/branding-json | 0 .../parameter/default/branding-watermark | 0 .../parameter/default/channel-last-n | 1 + .../parameter/default/default-language | 1 + .../parameter/default/notice-message | 0 .../parameter/default/start-video-muted | 1 + .../parameter/default/turn-server | 0 .../parameter/default/video-constraints | 0 .../parameter/optional | 9 + .../parameter/required | 1 + 29 files changed, 2310 insertions(+) create mode 100755 type/__evilham_jitsi_meet/explorer/prometheus-jitsi-meet-explorer-version create mode 100644 type/__evilham_jitsi_meet/files/debconf_settings.sh create mode 100644 type/__evilham_jitsi_meet/files/ufw create mode 100755 type/__evilham_jitsi_meet/gencode-remote create mode 100644 type/__evilham_jitsi_meet/man.rst create mode 100755 type/__evilham_jitsi_meet/manifest create mode 100644 type/__evilham_jitsi_meet/parameter/boolean create mode 100644 type/__evilham_jitsi_meet/parameter/default/turn-server create mode 100644 type/__evilham_jitsi_meet/parameter/optional create mode 100644 type/__evilham_jitsi_meet/singleton create mode 100644 type/__evilham_jitsi_meet_domain/files/config.js.sh create mode 100644 type/__evilham_jitsi_meet_domain/files/config.js.sh.orig create mode 100644 type/__evilham_jitsi_meet_domain/files/nginx.sh create mode 100644 type/__evilham_jitsi_meet_domain/files/nginx.sh.orig create mode 100755 type/__evilham_jitsi_meet_domain/gencode-remote create mode 100644 type/__evilham_jitsi_meet_domain/man.rst create mode 100755 type/__evilham_jitsi_meet_domain/manifest create mode 100644 type/__evilham_jitsi_meet_domain/parameter/boolean create mode 100644 type/__evilham_jitsi_meet_domain/parameter/default/branding-index create mode 100644 type/__evilham_jitsi_meet_domain/parameter/default/branding-json create mode 100644 type/__evilham_jitsi_meet_domain/parameter/default/branding-watermark create mode 100644 type/__evilham_jitsi_meet_domain/parameter/default/channel-last-n create mode 100644 type/__evilham_jitsi_meet_domain/parameter/default/default-language create mode 100644 type/__evilham_jitsi_meet_domain/parameter/default/notice-message create mode 100644 type/__evilham_jitsi_meet_domain/parameter/default/start-video-muted create mode 100644 type/__evilham_jitsi_meet_domain/parameter/default/turn-server create mode 100644 type/__evilham_jitsi_meet_domain/parameter/default/video-constraints create mode 100644 type/__evilham_jitsi_meet_domain/parameter/optional create mode 100644 type/__evilham_jitsi_meet_domain/parameter/required diff --git a/type/__evilham_jitsi_meet/explorer/prometheus-jitsi-meet-explorer-version b/type/__evilham_jitsi_meet/explorer/prometheus-jitsi-meet-explorer-version new file mode 100755 index 0000000..b1cec48 --- /dev/null +++ b/type/__evilham_jitsi_meet/explorer/prometheus-jitsi-meet-explorer-version @@ -0,0 +1,7 @@ +#!/bin/sh -e + +EXPORTER_VERSION_FILE="/usr/local/bin/.prometheus-jitsi-meet-exporter.cdist.version" + +if [ -f "${EXPORTER_VERSION_FILE}" ]; then + cat "${EXPORTER_VERSION_FILE}" +fi diff --git a/type/__evilham_jitsi_meet/files/debconf_settings.sh b/type/__evilham_jitsi_meet/files/debconf_settings.sh new file mode 100644 index 0000000..9e358f0 --- /dev/null +++ b/type/__evilham_jitsi_meet/files/debconf_settings.sh @@ -0,0 +1,56 @@ +#!/bin/sh -e + +# This can be obtained with debconf-get-selections on a host with jitsi +# (and also analysing the deb-src) +if false; then + # We are currently not using these, just here as documentation + DEBCONF_SETTINGS="$(cat < + + +COPYING +------- +Copyright \(C) 2020 Evilham. diff --git a/type/__evilham_jitsi_meet/manifest b/type/__evilham_jitsi_meet/manifest new file mode 100755 index 0000000..83d9dab --- /dev/null +++ b/type/__evilham_jitsi_meet/manifest @@ -0,0 +1,197 @@ +#!/bin/sh -e + +os="$(cat "${__global}/explorer/os")" +init="$(cat "${__global}/explorer/init")" +case "${os}" in + devuan|debian) + ;; + *) + echo "Your OS '${os}' is currently not supported." > /dev/stderr + exit 1 + ;; +esac + + +JITSI_HOST="${__target_host}" +TURN_SERVER="$(cat "${__object}/parameter/turn-server")" +TURN_SECRET="$(cat "${__object}/parameter/turn-secret")" + +if [ -z "${TURN_SERVER}" ]; then + TURN_SERVER="${JITSI_HOST}" +fi + +PROMETHEUS_JITSI_EXPORTER_IS_VERSION="$(cat "${__object}/explorer/prometheus-jitsi-meet-explorer-version")" + +# The rest is loosely based on Jitsi's documentation +# https://jitsi.github.io/handbook/docs/devops-guide/devops-guide-quickstart + +# Setup repositories +## First the signing keys +__package gnupg2 +require="__package/gnupg2" __apt_key_uri jitsi_meet \ + --name 'Jitsi ' \ + --uri https://download.jitsi.org/jitsi-key.gpg.key \ + --state present +## Now the repositories (they are a tad weird, so distribution is 'stable/') +require="__ufw __apt_key_uri/jitsi_meet" __apt_source jitsi_meet \ + --uri 'https://download.jitsi.org' \ + --distribution 'stable/' \ + --state present +## Ensure apt cache is up-to-date +require="__apt_source/jitsi_meet" __apt_update_index + +export require="${require} __apt_source/jitsi_meet __apt_update_index" + +# Pre-feed debconf settings, so Jitsi's installation has a good config +. "${__type}/files/debconf_settings.sh" # This defines DEBCONF_SETTINGS +__debconf_set_selections jitsi_meet --file - <&1 +EOF + + export require="__evilham_runit_service/prometheus-jitsi-meet-exporter" + JITSI_MEET_EXPORTER_SERVICE="sv %s prometheus-jitsi-meet-exporter" + ;; + systemd) + __systemd_unit prometheus-jitsi-meet-exporter.service \ + --source "-" \ + --enablement-state "enabled" <${JITSI_HOST}' + }, + + // BOSH URL. FIXME: use XEP-0156 to discover it. + bosh: '//${JITSI_HOST}/http-bind', + + // Websocket URL + // websocket: 'wss://${JITSI_HOST}/xmpp-websocket', + + // The name of client node advertised in XEP-0115 'c' stanza + clientNode: 'http://jitsi.org/jitsimeet', + + // The real JID of focus participant - can be overridden here + // Do not change username - FIXME: Make focus username configurable + // https://github.com/jitsi/jitsi-meet/issues/7376 + // focusUserJid: 'focus@auth.${JITSI_HOST}', + + + // Testing / experimental features. + // + + testing: { + // Disables the End to End Encryption feature. Useful for debugging + // issues related to insertable streams. + // disableE2EE: false, + + // P2P test mode disables automatic switching to P2P when there are 2 + // participants in the conference. + p2pTestMode: false + + // Enables the test specific features consumed by jitsi-meet-torture + // testMode: false + + // Disables the auto-play behavior of *all* newly created video element. + // This is useful when the client runs on a host with limited resources. + // noAutoPlayVideo: false + + // Enable / disable 500 Kbps bitrate cap on desktop tracks. When enabled, + // simulcast is turned off for the desktop share. If presenter is turned + // on while screensharing is in progress, the max bitrate is automatically + // adjusted to 2.5 Mbps. This takes a value between 0 and 1 which determines + // the probability for this to be enabled. + // capScreenshareBitrate: 1 // 0 to disable + + // Enable callstats only for a percentage of users. + // This takes a value between 0 and 100 which determines the probability for + // the callstats to be enabled. + // callStatsThreshold: 5 // enable callstats for 5% of the users. + }, + + // Disables ICE/UDP by filtering out local and remote UDP candidates in + // signalling. + // webrtcIceUdpDisable: false, + + // Disables ICE/TCP by filtering out local and remote TCP candidates in + // signalling. + // webrtcIceTcpDisable: false, + + + // Media + // + + // Audio + + // Disable measuring of audio levels. + disableAudioLevels: $(if [ -n "${DISABLE_AUDIO_LEVELS}" ]; then printf "true"; else printf "false"; fi), + // audioLevelsInterval: 200, + + // Enabling this will run the lib-jitsi-meet no audio detection module which + // will notify the user if the current selected microphone has no audio + // input and will suggest another valid device if one is present. + enableNoAudioDetection: true, + + // Enabling this will run the lib-jitsi-meet noise detection module which will + // notify the user if there is noise, other than voice, coming from the current + // selected microphone. The purpose it to let the user know that the input could + // be potentially unpleasant for other meeting participants. + enableNoisyMicDetection: true, + + // Start the conference in audio only mode (no video is being received nor + // sent). + // startAudioOnly: false, + + // Every participant after the Nth will start audio muted. + // startAudioMuted: 10, + + // Start calls with audio muted. Unlike the option above, this one is only + // applied locally. FIXME: having these 2 options is confusing. + // startWithAudioMuted: false, + + // Enabling it (with #params) will disable local audio output of remote + // participants and to enable it back a reload is needed. + // startSilent: false + + // Sets the preferred target bitrate for the Opus audio codec by setting its + // 'maxaveragebitrate' parameter. Currently not available in p2p mode. + // Valid values are in the range 6000 to 510000 + // opusMaxAverageBitrate: 20000, + + // Enables redundancy for Opus + // enableOpusRed: false + + // Video + + // Sets the preferred resolution (height) for local video. Defaults to 720. + // resolution: 720, + + // How many participants while in the tile view mode, before the receiving video quality is reduced from HD to SD. + // Use -1 to disable. + // maxFullResolutionParticipants: 2, + + // w3c spec-compliant video constraints to use for video capture. Currently + // used by browsers that return true from lib-jitsi-meet's + // util#browser#usesNewGumFlow. The constraints are independent from + // this config's resolution value. Defaults to requesting an ideal + // resolution of 720p. + // constraints: { + // video: { + // height: { + // ideal: 720, + // max: 720, + // min: 240 + // } + // } + // }, +$(if [ -n "${VIDEO_CONSTRAINTS}" ]; then echo "${VIDEO_CONSTRAINTS},"; fi) + + // Enable / disable simulcast support. + // disableSimulcast: false, + + // Enable / disable layer suspension. If enabled, endpoints whose HD + // layers are not in use will be suspended (no longer sent) until they + // are requested again. + // enableLayerSuspension: false, + + // Every participant after the Nth will start video muted. + startVideoMuted: ${START_VIDEO_MUTED}, + + // Start calls with video muted. Unlike the option above, this one is only + // applied locally. FIXME: having these 2 options is confusing. + // startWithVideoMuted: false, + + // If set to true, prefer to use the H.264 video codec (if supported). + // Note that it's not recommended to do this because simulcast is not + // supported when using H.264. For 1-to-1 calls this setting is enabled by + // default and can be toggled in the p2p section. + // This option has been deprecated, use preferredCodec under videoQuality section instead. + // preferH264: true, + + // If set to true, disable H.264 video codec by stripping it out of the + // SDP. + // disableH264: false, + + // Desktop sharing + + // Optional desktop sharing frame rate options. Default value: min:5, max:5. + // desktopSharingFrameRate: { + // min: 5, + // max: 5 + // }, + + // Try to start calls with screen-sharing instead of camera video. + // startScreenSharing: false, + + // Recording + + // Whether to enable file recording or not. + // fileRecordingsEnabled: false, + // Enable the dropbox integration. + // dropbox: { + // appKey: '' // Specify your app key here. + // // A URL to redirect the user to, after authenticating + // // by default uses: + // // 'https://${JITSI_HOST}/static/oauth.html' + // redirectURI: + // 'https://${JITSI_HOST}/subfolder/static/oauth.html' + // }, + // When integrations like dropbox are enabled only that will be shown, + // by enabling fileRecordingsServiceEnabled, we show both the integrations + // and the generic recording service (its configuration and storage type + // depends on jibri configuration) + // fileRecordingsServiceEnabled: false, + // Whether to show the possibility to share file recording with other people + // (e.g. meeting participants), based on the actual implementation + // on the backend. + // fileRecordingsServiceSharingEnabled: false, + + // Whether to enable live streaming or not. + // liveStreamingEnabled: false, + + // Transcription (in interface_config, + // subtitles and buttons can be configured) + // transcribingEnabled: false, + + // Enables automatic turning on captions when recording is started + // autoCaptionOnRecord: false, + + // Misc + + // Default value for the channel "last N" attribute. -1 for unlimited. + channelLastN: ${CHANNEL_LAST_N}, + + // Provides a way to use different "last N" values based on the number of participants in the conference. + // The keys in an Object represent number of participants and the values are "last N" to be used when number of + // participants gets to or above the number. + // + // For the given example mapping, "last N" will be set to 20 as long as there are at least 5, but less than + // 29 participants in the call and it will be lowered to 15 when the 30th participant joins. The 'channelLastN' + // will be used as default until the first threshold is reached. + // + // lastNLimits: { + // 5: 20, + // 30: 15, + // 50: 10, + // 70: 5, + // 90: 2 + // }, + + // Specify the settings for video quality optimizations on the client. + // videoQuality: { + // // Provides a way to prevent a video codec from being negotiated on the JVB connection. The codec specified + // // here will be removed from the list of codecs present in the SDP answer generated by the client. If the + // // same codec is specified for both the disabled and preferred option, the disable settings will prevail. + // // Note that 'VP8' cannot be disabled since it's a mandatory codec, the setting will be ignored in this case. + // disabledCodec: 'H264', + // + // // Provides a way to set a preferred video codec for the JVB connection. If 'H264' is specified here, + // // simulcast will be automatically disabled since JVB doesn't support H264 simulcast yet. This will only + // // rearrange the the preference order of the codecs in the SDP answer generated by the browser only if the + // // preferred codec specified here is present. Please ensure that the JVB offers the specified codec for this + // // to take effect. + // preferredCodec: 'VP8', + // + // // Provides a way to configure the maximum bitrates that will be enforced on the simulcast streams for + // // video tracks. The keys in the object represent the type of the stream (LD, SD or HD) and the values + // // are the max.bitrates to be set on that particular type of stream. The actual send may vary based on + // // the available bandwidth calculated by the browser, but it will be capped by the values specified here. + // // This is currently not implemented on app based clients on mobile. + // maxBitratesVideo: { + // low: 200000, + // standard: 500000, + // high: 1500000 + // }, + // + // // The options can be used to override default thresholds of video thumbnail heights corresponding to + // // the video quality levels used in the application. At the time of this writing the allowed levels are: + // // 'low' - for the low quality level (180p at the time of this writing) + // // 'standard' - for the medium quality level (360p) + // // 'high' - for the high quality level (720p) + // // The keys should be positive numbers which represent the minimal thumbnail height for the quality level. + // // + // // With the default config value below the application will use 'low' quality until the thumbnails are + // // at least 360 pixels tall. If the thumbnail height reaches 720 pixels then the application will switch to + // // the high quality. + // minHeightForQualityLvl: { + // 360: 'standard, + // 720: 'high' + // } + // }, + + // // Options for the recording limit notification. + // recordingLimit: { + // + // // The recording limit in minutes. Note: This number appears in the notification text + // // but doesn't enforce the actual recording time limit. This should be configured in + // // jibri! + // limit: 60, + // + // // The name of the app with unlimited recordings. + // appName: 'Unlimited recordings APP', + // + // // The URL of the app with unlimited recordings. + // appURL: 'https://unlimited.recordings.app.com/' + // }, + + // Disables or enables RTX (RFC 4588) (defaults to false). + // disableRtx: false, + + // Disables or enables TCC (the default is in Jicofo and set to true) + // (draft-holmer-rmcat-transport-wide-cc-extensions-01). This setting + // affects congestion control, it practically enables send-side bandwidth + // estimations. + // enableTcc: true, + + // Disables or enables REMB (the default is in Jicofo and set to false) + // (draft-alvestrand-rmcat-remb-03). This setting affects congestion + // control, it practically enables recv-side bandwidth estimations. When + // both TCC and REMB are enabled, TCC takes precedence. When both are + // disabled, then bandwidth estimations are disabled. + // enableRemb: false, + + // Enables ICE restart logic in LJM and displays the page reload overlay on + // ICE failure. Current disabled by default because it's causing issues with + // signaling when Octo is enabled. Also when we do an "ICE restart"(which is + // not a real ICE restart), the client maintains the TCC sequence number + // counter, but the bridge resets it. The bridge sends media packets with + // TCC sequence numbers starting from 0. + // enableIceRestart: false, + + // Defines the minimum number of participants to start a call (the default + // is set in Jicofo and set to 2). + // minParticipants: 2, + + // Use TURN/UDP servers for the jitsi-videobridge connection (by default + // we filter out TURN/UDP because it is usually not needed since the + // bridge itself is reachable via UDP) + // useTurnUdp: false + + // Enables / disables a data communication channel with the Videobridge. + // Values can be 'datachannel', 'websocket', true (treat it as + // 'datachannel'), undefined (treat it as 'datachannel') and false (don't + // open any channel). + // openBridgeChannel: true, + openBridgeChannel: 'websocket', + + + // UI + // + + // Hides lobby button + // hideLobbyButton: false, + + // Require users to always specify a display name. + // requireDisplayName: true, + + // Whether to use a welcome page or not. In case it's false a random room + // will be joined when no room is specified. + enableWelcomePage: true, + + // Enabling the close page will ignore the welcome page redirection when + // a call is hangup. + // enableClosePage: false, + + // Disable hiding of remote thumbnails when in a 1-on-1 conference call. + // disable1On1Mode: false, + + // Default language for the user interface. + defaultLanguage: '${DEFAULT_LANGUAGE}', + + // If true all users without a token will be considered guests and all users + // with token will be considered non-guests. Only guests will be allowed to + // edit their profile. + enableUserRolesBasedOnToken: false, + + // Whether or not some features are checked based on token. + // enableFeaturesBasedOnToken: false, + + // Enable lock room for all moderators, even when userRolesBasedOnToken is enabled and participants are guests. + // lockRoomGuestEnabled: false, + + // When enabled the password used for locking a room is restricted to up to the number of digits specified + // roomPasswordNumberOfDigits: 10, + // default: roomPasswordNumberOfDigits: false, + + // Message to show the users. Example: 'The service will be down for + // maintenance at 01:00 AM GMT, + noticeMessage: '${NOTICE_MESSAGE}', + + // Enables calendar integration, depends on googleApiApplicationClientID + // and microsoftApiApplicationClientID + // enableCalendarIntegration: false, + + // When 'true', it shows an intermediate page before joining, where the user can configure their devices. + // prejoinPageEnabled: false, + + // If true, shows the unsafe room name warning label when a room name is + // deemed unsafe (due to the simplicity in the name) and a password is not + // set or the lobby is not enabled. + // enableInsecureRoomNameWarning: false, + + // Whether to automatically copy invitation URL after creating a room. + // Document should be focused for this option to work + // enableAutomaticUrlCopy: false, + + // Stats + // + + // Whether to enable stats collection or not in the TraceablePeerConnection. + // This can be useful for debugging purposes (post-processing/analysis of + // the webrtc stats) as it is done in the jitsi-meet-torture bandwidth + // estimation tests. + // gatherStats: false, + + // The interval at which PeerConnection.getStats() is called. Defaults to 10000 + // pcStatsInterval: 10000, + + // To enable sending statistics to callstats.io you must provide the + // Application ID and Secret. + // callStatsID: '', + // callStatsSecret: '', + + // Enables sending participants' display names to callstats + // enableDisplayNameInStats: false, + + // Enables sending participants' emails (if available) to callstats and other analytics + // enableEmailInStats: false, + + // Privacy + // + + // If third party requests are disabled, no other server will be contacted. + // This means avatars will be locally generated and callstats integration + // will not function. + disableThirdPartyRequests: $(if [ -z "${ENABLE_THIRD_PARTY_REQUESTS}" ]; then printf "true"; else printf "false"; fi), + + + // Peer-To-Peer mode: used (if enabled) when there are just 2 participants. + // + + p2p: { + // Enables peer to peer mode. When enabled the system will try to + // establish a direct connection when there are exactly 2 participants + // in the room. If that succeeds the conference will stop sending data + // through the JVB and use the peer to peer connection instead. When a + // 3rd participant joins the conference will be moved back to the JVB + // connection. + enabled: true, + + // The STUN servers that will be used in the peer to peer connections + stunServers: [ + + { urls: 'stun:${TURN_SERVER}:443' } + ] + + // Sets the ICE transport policy for the p2p connection. At the time + // of this writing the list of possible values are 'all' and 'relay', + // but that is subject to change in the future. The enum is defined in + // the WebRTC standard: + // https://www.w3.org/TR/webrtc/#rtcicetransportpolicy-enum. + // If not set, the effective value is 'all'. + // iceTransportPolicy: 'all', + + // If set to true, it will prefer to use H.264 for P2P calls (if H.264 + // is supported). This setting is deprecated, use preferredCodec instead. + // preferH264: true + + // Provides a way to set the video codec preference on the p2p connection. Acceptable + // codec values are 'VP8', 'VP9' and 'H264'. + // preferredCodec: 'H264', + + // If set to true, disable H.264 video codec by stripping it out of the + // SDP. This setting is deprecated, use disabledCodec instead. + // disableH264: false, + + // Provides a way to prevent a video codec from being negotiated on the p2p connection. + // disabledCodec: '', + + // How long we're going to wait, before going back to P2P after the 3rd + // participant has left the conference (to filter out page reload). + // backToP2PDelay: 5 + }, + + analytics: { + // The Google Analytics Tracking ID: + // googleAnalyticsTrackingId: 'your-tracking-id-UA-123456-1' + + // Matomo configuration: + // matomoEndpoint: 'https://your-matomo-endpoint/', + // matomoSiteID: '42', + + // The Amplitude APP Key: + // amplitudeAPPKey: '' + + // Configuration for the rtcstats server: + // By enabling rtcstats server every time a conference is joined the rtcstats + // module connects to the provided rtcstatsEndpoint and sends statistics regarding + // PeerConnection states along with getStats metrics polled at the specified + // interval. + // rtcstatsEnabled: true, + + // In order to enable rtcstats one needs to provide a endpoint url. + // rtcstatsEndpoint: wss://rtcstats-server-pilot.jitsi.net/, + + // The interval at which rtcstats will poll getStats, defaults to 1000ms. + // If the value is set to 0 getStats won't be polled and the rtcstats client + // will only send data related to RTCPeerConnection events. + // rtcstatsPolIInterval: 1000 + + // Array of script URLs to load as lib-jitsi-meet "analytics handlers". + // scriptURLs: [ + // "libs/analytics-ga.min.js", // google-analytics + // "https://example.com/my-custom-analytics.js" + // ], + }, + + // Logs that should go be passed through the 'log' event if a handler is defined for it + // apiLogLevels: ['warn', 'log', 'error', 'info', 'debug'], + + // Information about the jitsi-meet instance we are connecting to, including + // the user region as seen by the server. + deploymentInfo: { + // shard: "shard1", + // region: "europe", + // userRegion: "asia" + }, + + // Decides whether the start/stop recording audio notifications should play on record. + // disableRecordAudioNotification: false, + + // Information for the chrome extension banner + // chromeExtensionBanner: { + // // The chrome extension to be installed address + // url: 'https://chrome.google.com/webstore/detail/jitsi-meetings/kglhbbefdnlheedjiejgomgmfplipfeb', + + // // Extensions info which allows checking if they are installed or not + // chromeExtensionsInfo: [ + // { + // id: 'kglhbbefdnlheedjiejgomgmfplipfeb', + // path: 'jitsi-logo-48x48.png' + // } + // ] + // }, + + // Local Recording + // + + // localRecording: { + // Enables local recording. + // Additionally, 'localrecording' (all lowercase) needs to be added to + // TOOLBAR_BUTTONS in interface_config.js for the Local Recording + // button to show up on the toolbar. + // + // enabled: true, + // + + // The recording format, can be one of 'ogg', 'flac' or 'wav'. + // format: 'flac' + // + + // }, + + // Options related to end-to-end (participant to participant) ping. + // e2eping: { + // // The interval in milliseconds at which pings will be sent. + // // Defaults to 10000, set to <= 0 to disable. + // pingInterval: 10000, + // + // // The interval in milliseconds at which analytics events + // // with the measured RTT will be sent. Defaults to 60000, set + // // to <= 0 to disable. + // analyticsInterval: 60000, + // }, + + // If set, will attempt to use the provided video input device label when + // triggering a screenshare, instead of proceeding through the normal flow + // for obtaining a desktop stream. + // NOTE: This option is experimental and is currently intended for internal + // use only. + // _desktopSharingSourceDevice: 'sample-id-or-label', + + // If true, any checks to handoff to another application will be prevented + // and instead the app will continue to display in the current browser. + // disableDeepLinking: false, + + // A property to disable the right click context menu for localVideo + // the menu has option to flip the locally seen video for local presentations + // disableLocalVideoFlip: false, + + // Mainly privacy related settings + + // Disables all invite functions from the app (share, invite, dial out...etc) + // disableInviteFunctions: true, + + // Disables storing the room name to the recents list + // doNotStoreRoom: true, + + // Deployment specific URLs. + // deploymentUrls: { + // // If specified a 'Help' button will be displayed in the overflow menu with a link to the specified URL for + // // user documentation. + // userDocumentationURL: 'https://docs.example.com/video-meetings.html', + // // If specified a 'Download our apps' button will be displayed in the overflow menu with a link + // // to the specified URL for an app download page. + // downloadAppsUrl: 'https://docs.example.com/our-apps.html' + // }, + + // Options related to the remote participant menu. + // remoteVideoMenu: { + // // If set to true the 'Kick out' button will be disabled. + // disableKick: true + // }, + + // If set to true all muting operations of remote participants will be disabled. + // disableRemoteMute: true, + + /** + External API url used to receive branding specific information. + If there is no url set or there are missing fields, the defaults are applied. + None of the fields are mandatory and the response must have the shape: + { + // The hex value for the colour used as background + backgroundColor: '#fff', + // The url for the image used as background + backgroundImageUrl: 'https://example.com/background-img.png', + // The anchor url used when clicking the logo image + logoClickUrl: 'https://example-company.org', + // The url used for the image used as logo + logoImageUrl: 'https://example.com/logo-img.png' + } + */ + brandingDataUrl: "$(if [ -n "${BRANDING_JSON}" ]; then printf "/branding.json"; fi)", + + // The URL of the moderated rooms microservice, if available. If it + // is present, a link to the service will be rendered on the welcome page, + // otherwise the app doesn't render it. + // moderatedRoomServiceUrl: 'https://moderated.${JITSI_HOST}', + + // List of undocumented settings used in jitsi-meet + /** + _immediateReloadThreshold + debug + debugAudioLevels + deploymentInfo + dialInConfCodeUrl + dialInNumbersUrl + dialOutAuthUrl + dialOutCodesUrl + disableRemoteControl + displayJids + etherpad_base + externalConnectUrl + firefox_fake_device + googleApiApplicationClientID + iAmRecorder + iAmSipGateway + microsoftApiApplicationClientID + peopleSearchQueryTypes + peopleSearchUrl + requireDisplayName + tokenAuthUrl + */ + + /** + * This property can be used to alter the generated meeting invite links (in combination with a branding domain + * which is retrieved internally by jitsi meet) (e.g. https://meet.jit.si/someMeeting + * can become https://brandedDomain/roomAlias) + */ + // brandingRoomAlias: null, + + // List of undocumented settings used in lib-jitsi-meet + /** + _peerConnStatusOutOfLastNTimeout + _peerConnStatusRtcMuteTimeout + abTesting + avgRtpStatsN + callStatsConfIDNamespace + callStatsCustomScriptUrl + desktopSharingSources + disableAEC + disableAGC + disableAP + disableHPF + disableNS + enableLipSync + enableTalkWhileMuted + forceJVB121Ratio + hiddenDomain + ignoreStartMuted + nick + startBitrate + */ + + + // Allow all above example options to include a trailing comma and + // prevent fear when commenting out the last value. + makeJsonParserHappy: 'even if last key had a trailing comma' + + // no configuration value should follow this line. +}; + +/* eslint-enable no-unused-vars, no-var */ +EOF +)" diff --git a/type/__evilham_jitsi_meet_domain/files/config.js.sh.orig b/type/__evilham_jitsi_meet_domain/files/config.js.sh.orig new file mode 100644 index 0000000..da2bff5 --- /dev/null +++ b/type/__evilham_jitsi_meet_domain/files/config.js.sh.orig @@ -0,0 +1,694 @@ +/* eslint-disable no-unused-vars, no-var */ + +var config = { + // Connection + // + + hosts: { + // XMPP domain. + domain: 'jitsi-meet.example.org', + + // When using authentication, domain for guest users. + // anonymousdomain: 'guest.example.com', + + // Domain for authenticated users. Defaults to . + // authdomain: 'jitsi-meet.example.org', + + // Call control component (Jigasi). + // call_control: 'callcontrol.jitsi-meet.example.org', + + // Focus component domain. Defaults to focus.. + // focus: 'focus.jitsi-meet.example.org', + + // XMPP MUC domain. FIXME: use XEP-0030 to discover it. + muc: 'conference.jitsi-meet.example.org' + }, + + // BOSH URL. FIXME: use XEP-0156 to discover it. + bosh: '//jitsi-meet.example.org/http-bind', + + // Websocket URL + // websocket: 'wss://jitsi-meet.example.org/xmpp-websocket', + + // The name of client node advertised in XEP-0115 'c' stanza + clientNode: 'http://jitsi.org/jitsimeet', + + // The real JID of focus participant - can be overridden here + // Do not change username - FIXME: Make focus username configurable + // https://github.com/jitsi/jitsi-meet/issues/7376 + // focusUserJid: 'focus@auth.jitsi-meet.example.org', + + + // Testing / experimental features. + // + + testing: { + // Disables the End to End Encryption feature. Useful for debugging + // issues related to insertable streams. + // disableE2EE: false, + + // P2P test mode disables automatic switching to P2P when there are 2 + // participants in the conference. + p2pTestMode: false + + // Enables the test specific features consumed by jitsi-meet-torture + // testMode: false + + // Disables the auto-play behavior of *all* newly created video element. + // This is useful when the client runs on a host with limited resources. + // noAutoPlayVideo: false + + // Enable / disable 500 Kbps bitrate cap on desktop tracks. When enabled, + // simulcast is turned off for the desktop share. If presenter is turned + // on while screensharing is in progress, the max bitrate is automatically + // adjusted to 2.5 Mbps. This takes a value between 0 and 1 which determines + // the probability for this to be enabled. + // capScreenshareBitrate: 1 // 0 to disable + + // Enable callstats only for a percentage of users. + // This takes a value between 0 and 100 which determines the probability for + // the callstats to be enabled. + // callStatsThreshold: 5 // enable callstats for 5% of the users. + }, + + // Disables ICE/UDP by filtering out local and remote UDP candidates in + // signalling. + // webrtcIceUdpDisable: false, + + // Disables ICE/TCP by filtering out local and remote TCP candidates in + // signalling. + // webrtcIceTcpDisable: false, + + + // Media + // + + // Audio + + // Disable measuring of audio levels. + // disableAudioLevels: false, + // audioLevelsInterval: 200, + + // Enabling this will run the lib-jitsi-meet no audio detection module which + // will notify the user if the current selected microphone has no audio + // input and will suggest another valid device if one is present. + enableNoAudioDetection: true, + + // Enabling this will run the lib-jitsi-meet noise detection module which will + // notify the user if there is noise, other than voice, coming from the current + // selected microphone. The purpose it to let the user know that the input could + // be potentially unpleasant for other meeting participants. + enableNoisyMicDetection: true, + + // Start the conference in audio only mode (no video is being received nor + // sent). + // startAudioOnly: false, + + // Every participant after the Nth will start audio muted. + // startAudioMuted: 10, + + // Start calls with audio muted. Unlike the option above, this one is only + // applied locally. FIXME: having these 2 options is confusing. + // startWithAudioMuted: false, + + // Enabling it (with #params) will disable local audio output of remote + // participants and to enable it back a reload is needed. + // startSilent: false + + // Sets the preferred target bitrate for the Opus audio codec by setting its + // 'maxaveragebitrate' parameter. Currently not available in p2p mode. + // Valid values are in the range 6000 to 510000 + // opusMaxAverageBitrate: 20000, + + // Enables redundancy for Opus + // enableOpusRed: false + + // Video + + // Sets the preferred resolution (height) for local video. Defaults to 720. + // resolution: 720, + + // How many participants while in the tile view mode, before the receiving video quality is reduced from HD to SD. + // Use -1 to disable. + // maxFullResolutionParticipants: 2, + + // w3c spec-compliant video constraints to use for video capture. Currently + // used by browsers that return true from lib-jitsi-meet's + // util#browser#usesNewGumFlow. The constraints are independent from + // this config's resolution value. Defaults to requesting an ideal + // resolution of 720p. + // constraints: { + // video: { + // height: { + // ideal: 720, + // max: 720, + // min: 240 + // } + // } + // }, + + // Enable / disable simulcast support. + // disableSimulcast: false, + + // Enable / disable layer suspension. If enabled, endpoints whose HD + // layers are not in use will be suspended (no longer sent) until they + // are requested again. + // enableLayerSuspension: false, + + // Every participant after the Nth will start video muted. + // startVideoMuted: 10, + + // Start calls with video muted. Unlike the option above, this one is only + // applied locally. FIXME: having these 2 options is confusing. + // startWithVideoMuted: false, + + // If set to true, prefer to use the H.264 video codec (if supported). + // Note that it's not recommended to do this because simulcast is not + // supported when using H.264. For 1-to-1 calls this setting is enabled by + // default and can be toggled in the p2p section. + // This option has been deprecated, use preferredCodec under videoQuality section instead. + // preferH264: true, + + // If set to true, disable H.264 video codec by stripping it out of the + // SDP. + // disableH264: false, + + // Desktop sharing + + // Optional desktop sharing frame rate options. Default value: min:5, max:5. + // desktopSharingFrameRate: { + // min: 5, + // max: 5 + // }, + + // Try to start calls with screen-sharing instead of camera video. + // startScreenSharing: false, + + // Recording + + // Whether to enable file recording or not. + // fileRecordingsEnabled: false, + // Enable the dropbox integration. + // dropbox: { + // appKey: '' // Specify your app key here. + // // A URL to redirect the user to, after authenticating + // // by default uses: + // // 'https://jitsi-meet.example.org/static/oauth.html' + // redirectURI: + // 'https://jitsi-meet.example.org/subfolder/static/oauth.html' + // }, + // When integrations like dropbox are enabled only that will be shown, + // by enabling fileRecordingsServiceEnabled, we show both the integrations + // and the generic recording service (its configuration and storage type + // depends on jibri configuration) + // fileRecordingsServiceEnabled: false, + // Whether to show the possibility to share file recording with other people + // (e.g. meeting participants), based on the actual implementation + // on the backend. + // fileRecordingsServiceSharingEnabled: false, + + // Whether to enable live streaming or not. + // liveStreamingEnabled: false, + + // Transcription (in interface_config, + // subtitles and buttons can be configured) + // transcribingEnabled: false, + + // Enables automatic turning on captions when recording is started + // autoCaptionOnRecord: false, + + // Misc + + // Default value for the channel "last N" attribute. -1 for unlimited. + channelLastN: -1, + + // Provides a way to use different "last N" values based on the number of participants in the conference. + // The keys in an Object represent number of participants and the values are "last N" to be used when number of + // participants gets to or above the number. + // + // For the given example mapping, "last N" will be set to 20 as long as there are at least 5, but less than + // 29 participants in the call and it will be lowered to 15 when the 30th participant joins. The 'channelLastN' + // will be used as default until the first threshold is reached. + // + // lastNLimits: { + // 5: 20, + // 30: 15, + // 50: 10, + // 70: 5, + // 90: 2 + // }, + + // Specify the settings for video quality optimizations on the client. + // videoQuality: { + // // Provides a way to prevent a video codec from being negotiated on the JVB connection. The codec specified + // // here will be removed from the list of codecs present in the SDP answer generated by the client. If the + // // same codec is specified for both the disabled and preferred option, the disable settings will prevail. + // // Note that 'VP8' cannot be disabled since it's a mandatory codec, the setting will be ignored in this case. + // disabledCodec: 'H264', + // + // // Provides a way to set a preferred video codec for the JVB connection. If 'H264' is specified here, + // // simulcast will be automatically disabled since JVB doesn't support H264 simulcast yet. This will only + // // rearrange the the preference order of the codecs in the SDP answer generated by the browser only if the + // // preferred codec specified here is present. Please ensure that the JVB offers the specified codec for this + // // to take effect. + // preferredCodec: 'VP8', + // + // // Provides a way to configure the maximum bitrates that will be enforced on the simulcast streams for + // // video tracks. The keys in the object represent the type of the stream (LD, SD or HD) and the values + // // are the max.bitrates to be set on that particular type of stream. The actual send may vary based on + // // the available bandwidth calculated by the browser, but it will be capped by the values specified here. + // // This is currently not implemented on app based clients on mobile. + // maxBitratesVideo: { + // low: 200000, + // standard: 500000, + // high: 1500000 + // }, + // + // // The options can be used to override default thresholds of video thumbnail heights corresponding to + // // the video quality levels used in the application. At the time of this writing the allowed levels are: + // // 'low' - for the low quality level (180p at the time of this writing) + // // 'standard' - for the medium quality level (360p) + // // 'high' - for the high quality level (720p) + // // The keys should be positive numbers which represent the minimal thumbnail height for the quality level. + // // + // // With the default config value below the application will use 'low' quality until the thumbnails are + // // at least 360 pixels tall. If the thumbnail height reaches 720 pixels then the application will switch to + // // the high quality. + // minHeightForQualityLvl: { + // 360: 'standard, + // 720: 'high' + // } + // }, + + // // Options for the recording limit notification. + // recordingLimit: { + // + // // The recording limit in minutes. Note: This number appears in the notification text + // // but doesn't enforce the actual recording time limit. This should be configured in + // // jibri! + // limit: 60, + // + // // The name of the app with unlimited recordings. + // appName: 'Unlimited recordings APP', + // + // // The URL of the app with unlimited recordings. + // appURL: 'https://unlimited.recordings.app.com/' + // }, + + // Disables or enables RTX (RFC 4588) (defaults to false). + // disableRtx: false, + + // Disables or enables TCC (the default is in Jicofo and set to true) + // (draft-holmer-rmcat-transport-wide-cc-extensions-01). This setting + // affects congestion control, it practically enables send-side bandwidth + // estimations. + // enableTcc: true, + + // Disables or enables REMB (the default is in Jicofo and set to false) + // (draft-alvestrand-rmcat-remb-03). This setting affects congestion + // control, it practically enables recv-side bandwidth estimations. When + // both TCC and REMB are enabled, TCC takes precedence. When both are + // disabled, then bandwidth estimations are disabled. + // enableRemb: false, + + // Enables ICE restart logic in LJM and displays the page reload overlay on + // ICE failure. Current disabled by default because it's causing issues with + // signaling when Octo is enabled. Also when we do an "ICE restart"(which is + // not a real ICE restart), the client maintains the TCC sequence number + // counter, but the bridge resets it. The bridge sends media packets with + // TCC sequence numbers starting from 0. + // enableIceRestart: false, + + // Defines the minimum number of participants to start a call (the default + // is set in Jicofo and set to 2). + // minParticipants: 2, + + // Use TURN/UDP servers for the jitsi-videobridge connection (by default + // we filter out TURN/UDP because it is usually not needed since the + // bridge itself is reachable via UDP) + // useTurnUdp: false + + // Enables / disables a data communication channel with the Videobridge. + // Values can be 'datachannel', 'websocket', true (treat it as + // 'datachannel'), undefined (treat it as 'datachannel') and false (don't + // open any channel). + // openBridgeChannel: true, + openBridgeChannel: 'websocket', + + + // UI + // + + // Hides lobby button + // hideLobbyButton: false, + + // Require users to always specify a display name. + // requireDisplayName: true, + + // Whether to use a welcome page or not. In case it's false a random room + // will be joined when no room is specified. + enableWelcomePage: true, + + // Enabling the close page will ignore the welcome page redirection when + // a call is hangup. + // enableClosePage: false, + + // Disable hiding of remote thumbnails when in a 1-on-1 conference call. + // disable1On1Mode: false, + + // Default language for the user interface. + // defaultLanguage: 'en', + + // If true all users without a token will be considered guests and all users + // with token will be considered non-guests. Only guests will be allowed to + // edit their profile. + enableUserRolesBasedOnToken: false, + + // Whether or not some features are checked based on token. + // enableFeaturesBasedOnToken: false, + + // Enable lock room for all moderators, even when userRolesBasedOnToken is enabled and participants are guests. + // lockRoomGuestEnabled: false, + + // When enabled the password used for locking a room is restricted to up to the number of digits specified + // roomPasswordNumberOfDigits: 10, + // default: roomPasswordNumberOfDigits: false, + + // Message to show the users. Example: 'The service will be down for + // maintenance at 01:00 AM GMT, + // noticeMessage: '', + + // Enables calendar integration, depends on googleApiApplicationClientID + // and microsoftApiApplicationClientID + // enableCalendarIntegration: false, + + // When 'true', it shows an intermediate page before joining, where the user can configure their devices. + // prejoinPageEnabled: false, + + // If true, shows the unsafe room name warning label when a room name is + // deemed unsafe (due to the simplicity in the name) and a password is not + // set or the lobby is not enabled. + // enableInsecureRoomNameWarning: false, + + // Whether to automatically copy invitation URL after creating a room. + // Document should be focused for this option to work + // enableAutomaticUrlCopy: false, + + // Stats + // + + // Whether to enable stats collection or not in the TraceablePeerConnection. + // This can be useful for debugging purposes (post-processing/analysis of + // the webrtc stats) as it is done in the jitsi-meet-torture bandwidth + // estimation tests. + // gatherStats: false, + + // The interval at which PeerConnection.getStats() is called. Defaults to 10000 + // pcStatsInterval: 10000, + + // To enable sending statistics to callstats.io you must provide the + // Application ID and Secret. + // callStatsID: '', + // callStatsSecret: '', + + // Enables sending participants' display names to callstats + // enableDisplayNameInStats: false, + + // Enables sending participants' emails (if available) to callstats and other analytics + // enableEmailInStats: false, + + // Privacy + // + + // If third party requests are disabled, no other server will be contacted. + // This means avatars will be locally generated and callstats integration + // will not function. + // disableThirdPartyRequests: false, + + + // Peer-To-Peer mode: used (if enabled) when there are just 2 participants. + // + + p2p: { + // Enables peer to peer mode. When enabled the system will try to + // establish a direct connection when there are exactly 2 participants + // in the room. If that succeeds the conference will stop sending data + // through the JVB and use the peer to peer connection instead. When a + // 3rd participant joins the conference will be moved back to the JVB + // connection. + enabled: true, + + // The STUN servers that will be used in the peer to peer connections + stunServers: [ + + // { urls: 'stun:jitsi-meet.example.org:3478' }, + { urls: 'stun:meet-jit-si-turnrelay.jitsi.net:443' } + ] + + // Sets the ICE transport policy for the p2p connection. At the time + // of this writing the list of possible values are 'all' and 'relay', + // but that is subject to change in the future. The enum is defined in + // the WebRTC standard: + // https://www.w3.org/TR/webrtc/#rtcicetransportpolicy-enum. + // If not set, the effective value is 'all'. + // iceTransportPolicy: 'all', + + // If set to true, it will prefer to use H.264 for P2P calls (if H.264 + // is supported). This setting is deprecated, use preferredCodec instead. + // preferH264: true + + // Provides a way to set the video codec preference on the p2p connection. Acceptable + // codec values are 'VP8', 'VP9' and 'H264'. + // preferredCodec: 'H264', + + // If set to true, disable H.264 video codec by stripping it out of the + // SDP. This setting is deprecated, use disabledCodec instead. + // disableH264: false, + + // Provides a way to prevent a video codec from being negotiated on the p2p connection. + // disabledCodec: '', + + // How long we're going to wait, before going back to P2P after the 3rd + // participant has left the conference (to filter out page reload). + // backToP2PDelay: 5 + }, + + analytics: { + // The Google Analytics Tracking ID: + // googleAnalyticsTrackingId: 'your-tracking-id-UA-123456-1' + + // Matomo configuration: + // matomoEndpoint: 'https://your-matomo-endpoint/', + // matomoSiteID: '42', + + // The Amplitude APP Key: + // amplitudeAPPKey: '' + + // Configuration for the rtcstats server: + // By enabling rtcstats server every time a conference is joined the rtcstats + // module connects to the provided rtcstatsEndpoint and sends statistics regarding + // PeerConnection states along with getStats metrics polled at the specified + // interval. + // rtcstatsEnabled: true, + + // In order to enable rtcstats one needs to provide a endpoint url. + // rtcstatsEndpoint: wss://rtcstats-server-pilot.jitsi.net/, + + // The interval at which rtcstats will poll getStats, defaults to 1000ms. + // If the value is set to 0 getStats won't be polled and the rtcstats client + // will only send data related to RTCPeerConnection events. + // rtcstatsPolIInterval: 1000 + + // Array of script URLs to load as lib-jitsi-meet "analytics handlers". + // scriptURLs: [ + // "libs/analytics-ga.min.js", // google-analytics + // "https://example.com/my-custom-analytics.js" + // ], + }, + + // Logs that should go be passed through the 'log' event if a handler is defined for it + // apiLogLevels: ['warn', 'log', 'error', 'info', 'debug'], + + // Information about the jitsi-meet instance we are connecting to, including + // the user region as seen by the server. + deploymentInfo: { + // shard: "shard1", + // region: "europe", + // userRegion: "asia" + }, + + // Decides whether the start/stop recording audio notifications should play on record. + // disableRecordAudioNotification: false, + + // Information for the chrome extension banner + // chromeExtensionBanner: { + // // The chrome extension to be installed address + // url: 'https://chrome.google.com/webstore/detail/jitsi-meetings/kglhbbefdnlheedjiejgomgmfplipfeb', + + // // Extensions info which allows checking if they are installed or not + // chromeExtensionsInfo: [ + // { + // id: 'kglhbbefdnlheedjiejgomgmfplipfeb', + // path: 'jitsi-logo-48x48.png' + // } + // ] + // }, + + // Local Recording + // + + // localRecording: { + // Enables local recording. + // Additionally, 'localrecording' (all lowercase) needs to be added to + // TOOLBAR_BUTTONS in interface_config.js for the Local Recording + // button to show up on the toolbar. + // + // enabled: true, + // + + // The recording format, can be one of 'ogg', 'flac' or 'wav'. + // format: 'flac' + // + + // }, + + // Options related to end-to-end (participant to participant) ping. + // e2eping: { + // // The interval in milliseconds at which pings will be sent. + // // Defaults to 10000, set to <= 0 to disable. + // pingInterval: 10000, + // + // // The interval in milliseconds at which analytics events + // // with the measured RTT will be sent. Defaults to 60000, set + // // to <= 0 to disable. + // analyticsInterval: 60000, + // }, + + // If set, will attempt to use the provided video input device label when + // triggering a screenshare, instead of proceeding through the normal flow + // for obtaining a desktop stream. + // NOTE: This option is experimental and is currently intended for internal + // use only. + // _desktopSharingSourceDevice: 'sample-id-or-label', + + // If true, any checks to handoff to another application will be prevented + // and instead the app will continue to display in the current browser. + // disableDeepLinking: false, + + // A property to disable the right click context menu for localVideo + // the menu has option to flip the locally seen video for local presentations + // disableLocalVideoFlip: false, + + // Mainly privacy related settings + + // Disables all invite functions from the app (share, invite, dial out...etc) + // disableInviteFunctions: true, + + // Disables storing the room name to the recents list + // doNotStoreRoom: true, + + // Deployment specific URLs. + // deploymentUrls: { + // // If specified a 'Help' button will be displayed in the overflow menu with a link to the specified URL for + // // user documentation. + // userDocumentationURL: 'https://docs.example.com/video-meetings.html', + // // If specified a 'Download our apps' button will be displayed in the overflow menu with a link + // // to the specified URL for an app download page. + // downloadAppsUrl: 'https://docs.example.com/our-apps.html' + // }, + + // Options related to the remote participant menu. + // remoteVideoMenu: { + // // If set to true the 'Kick out' button will be disabled. + // disableKick: true + // }, + + // If set to true all muting operations of remote participants will be disabled. + // disableRemoteMute: true, + + /** + External API url used to receive branding specific information. + If there is no url set or there are missing fields, the defaults are applied. + None of the fields are mandatory and the response must have the shape: + { + // The hex value for the colour used as background + backgroundColor: '#fff', + // The url for the image used as background + backgroundImageUrl: 'https://example.com/background-img.png', + // The anchor url used when clicking the logo image + logoClickUrl: 'https://example-company.org', + // The url used for the image used as logo + logoImageUrl: 'https://example.com/logo-img.png' + } + */ + // brandingDataUrl: '', + + // The URL of the moderated rooms microservice, if available. If it + // is present, a link to the service will be rendered on the welcome page, + // otherwise the app doesn't render it. + // moderatedRoomServiceUrl: 'https://moderated.jitsi-meet.example.org', + + // List of undocumented settings used in jitsi-meet + /** + _immediateReloadThreshold + debug + debugAudioLevels + deploymentInfo + dialInConfCodeUrl + dialInNumbersUrl + dialOutAuthUrl + dialOutCodesUrl + disableRemoteControl + displayJids + etherpad_base + externalConnectUrl + firefox_fake_device + googleApiApplicationClientID + iAmRecorder + iAmSipGateway + microsoftApiApplicationClientID + peopleSearchQueryTypes + peopleSearchUrl + requireDisplayName + tokenAuthUrl + */ + + /** + * This property can be used to alter the generated meeting invite links (in combination with a branding domain + * which is retrieved internally by jitsi meet) (e.g. https://meet.jit.si/someMeeting + * can become https://brandedDomain/roomAlias) + */ + // brandingRoomAlias: null, + + // List of undocumented settings used in lib-jitsi-meet + /** + _peerConnStatusOutOfLastNTimeout + _peerConnStatusRtcMuteTimeout + abTesting + avgRtpStatsN + callStatsConfIDNamespace + callStatsCustomScriptUrl + desktopSharingSources + disableAEC + disableAGC + disableAP + disableHPF + disableNS + enableLipSync + enableTalkWhileMuted + forceJVB121Ratio + hiddenDomain + ignoreStartMuted + nick + startBitrate + */ + + + // Allow all above example options to include a trailing comma and + // prevent fear when commenting out the last value. + makeJsonParserHappy: 'even if last key had a trailing comma' + + // no configuration value should follow this line. +}; + +/* eslint-enable no-unused-vars, no-var */ diff --git a/type/__evilham_jitsi_meet_domain/files/nginx.sh b/type/__evilham_jitsi_meet_domain/files/nginx.sh new file mode 100644 index 0000000..bb300fd --- /dev/null +++ b/type/__evilham_jitsi_meet_domain/files/nginx.sh @@ -0,0 +1,156 @@ +#!/bin/sh -e + +# shellcheck disable=SC2034 # This is intended to be included +JITSI_NGINX_CONFIG="$(cat < + + +COPYING +------- +Copyright \(C) 2020 Evilham. diff --git a/type/__evilham_jitsi_meet_domain/manifest b/type/__evilham_jitsi_meet_domain/manifest new file mode 100755 index 0000000..8d28256 --- /dev/null +++ b/type/__evilham_jitsi_meet_domain/manifest @@ -0,0 +1,88 @@ +#!/bin/sh -e + +os="$(cat "${__global}/explorer/os")" +case "${os}" in + devuan|debian) + ;; + *) + echo "Your OS '${os}' is currently not supported." > /dev/stderr + exit 1 + ;; +esac + +DOMAIN="${__object_id}" +ADMIN_EMAIL="$(cat "${__object}/parameter/admin-email")" +CHANNEL_LAST_N="$(cat "${__object}/parameter/channel-last-n")" +DEFAULT_LANGUAGE="$(cat "${__object}/parameter/default-language")" +NOTICE_MESSAGE="$(cat "${__object}/parameter/notice-message")" +START_VIDEO_MUTED="$(cat "${__object}/parameter/start-video-muted")" +TURN_SERVER="$(cat "${__object}/parameter/turn-server")" +VIDEO_CONSTRAINTS="$(cat "${__object}/parameter/video-constraints")" +BRANDING_INDEX="$(cat "${__object}/parameter/branding-index")" +BRANDING_JSON="$(cat "${__object}/parameter/branding-json")" +BRANDING_WATERMARK="$(cat "${__object}/parameter/branding-watermark")" + +if [ -f "${__object}/parameter/enable-third-party-requests" ]; then + ENABLE_THIRD_PARTY_REQUESTS="YES" +fi +if [ -f "${__object}/parameter/disable-audio-levels" ]; then + DISABLE_AUDIO_LEVELS="YES" +fi + +if [ -z "${TURN_SERVER}" ]; then + TURN_SERVER="${__target_host}" +fi +if [ -z "${JITSI_HOST}" ]; then + JITSI_HOST="${__target_host}" +fi + +# +# Deal with certbot +# +# use object id as domain +__letsencrypt_cert "${DOMAIN}" \ + --admin-email "${ADMIN_EMAIL}" \ + --automatic-renewal \ + --renew-hook "service nginx reload" \ + --webroot /usr/share/jitsi-meet + +# Create virtualhost for nginx +. "${__type}/files/nginx.sh" # This defines JITSI_NGINX_CONFIG +require="__letsencrypt_cert/${DOMAIN}" __file \ + "/etc/nginx/sites-enabled/${DOMAIN}.conf" \ + --mode 0644 --source "-" < Date: Mon, 11 Jan 2021 12:01:04 +0100 Subject: [PATCH 71/84] 'unbrand' evilham's jitsi types --- .../prometheus-jitsi-meet-explorer-version | 0 .../files/debconf_settings.sh | 0 .../files/ufw | 0 .../gencode-remote | 0 .../man.rst | 14 +++++++------- .../manifest | 0 .../parameter/boolean | 0 .../parameter/default/turn-server | 0 .../parameter/optional | 0 .../singleton | 0 .../files/config.js.sh | 0 .../files/config.js.sh.orig | 0 .../files/nginx.sh | 0 .../files/nginx.sh.orig | 0 .../gencode-remote | 0 .../man.rst | 17 ++++++++--------- .../manifest | 0 .../parameter/boolean | 0 .../parameter/default/branding-index | 0 .../parameter/default/branding-json | 0 .../parameter/default/branding-watermark | 0 .../parameter/default/channel-last-n | 0 .../parameter/default/default-language | 0 .../parameter/default/notice-message | 0 .../parameter/default/start-video-muted | 0 .../parameter/default/turn-server | 0 .../parameter/default/video-constraints | 0 .../parameter/optional | 0 .../parameter/required | 0 29 files changed, 15 insertions(+), 16 deletions(-) rename type/{__evilham_jitsi_meet => __jitsi_meet}/explorer/prometheus-jitsi-meet-explorer-version (100%) rename type/{__evilham_jitsi_meet => __jitsi_meet}/files/debconf_settings.sh (100%) rename type/{__evilham_jitsi_meet => __jitsi_meet}/files/ufw (100%) rename type/{__evilham_jitsi_meet => __jitsi_meet}/gencode-remote (100%) rename type/{__evilham_jitsi_meet => __jitsi_meet}/man.rst (82%) rename type/{__evilham_jitsi_meet => __jitsi_meet}/manifest (100%) rename type/{__evilham_jitsi_meet => __jitsi_meet}/parameter/boolean (100%) rename type/{__evilham_jitsi_meet => __jitsi_meet}/parameter/default/turn-server (100%) rename type/{__evilham_jitsi_meet => __jitsi_meet}/parameter/optional (100%) rename type/{__evilham_jitsi_meet => __jitsi_meet}/singleton (100%) rename type/{__evilham_jitsi_meet_domain => __jitsi_meet_domain}/files/config.js.sh (100%) rename type/{__evilham_jitsi_meet_domain => __jitsi_meet_domain}/files/config.js.sh.orig (100%) rename type/{__evilham_jitsi_meet_domain => __jitsi_meet_domain}/files/nginx.sh (100%) rename type/{__evilham_jitsi_meet_domain => __jitsi_meet_domain}/files/nginx.sh.orig (100%) rename type/{__evilham_jitsi_meet_domain => __jitsi_meet_domain}/gencode-remote (100%) rename type/{__evilham_jitsi_meet_domain => __jitsi_meet_domain}/man.rst (87%) rename type/{__evilham_jitsi_meet_domain => __jitsi_meet_domain}/manifest (100%) rename type/{__evilham_jitsi_meet_domain => __jitsi_meet_domain}/parameter/boolean (100%) rename type/{__evilham_jitsi_meet_domain => __jitsi_meet_domain}/parameter/default/branding-index (100%) rename type/{__evilham_jitsi_meet_domain => __jitsi_meet_domain}/parameter/default/branding-json (100%) rename type/{__evilham_jitsi_meet_domain => __jitsi_meet_domain}/parameter/default/branding-watermark (100%) rename type/{__evilham_jitsi_meet_domain => __jitsi_meet_domain}/parameter/default/channel-last-n (100%) rename type/{__evilham_jitsi_meet_domain => __jitsi_meet_domain}/parameter/default/default-language (100%) rename type/{__evilham_jitsi_meet_domain => __jitsi_meet_domain}/parameter/default/notice-message (100%) rename type/{__evilham_jitsi_meet_domain => __jitsi_meet_domain}/parameter/default/start-video-muted (100%) rename type/{__evilham_jitsi_meet_domain => __jitsi_meet_domain}/parameter/default/turn-server (100%) rename type/{__evilham_jitsi_meet_domain => __jitsi_meet_domain}/parameter/default/video-constraints (100%) rename type/{__evilham_jitsi_meet_domain => __jitsi_meet_domain}/parameter/optional (100%) rename type/{__evilham_jitsi_meet_domain => __jitsi_meet_domain}/parameter/required (100%) diff --git a/type/__evilham_jitsi_meet/explorer/prometheus-jitsi-meet-explorer-version b/type/__jitsi_meet/explorer/prometheus-jitsi-meet-explorer-version similarity index 100% rename from type/__evilham_jitsi_meet/explorer/prometheus-jitsi-meet-explorer-version rename to type/__jitsi_meet/explorer/prometheus-jitsi-meet-explorer-version diff --git a/type/__evilham_jitsi_meet/files/debconf_settings.sh b/type/__jitsi_meet/files/debconf_settings.sh similarity index 100% rename from type/__evilham_jitsi_meet/files/debconf_settings.sh rename to type/__jitsi_meet/files/debconf_settings.sh diff --git a/type/__evilham_jitsi_meet/files/ufw b/type/__jitsi_meet/files/ufw similarity index 100% rename from type/__evilham_jitsi_meet/files/ufw rename to type/__jitsi_meet/files/ufw diff --git a/type/__evilham_jitsi_meet/gencode-remote b/type/__jitsi_meet/gencode-remote similarity index 100% rename from type/__evilham_jitsi_meet/gencode-remote rename to type/__jitsi_meet/gencode-remote diff --git a/type/__evilham_jitsi_meet/man.rst b/type/__jitsi_meet/man.rst similarity index 82% rename from type/__evilham_jitsi_meet/man.rst rename to type/__jitsi_meet/man.rst index b97130b..3d02346 100644 --- a/type/__evilham_jitsi_meet/man.rst +++ b/type/__jitsi_meet/man.rst @@ -1,10 +1,10 @@ -cdist-type__evilham_jitsi_meet(7) +cdist-type__jitsi_meet(7) ================================= NAME ---- -cdist-type__evilham_jitsi_meet - Setup the server-side of Jitsi-Meet. +cdist-type__jitsi_meet - Setup the server-side of Jitsi-Meet. DESCRIPTION @@ -17,8 +17,8 @@ eXO's notes for installing and managing Jitsi Meet instances. This type also sets up nginx in a way that is compatible with `__letsencrypt_cert` and assumes that it will only serve Jitsi instances. -You will also need the `__evilham_jitsi_meet_domain` type in order to finish -setting up the web frontend (including TLS certificates) and its settings. +You will also need the `__jitsi_meet_domain` type in order to finish setting up +the web frontend (including TLS certificates) and its settings. You may want to use the `files/ufw` example manifest for a `__ufw`-based firewall compatible with this type. @@ -60,17 +60,17 @@ EXAMPLES .. code-block:: sh # Setup the firewall - . "${__global}/type/__evilham_jitsi_meet/files/ufw" + . "${__global}/type/__jitsi_meet/files/ufw" export require="__ufw" # Setup Jitsi on this host - __evilham_jitsi_meet \ + __jitsi_meet \ --turn-server "turn.exo.cat" \ --turn-secret "WeNeedGoodSecurity" SEE ALSO -------- -- `__evilham_jitsi_meet_domain` +- `__jitsi_meet_domain` diff --git a/type/__evilham_jitsi_meet/manifest b/type/__jitsi_meet/manifest similarity index 100% rename from type/__evilham_jitsi_meet/manifest rename to type/__jitsi_meet/manifest diff --git a/type/__evilham_jitsi_meet/parameter/boolean b/type/__jitsi_meet/parameter/boolean similarity index 100% rename from type/__evilham_jitsi_meet/parameter/boolean rename to type/__jitsi_meet/parameter/boolean diff --git a/type/__evilham_jitsi_meet/parameter/default/turn-server b/type/__jitsi_meet/parameter/default/turn-server similarity index 100% rename from type/__evilham_jitsi_meet/parameter/default/turn-server rename to type/__jitsi_meet/parameter/default/turn-server diff --git a/type/__evilham_jitsi_meet/parameter/optional b/type/__jitsi_meet/parameter/optional similarity index 100% rename from type/__evilham_jitsi_meet/parameter/optional rename to type/__jitsi_meet/parameter/optional diff --git a/type/__evilham_jitsi_meet/singleton b/type/__jitsi_meet/singleton similarity index 100% rename from type/__evilham_jitsi_meet/singleton rename to type/__jitsi_meet/singleton diff --git a/type/__evilham_jitsi_meet_domain/files/config.js.sh b/type/__jitsi_meet_domain/files/config.js.sh similarity index 100% rename from type/__evilham_jitsi_meet_domain/files/config.js.sh rename to type/__jitsi_meet_domain/files/config.js.sh diff --git a/type/__evilham_jitsi_meet_domain/files/config.js.sh.orig b/type/__jitsi_meet_domain/files/config.js.sh.orig similarity index 100% rename from type/__evilham_jitsi_meet_domain/files/config.js.sh.orig rename to type/__jitsi_meet_domain/files/config.js.sh.orig diff --git a/type/__evilham_jitsi_meet_domain/files/nginx.sh b/type/__jitsi_meet_domain/files/nginx.sh similarity index 100% rename from type/__evilham_jitsi_meet_domain/files/nginx.sh rename to type/__jitsi_meet_domain/files/nginx.sh diff --git a/type/__evilham_jitsi_meet_domain/files/nginx.sh.orig b/type/__jitsi_meet_domain/files/nginx.sh.orig similarity index 100% rename from type/__evilham_jitsi_meet_domain/files/nginx.sh.orig rename to type/__jitsi_meet_domain/files/nginx.sh.orig diff --git a/type/__evilham_jitsi_meet_domain/gencode-remote b/type/__jitsi_meet_domain/gencode-remote similarity index 100% rename from type/__evilham_jitsi_meet_domain/gencode-remote rename to type/__jitsi_meet_domain/gencode-remote diff --git a/type/__evilham_jitsi_meet_domain/man.rst b/type/__jitsi_meet_domain/man.rst similarity index 87% rename from type/__evilham_jitsi_meet_domain/man.rst rename to type/__jitsi_meet_domain/man.rst index ea997f4..862701a 100644 --- a/type/__evilham_jitsi_meet_domain/man.rst +++ b/type/__jitsi_meet_domain/man.rst @@ -1,10 +1,10 @@ -cdist-type__evilham_jitsi_meet_domain(7) +cdist-type__jitsi_meet_domain(7) ======================================== NAME ---- -cdist-type__evilham_jitsi_meet_domain - Setup a frontend for Jitsi-Meet. +cdist-type__jitsi_meet_domain - Setup a frontend for Jitsi-Meet. DESCRIPTION @@ -20,9 +20,8 @@ This is due to the underlying XMPP and signaling rooms being common. There might be a way to perform tricks on the Nginx-side to avoid this, but time is lacking :-). -This assumes `__evilham_jitsi_meet` has already been ran on the target host, -and, amongst others, that Jitsi was set up with `__target_host` as the Jitsi -domain. +This assumes `__jitsi_meet` has already been ran on the target host, and, +amongst others, that Jitsi was set up with `__target_host` as the Jitsi domain. This type will take care of TLS settings, branding and client-side configuration for Jitsi. @@ -73,13 +72,13 @@ video-constraints this config's resolution value. Defaults to requesting an ideal resolution of 720p. It must not have a trailing comma, see `constraints` in - `__evilham_jitsi_meet_domain/files/config.js.sh`. + `__jitsi_meet_domain/files/config.js.sh`. branding-json Path to a JSON file that will be served as the `brandingDataUrl`. For information on the format see `brandingDataUrl` in - `__evilham_jitsi_meet_domain/files/config.js.sh`. + `__jitsi_meet_domain/files/config.js.sh`. If not set, no branding will be set up. @@ -114,7 +113,7 @@ EXAMPLES .. code-block:: sh # Setup a Jitsi frontend for jitsi.exo.cat - __evilham_jitsi_meet_domain "jitsi.exo.cat" \ + __jitsi_meet_domain "jitsi.exo.cat" \ --admin-email "info@exo.cat" \ --turn-server "turn.exo.cat" \ --notice-message "Hola!" \ @@ -137,7 +136,7 @@ EXAMPLES SEE ALSO -------- -- `__evilham_jitsi_meet` +- `__jitsi_meet` diff --git a/type/__evilham_jitsi_meet_domain/manifest b/type/__jitsi_meet_domain/manifest similarity index 100% rename from type/__evilham_jitsi_meet_domain/manifest rename to type/__jitsi_meet_domain/manifest diff --git a/type/__evilham_jitsi_meet_domain/parameter/boolean b/type/__jitsi_meet_domain/parameter/boolean similarity index 100% rename from type/__evilham_jitsi_meet_domain/parameter/boolean rename to type/__jitsi_meet_domain/parameter/boolean diff --git a/type/__evilham_jitsi_meet_domain/parameter/default/branding-index b/type/__jitsi_meet_domain/parameter/default/branding-index similarity index 100% rename from type/__evilham_jitsi_meet_domain/parameter/default/branding-index rename to type/__jitsi_meet_domain/parameter/default/branding-index diff --git a/type/__evilham_jitsi_meet_domain/parameter/default/branding-json b/type/__jitsi_meet_domain/parameter/default/branding-json similarity index 100% rename from type/__evilham_jitsi_meet_domain/parameter/default/branding-json rename to type/__jitsi_meet_domain/parameter/default/branding-json diff --git a/type/__evilham_jitsi_meet_domain/parameter/default/branding-watermark b/type/__jitsi_meet_domain/parameter/default/branding-watermark similarity index 100% rename from type/__evilham_jitsi_meet_domain/parameter/default/branding-watermark rename to type/__jitsi_meet_domain/parameter/default/branding-watermark diff --git a/type/__evilham_jitsi_meet_domain/parameter/default/channel-last-n b/type/__jitsi_meet_domain/parameter/default/channel-last-n similarity index 100% rename from type/__evilham_jitsi_meet_domain/parameter/default/channel-last-n rename to type/__jitsi_meet_domain/parameter/default/channel-last-n diff --git a/type/__evilham_jitsi_meet_domain/parameter/default/default-language b/type/__jitsi_meet_domain/parameter/default/default-language similarity index 100% rename from type/__evilham_jitsi_meet_domain/parameter/default/default-language rename to type/__jitsi_meet_domain/parameter/default/default-language diff --git a/type/__evilham_jitsi_meet_domain/parameter/default/notice-message b/type/__jitsi_meet_domain/parameter/default/notice-message similarity index 100% rename from type/__evilham_jitsi_meet_domain/parameter/default/notice-message rename to type/__jitsi_meet_domain/parameter/default/notice-message diff --git a/type/__evilham_jitsi_meet_domain/parameter/default/start-video-muted b/type/__jitsi_meet_domain/parameter/default/start-video-muted similarity index 100% rename from type/__evilham_jitsi_meet_domain/parameter/default/start-video-muted rename to type/__jitsi_meet_domain/parameter/default/start-video-muted diff --git a/type/__evilham_jitsi_meet_domain/parameter/default/turn-server b/type/__jitsi_meet_domain/parameter/default/turn-server similarity index 100% rename from type/__evilham_jitsi_meet_domain/parameter/default/turn-server rename to type/__jitsi_meet_domain/parameter/default/turn-server diff --git a/type/__evilham_jitsi_meet_domain/parameter/default/video-constraints b/type/__jitsi_meet_domain/parameter/default/video-constraints similarity index 100% rename from type/__evilham_jitsi_meet_domain/parameter/default/video-constraints rename to type/__jitsi_meet_domain/parameter/default/video-constraints diff --git a/type/__evilham_jitsi_meet_domain/parameter/optional b/type/__jitsi_meet_domain/parameter/optional similarity index 100% rename from type/__evilham_jitsi_meet_domain/parameter/optional rename to type/__jitsi_meet_domain/parameter/optional diff --git a/type/__evilham_jitsi_meet_domain/parameter/required b/type/__jitsi_meet_domain/parameter/required similarity index 100% rename from type/__evilham_jitsi_meet_domain/parameter/required rename to type/__jitsi_meet_domain/parameter/required From 367cbde75b81373d125ea128daaab5e1de8b38c1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Timoth=C3=A9e=20Floure?= Date: Mon, 11 Jan 2021 14:10:55 +0100 Subject: [PATCH 72/84] Import evilham's runit types as it --- type/__evilham_runit/explorer/runit-etc | 7 +++ type/__evilham_runit/explorer/svdir-exists | 7 +++ type/__evilham_runit/gencode-remote | 21 +++++++ type/__evilham_runit/man.rst | 46 +++++++++++++++ type/__evilham_runit/manifest | 10 ++++ type/__evilham_runit/singleton | 0 type/__evilham_runit_service/man.rst | 58 +++++++++++++++++++ type/__evilham_runit_service/manifest | 33 +++++++++++ .../__evilham_runit_service/parameter/boolean | 1 + .../parameter/required | 1 + 10 files changed, 184 insertions(+) create mode 100755 type/__evilham_runit/explorer/runit-etc create mode 100755 type/__evilham_runit/explorer/svdir-exists create mode 100755 type/__evilham_runit/gencode-remote create mode 100644 type/__evilham_runit/man.rst create mode 100755 type/__evilham_runit/manifest create mode 100644 type/__evilham_runit/singleton create mode 100644 type/__evilham_runit_service/man.rst create mode 100755 type/__evilham_runit_service/manifest create mode 100644 type/__evilham_runit_service/parameter/boolean create mode 100644 type/__evilham_runit_service/parameter/required diff --git a/type/__evilham_runit/explorer/runit-etc b/type/__evilham_runit/explorer/runit-etc new file mode 100755 index 0000000..4511621 --- /dev/null +++ b/type/__evilham_runit/explorer/runit-etc @@ -0,0 +1,7 @@ +#!/bin/sh -e + +runit_etc_dir="/etc/runit" + +if [ -d "${runit_etc_dir}" ]; then + echo "YES" +fi diff --git a/type/__evilham_runit/explorer/svdir-exists b/type/__evilham_runit/explorer/svdir-exists new file mode 100755 index 0000000..4eca3d4 --- /dev/null +++ b/type/__evilham_runit/explorer/svdir-exists @@ -0,0 +1,7 @@ +#!/bin/sh -e + +svdir="/var/service" + +if [ -d "${svdir}" ]; then + echo "YES" +fi diff --git a/type/__evilham_runit/gencode-remote b/type/__evilham_runit/gencode-remote new file mode 100755 index 0000000..fd2a3e0 --- /dev/null +++ b/type/__evilham_runit/gencode-remote @@ -0,0 +1,21 @@ +#!/bin/sh -e + +svdir="/var/service" +svdir_exists="$(cat "${__object}/explorer/svdir-exists")" +runit_etc="$(cat "${__object}/explorer/runit-etc")" + +if [ -z "${svdir_exists}" ]; then + echo "mkdir '${svdir}'" + sv_restart="YES" +fi +if [ -z "${runit_etc}" ]; then + echo "cp -R '/usr/local/etc/runit' '/etc/runit'" + sv_restart="YES" +fi +if grep -q "^__key_value/runsvdir_enable" "${__messages_in}"; then + sv_restart="YES" +fi + +if [ -n "${sv_restart}" ]; then + echo "service runsvdir restart || service runsvdir start" +fi diff --git a/type/__evilham_runit/man.rst b/type/__evilham_runit/man.rst new file mode 100644 index 0000000..bd1b80c --- /dev/null +++ b/type/__evilham_runit/man.rst @@ -0,0 +1,46 @@ +cdist-type__evilham_runit(7) +============================ + +NAME +---- +cdist-type__evilham_runit - Install and configure runit + + +DESCRIPTION +----------- +This is a singleton type. + +Install and configure runit, not as an init system, but as a service monitor. +It configures and if necessary starts runsvdir as documented for the +Operating System. + +This type currently heavily focuses on FreeBSD, support for other Operating +Systems can be achieved but no effort whatsoever has been put into it. + + +REQUIRED PARAMETERS +------------------- +None. + + +EXAMPLES +-------- + +.. code-block:: sh + + __evilham_runit + +SEE ALSO +-------- +:strong:`cdist-type__evilham_runit_service`\ (7) + +AUTHORS +------- +Evilham + +COPYING +------- +Copyright \(C) 2020 Evilham. You can redistribute it +and/or modify it under the terms of the GNU General Public License as +published by the Free Software Foundation, either version 3 of the +License, or (at your option) any later version. diff --git a/type/__evilham_runit/manifest b/type/__evilham_runit/manifest new file mode 100755 index 0000000..195a70e --- /dev/null +++ b/type/__evilham_runit/manifest @@ -0,0 +1,10 @@ +#!/bin/sh -e + +__package "runit" + +__key_value \ + --file "/etc/rc.conf" \ + --key "runsvdir_enable" \ + --delimiter "=" \ + --value "yes" \ + "runsvdir_enable" diff --git a/type/__evilham_runit/singleton b/type/__evilham_runit/singleton new file mode 100644 index 0000000..e69de29 diff --git a/type/__evilham_runit_service/man.rst b/type/__evilham_runit_service/man.rst new file mode 100644 index 0000000..98bbc35 --- /dev/null +++ b/type/__evilham_runit_service/man.rst @@ -0,0 +1,58 @@ +cdist-type__evilham_runit_service(7) +==================================== + +NAME +---- +cdist-type__evilham_runit_service - Create a runit-compatible service dir. + + +DESCRIPTION +----------- +Create a directory structure compatible with runit-like service management. + +Note that sv(8) and runsvdir(8) must be present on the target system, this can +be achieved with e.g. `__runit`. + +The `__object_id` will be used as the service name. + + +REQUIRED PARAMETERS +------------------- +source + File to save as /run. If set to '-', standard input will be used. + + +BOOLEAN PARAMETERS +------------------ +log + Setup logging with `svlogd -tt ./main`. + + +EXAMPLES +-------- + +.. code-block:: sh + + require="__evilham_runit" __evilham_runit_service tasksched \ + --source - << EOF + #!/bin/sh -e + cd "${HOME}/.local/share/tasksched" + exec ./server.js 2>&1 + EOF + + +SEE ALSO +-------- +:strong:`cdist-type__evilham_runit`\ (7) + + +AUTHORS +------- +Evilham + +COPYING +------- +Copyright \(C) 2020 Evilham. You can redistribute it +and/or modify it under the terms of the GNU General Public License as +published by the Free Software Foundation, either version 3 of the +License, or (at your option) any later version. diff --git a/type/__evilham_runit_service/manifest b/type/__evilham_runit_service/manifest new file mode 100755 index 0000000..29f3312 --- /dev/null +++ b/type/__evilham_runit_service/manifest @@ -0,0 +1,33 @@ +#!/bin/sh -e + +svdir="/var/service" +sv="${__object_id}" +state="present" +run_file="${svdir}/${sv}/run" + +source="$(cat "$__object/parameter/source")" +if [ "$source" = "-" ]; then + source="$__object/stdin" +fi + +# Create this service's directory +__directory --state "${state}" "${svdir}/${sv}" + +export require="__directory${svdir}/${sv}" + + +if [ -f "${__object}/parameter/log" ]; then + # Setup logger if requested + __directory --parents "${svdir}/${sv}/log/main" + export require="${require} __directory${svdir}/${sv}/log/main" + __file "${svdir}/${sv}/log/run" \ + --state "${state}" \ + --mode 0755 \ + --source "-" < Date: Mon, 11 Jan 2021 14:13:46 +0100 Subject: [PATCH 73/84] 'unbrand' evilham's runit types --- type/__jitsi_meet/manifest | 6 +++--- type/{__evilham_runit => __runit}/explorer/runit-etc | 0 type/{__evilham_runit => __runit}/explorer/svdir-exists | 0 type/{__evilham_runit => __runit}/gencode-remote | 0 type/{__evilham_runit => __runit}/man.rst | 8 ++++---- type/{__evilham_runit => __runit}/manifest | 0 type/{__evilham_runit => __runit}/singleton | 0 type/{__evilham_runit_service => __runit_service}/man.rst | 8 ++++---- .../{__evilham_runit_service => __runit_service}/manifest | 0 .../parameter/boolean | 0 .../parameter/required | 0 11 files changed, 11 insertions(+), 11 deletions(-) rename type/{__evilham_runit => __runit}/explorer/runit-etc (100%) rename type/{__evilham_runit => __runit}/explorer/svdir-exists (100%) rename type/{__evilham_runit => __runit}/gencode-remote (100%) rename type/{__evilham_runit => __runit}/man.rst (84%) rename type/{__evilham_runit => __runit}/manifest (100%) rename type/{__evilham_runit => __runit}/singleton (100%) rename type/{__evilham_runit_service => __runit_service}/man.rst (82%) rename type/{__evilham_runit_service => __runit_service}/manifest (100%) rename type/{__evilham_runit_service => __runit_service}/parameter/boolean (100%) rename type/{__evilham_runit_service => __runit_service}/parameter/required (100%) diff --git a/type/__jitsi_meet/manifest b/type/__jitsi_meet/manifest index 83d9dab..ec65883 100755 --- a/type/__jitsi_meet/manifest +++ b/type/__jitsi_meet/manifest @@ -145,8 +145,8 @@ PROMETHEUS_JITSI_EXPORTER_VERSION_FILE="/usr/local/bin/.prometheus-jitsi-meet-ex if [ ! -f "${__object}/parameter/disable-prometheus-exporter" ]; then case "${init}" in init|sysvinit) - __evilham_runit - require="__evilham_runit" __evilham_runit_service \ + __runit + require="__runit" __runit_service \ prometheus-jitsi-meet-exporter --log --source - <&1 EOF - export require="__evilham_runit_service/prometheus-jitsi-meet-exporter" + export require="__runit_service/prometheus-jitsi-meet-exporter" JITSI_MEET_EXPORTER_SERVICE="sv %s prometheus-jitsi-meet-exporter" ;; systemd) diff --git a/type/__evilham_runit/explorer/runit-etc b/type/__runit/explorer/runit-etc similarity index 100% rename from type/__evilham_runit/explorer/runit-etc rename to type/__runit/explorer/runit-etc diff --git a/type/__evilham_runit/explorer/svdir-exists b/type/__runit/explorer/svdir-exists similarity index 100% rename from type/__evilham_runit/explorer/svdir-exists rename to type/__runit/explorer/svdir-exists diff --git a/type/__evilham_runit/gencode-remote b/type/__runit/gencode-remote similarity index 100% rename from type/__evilham_runit/gencode-remote rename to type/__runit/gencode-remote diff --git a/type/__evilham_runit/man.rst b/type/__runit/man.rst similarity index 84% rename from type/__evilham_runit/man.rst rename to type/__runit/man.rst index bd1b80c..d58e143 100644 --- a/type/__evilham_runit/man.rst +++ b/type/__runit/man.rst @@ -1,9 +1,9 @@ -cdist-type__evilham_runit(7) +cdist-type__runit(7) ============================ NAME ---- -cdist-type__evilham_runit - Install and configure runit +cdist-type__runit - Install and configure runit DESCRIPTION @@ -28,11 +28,11 @@ EXAMPLES .. code-block:: sh - __evilham_runit + __runit SEE ALSO -------- -:strong:`cdist-type__evilham_runit_service`\ (7) +:strong:`cdist-type__runit_service`\ (7) AUTHORS ------- diff --git a/type/__evilham_runit/manifest b/type/__runit/manifest similarity index 100% rename from type/__evilham_runit/manifest rename to type/__runit/manifest diff --git a/type/__evilham_runit/singleton b/type/__runit/singleton similarity index 100% rename from type/__evilham_runit/singleton rename to type/__runit/singleton diff --git a/type/__evilham_runit_service/man.rst b/type/__runit_service/man.rst similarity index 82% rename from type/__evilham_runit_service/man.rst rename to type/__runit_service/man.rst index 98bbc35..7b1db84 100644 --- a/type/__evilham_runit_service/man.rst +++ b/type/__runit_service/man.rst @@ -1,9 +1,9 @@ -cdist-type__evilham_runit_service(7) +cdist-type__runit_service(7) ==================================== NAME ---- -cdist-type__evilham_runit_service - Create a runit-compatible service dir. +cdist-type__runit_service - Create a runit-compatible service dir. DESCRIPTION @@ -33,7 +33,7 @@ EXAMPLES .. code-block:: sh - require="__evilham_runit" __evilham_runit_service tasksched \ + require="__runit" __runit_service tasksched \ --source - << EOF #!/bin/sh -e cd "${HOME}/.local/share/tasksched" @@ -43,7 +43,7 @@ EXAMPLES SEE ALSO -------- -:strong:`cdist-type__evilham_runit`\ (7) +:strong:`cdist-type__runit`\ (7) AUTHORS diff --git a/type/__evilham_runit_service/manifest b/type/__runit_service/manifest similarity index 100% rename from type/__evilham_runit_service/manifest rename to type/__runit_service/manifest diff --git a/type/__evilham_runit_service/parameter/boolean b/type/__runit_service/parameter/boolean similarity index 100% rename from type/__evilham_runit_service/parameter/boolean rename to type/__runit_service/parameter/boolean diff --git a/type/__evilham_runit_service/parameter/required b/type/__runit_service/parameter/required similarity index 100% rename from type/__evilham_runit_service/parameter/required rename to type/__runit_service/parameter/required From 7cef989b1fb4c92e53c20768d65c5e8d4f3406eb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Timoth=C3=A9e=20Floure?= Date: Tue, 12 Jan 2021 07:14:24 +0100 Subject: [PATCH 74/84] Fix run-shellcheck.sh following 'conflict resolution' from gitlab web ui --- scripts/run-shellcheck.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/run-shellcheck.sh b/scripts/run-shellcheck.sh index fcca722..d6c2db6 100755 --- a/scripts/run-shellcheck.sh +++ b/scripts/run-shellcheck.sh @@ -17,7 +17,7 @@ check() { rm -f "${SHELLCHECKTMP}" check -path '*/explorer/*' -check -path '*/files/*' ! -name '*.awk' ! -name '*.py' +check -path '*/files/*' -name '*.sh' check -name manifest check -name gencode-local check -name gencode-remote From 0e4bc443e2a1dcf703174df6c885281a0a6a64d3 Mon Sep 17 00:00:00 2001 From: Joachim Desroches Date: Fri, 14 Aug 2020 11:43:41 +0200 Subject: [PATCH 75/84] Add a type for wikijs. --- type/__wikijs/files/config.yml.sh | 34 ++++++++++++++++++ type/__wikijs/files/wikijs-openrc | 10 ++++++ type/__wikijs/gencode-remote | 25 +++++++++++++ type/__wikijs/man.rst | 55 ++++++++++++++++++++++++++++ type/__wikijs/manifest | 60 +++++++++++++++++++++++++++++++ type/__wikijs/parameter/boolean | 1 + type/__wikijs/parameter/optional | 3 ++ type/__wikijs/parameter/required | 1 + type/__wikijs/singleton | 0 9 files changed, 189 insertions(+) create mode 100755 type/__wikijs/files/config.yml.sh create mode 100644 type/__wikijs/files/wikijs-openrc create mode 100644 type/__wikijs/gencode-remote create mode 100644 type/__wikijs/man.rst create mode 100644 type/__wikijs/manifest create mode 100644 type/__wikijs/parameter/boolean create mode 100644 type/__wikijs/parameter/optional create mode 100644 type/__wikijs/parameter/required create mode 100644 type/__wikijs/singleton diff --git a/type/__wikijs/files/config.yml.sh b/type/__wikijs/files/config.yml.sh new file mode 100755 index 0000000..6f9943f --- /dev/null +++ b/type/__wikijs/files/config.yml.sh @@ -0,0 +1,34 @@ +#!/bin/sh + +if [ $# -ne 1 ]; +then + echo "You have to give me the database password as an argument:" + echo "on some systems, anyone can read env(1)." + exit 1; +fi + +cat << EOF +port: 80 +db: + type: postgres + host: localhost + port: 5432 + user: ${DB_USER:?} + pass: $1 + db: ${DB_NAME:?} + ssl: false +ssl: + enabled: ${SSL} + port: 443 + provider: letsencrypt + domain: ${__target_host:?} + subscriberEmail: ${LE_EMAIL:?} +pool: + min: 2 + max: 10 +bindIP: 0.0.0.0 +logLevel: warn +offline: false +ha: false +dataPath: ./data +EOF diff --git a/type/__wikijs/files/wikijs-openrc b/type/__wikijs/files/wikijs-openrc new file mode 100644 index 0000000..e484647 --- /dev/null +++ b/type/__wikijs/files/wikijs-openrc @@ -0,0 +1,10 @@ +#!/sbin/openrc-run + +command='/usr/bin/node' +command_args='server' +command_background=true +description="Run wiki.js" +directory='/var/wiki' +error_log=/var/log/"$RC_SVCNAME".err +output_log=/var/log/"$RC_SVCNAME".log +pidfile="/run/$RC_SVCNAME.pid" diff --git a/type/__wikijs/gencode-remote b/type/__wikijs/gencode-remote new file mode 100644 index 0000000..2faf559 --- /dev/null +++ b/type/__wikijs/gencode-remote @@ -0,0 +1,25 @@ +#!/bin/sh + +# Check for installation +cat << EOF +if [ -f '/var/wiki/LICENSE' ]; +then + # Assume everything is done already. + exit 0; +fi +EOF + +# Download and copy source +cat << EOF +TMPDIR=\$(mktemp -d) +cd \$TMPDIR || exit 1 +wget https://github.com/Requarks/wiki/releases/download/2.4.107/wiki-js.tar.gz +tar xf wiki-js.tar.gz -C /var/wiki +EOF + +# Install deps and launch +cat << EOF +cd /var/wiki || exit 1 +npm install +service start wikijs +EOF diff --git a/type/__wikijs/man.rst b/type/__wikijs/man.rst new file mode 100644 index 0000000..6573b60 --- /dev/null +++ b/type/__wikijs/man.rst @@ -0,0 +1,55 @@ +cdist-type__wikijs(7) +======================== + +NAME +---- +cdist-type__wikijs - Deploy the wiki.js software. + +DESCRIPTION +----------- + +See wiki.js.org for more information. This type deploys with a postgresql +database, since it is the upstream recommended for production, and they seem to +strongly suggest that in thenext releases, they will not support anything else. + +Currently, this type servers wikijs as standalone, listening on ports 80 and +443, and with a service file for OpenRC. Feel free to contribute a +generalisation if you require one. + +REQUIRED PARAMETERS +------------------- + +database-password + The password to the PSQL database. + +OPTIONAL PARAMETERS +------------------- + +database + The name of the PSQL database to connect to. If omitted, then 'wikijs' is + used. + +database-user + The name of the PSQL database user to connec as. If omitted, then 'wikijs' is + used. + +letsencrypt-mail + If the SSL parameter is passed, then we setup wikijs to automatically obtain + certificates: this is the email used to sign up to a LE account. + +BOOLEAN PARAMETERS +------------------ + +ssl + Whether or not to enable the wikijs automatic obtention of LE certificates. + +AUTHORS +------- +Joachim Desroches + +COPYING +------- +Copyright \(C) 2020 Joachim Desroches. You can redistribute it +and/or modify it under the terms of the GNU General Public License as +published by the Free Software Foundation, either version 3 of the +License, or (at your option) any later version. diff --git a/type/__wikijs/manifest b/type/__wikijs/manifest new file mode 100644 index 0000000..7ee42ac --- /dev/null +++ b/type/__wikijs/manifest @@ -0,0 +1,60 @@ +#!/bin/sh + +os="$(cat "${__global:?}"/explorer/os)" + +case "$os" in + alpine) + : + ;; + *) + echo "This type has no implementation for $os. Aborting." >&2; + exit 1; +esac + +DB_USER=wikijs +if [ -f "${__object:?}/parameter/database-user" ]; +then + DB_USER="$(cat "${__object:?}/parameter/database-user")" +fi +export DB_USER + +DB_NAME=wikijs +if [ -f "${__object:?}/parameter/database" ]; +then + DB_NAME="$(cat "${__object:?}/parameter/database")" +fi +export DB_NAME + +SSL=false +if [ -f "${__object:?}/parameter/ssl" ]; +then + SSL=true +fi +export SSL + +if ! [ "$SSL" = "false" ]; +then + if [ -f "${__object:?}/parameter/letsencrypt-mail" ]; + then + LE_EMAIL="$(cat "${__object:?}/parameter/letsencrypt-mail")" + export LE_EMAIL + else + echo "You must specify an email account if you request SSL." + echo "Hit me." + exit 1 + fi +fi + +db_pass="$(cat "${__object:?}/parameter/database-password")" + +__package nodejs +__package nghttp2-dev # Required for some reason, else a symbol is missing +__package npm +__directory /var/wiki/ +__file /etc/init.d/wikijs --source "${__files:?}/files/wikijs-openrc" +require='__file/etc/init.d/wikijs' __start_on_boot wikijs + +mkdir -p "${__object:?}/files" +"${__type:?}/files/config.yml.sh" "$db_pass" > "${__object:?}/files/config.yml" +require='__directory/var/wiki' \ + __file /var/wiki/config.yml --source "${__object:?}/files/config.yml" diff --git a/type/__wikijs/parameter/boolean b/type/__wikijs/parameter/boolean new file mode 100644 index 0000000..a2647ce --- /dev/null +++ b/type/__wikijs/parameter/boolean @@ -0,0 +1 @@ +ssl diff --git a/type/__wikijs/parameter/optional b/type/__wikijs/parameter/optional new file mode 100644 index 0000000..9c309c9 --- /dev/null +++ b/type/__wikijs/parameter/optional @@ -0,0 +1,3 @@ +database +database-user +letsencrypt-mail diff --git a/type/__wikijs/parameter/required b/type/__wikijs/parameter/required new file mode 100644 index 0000000..8a109a1 --- /dev/null +++ b/type/__wikijs/parameter/required @@ -0,0 +1 @@ +database-password diff --git a/type/__wikijs/singleton b/type/__wikijs/singleton new file mode 100644 index 0000000..e69de29 From ef748cf8e248f4f3f4eed88e433fc34ab24b0cb5 Mon Sep 17 00:00:00 2001 From: Joachim Desroches Date: Fri, 14 Aug 2020 13:02:17 +0200 Subject: [PATCH 76/84] Fix typo and drop use of useless tempdir. --- type/__wikijs/gencode-remote | 5 +---- type/__wikijs/man.rst | 2 +- 2 files changed, 2 insertions(+), 5 deletions(-) diff --git a/type/__wikijs/gencode-remote b/type/__wikijs/gencode-remote index 2faf559..66d7df7 100644 --- a/type/__wikijs/gencode-remote +++ b/type/__wikijs/gencode-remote @@ -11,10 +11,7 @@ EOF # Download and copy source cat << EOF -TMPDIR=\$(mktemp -d) -cd \$TMPDIR || exit 1 -wget https://github.com/Requarks/wiki/releases/download/2.4.107/wiki-js.tar.gz -tar xf wiki-js.tar.gz -C /var/wiki +wget -O - https://github.com/Requarks/wiki/releases/download/2.4.107/wiki-js.tar.gz | tar xz -C /var/wiki EOF # Install deps and launch diff --git a/type/__wikijs/man.rst b/type/__wikijs/man.rst index 6573b60..50dcd1d 100644 --- a/type/__wikijs/man.rst +++ b/type/__wikijs/man.rst @@ -10,7 +10,7 @@ DESCRIPTION See wiki.js.org for more information. This type deploys with a postgresql database, since it is the upstream recommended for production, and they seem to -strongly suggest that in thenext releases, they will not support anything else. +strongly suggest that in the next releases, they will not support anything else. Currently, this type servers wikijs as standalone, listening on ports 80 and 443, and with a service file for OpenRC. Feel free to contribute a From 647833580df813bdd105a7e0c28ca1d004ded668 Mon Sep 17 00:00:00 2001 From: Joachim Desroches Date: Fri, 14 Aug 2020 13:46:05 +0200 Subject: [PATCH 77/84] Split out service management from the installation type. --- type/__wikijs/gencode-remote | 1 - type/__wikijs/manifest | 5 +++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/type/__wikijs/gencode-remote b/type/__wikijs/gencode-remote index 66d7df7..a45ac22 100644 --- a/type/__wikijs/gencode-remote +++ b/type/__wikijs/gencode-remote @@ -18,5 +18,4 @@ EOF cat << EOF cd /var/wiki || exit 1 npm install -service start wikijs EOF diff --git a/type/__wikijs/manifest b/type/__wikijs/manifest index 7ee42ac..2e3e96c 100644 --- a/type/__wikijs/manifest +++ b/type/__wikijs/manifest @@ -48,11 +48,12 @@ fi db_pass="$(cat "${__object:?}/parameter/database-password")" __package nodejs -__package nghttp2-dev # Required for some reason, else a symbol is missing __package npm __directory /var/wiki/ + +# These things are Alpine-dependant. __file /etc/init.d/wikijs --source "${__files:?}/files/wikijs-openrc" -require='__file/etc/init.d/wikijs' __start_on_boot wikijs +__package nghttp2-dev # Required for some reason, else a symbol is missing mkdir -p "${__object:?}/files" "${__type:?}/files/config.yml.sh" "$db_pass" > "${__object:?}/files/config.yml" From 7122fe1bee6977794bb5e9cc5d2eb8c4f0380067 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Timoth=C3=A9e=20Floure?= Date: Tue, 12 Jan 2021 07:57:34 +0100 Subject: [PATCH 78/84] __wikijs: add version management and HTTP(S) port configuration --- type/__wikijs/files/config.yml.sh | 26 ++++++++++++++++------ type/__wikijs/gencode-remote | 14 ++++++++++-- type/__wikijs/man.rst | 9 ++++++++ type/__wikijs/manifest | 8 +++++-- type/__wikijs/parameter/default/http-port | 1 + type/__wikijs/parameter/default/https-port | 1 + type/__wikijs/parameter/optional | 2 ++ type/__wikijs/parameter/required | 1 + 8 files changed, 51 insertions(+), 11 deletions(-) mode change 100644 => 100755 type/__wikijs/gencode-remote create mode 100644 type/__wikijs/parameter/default/http-port create mode 100644 type/__wikijs/parameter/default/https-port diff --git a/type/__wikijs/files/config.yml.sh b/type/__wikijs/files/config.yml.sh index 6f9943f..b66687a 100755 --- a/type/__wikijs/files/config.yml.sh +++ b/type/__wikijs/files/config.yml.sh @@ -7,8 +7,25 @@ then exit 1; fi +generate_ssl_section () { + + cat << EOF +ssl: + enabled: ${SSL} +EOF + +if [ "$SSL" = "true" ]; then + cat << EOF + port: $HTTPS_PORT + provider: letsencrypt + domain: ${__target_host:?} + subscriberEmail: ${LE_EMAIL:?} +EOF + fi +} + cat << EOF -port: 80 +port: $HTTP_PORT db: type: postgres host: localhost @@ -17,12 +34,7 @@ db: pass: $1 db: ${DB_NAME:?} ssl: false -ssl: - enabled: ${SSL} - port: 443 - provider: letsencrypt - domain: ${__target_host:?} - subscriberEmail: ${LE_EMAIL:?} +$(generate_ssl_section) pool: min: 2 max: 10 diff --git a/type/__wikijs/gencode-remote b/type/__wikijs/gencode-remote old mode 100644 new mode 100755 index a45ac22..81055e2 --- a/type/__wikijs/gencode-remote +++ b/type/__wikijs/gencode-remote @@ -1,17 +1,22 @@ #!/bin/sh +VERSION_FILE=/var/wiki/version +version=$(cat "${__object:?}/parameter/version") + # Check for installation cat << EOF -if [ -f '/var/wiki/LICENSE' ]; +if [ -f $VERSION_FILE ] && [ "\$(cat $VERSION_FILE)" = "$version" ]; then # Assume everything is done already. exit 0; +else + echo "$version" > $VERSION_FILE fi EOF # Download and copy source cat << EOF -wget -O - https://github.com/Requarks/wiki/releases/download/2.4.107/wiki-js.tar.gz | tar xz -C /var/wiki +wget -O - https://github.com/Requarks/wiki/releases/download/$version/wiki-js.tar.gz | tar xz -C /var/wiki EOF # Install deps and launch @@ -19,3 +24,8 @@ cat << EOF cd /var/wiki || exit 1 npm install EOF + +# Restart service. +cat << EOF +service wikijs restart +EOF diff --git a/type/__wikijs/man.rst b/type/__wikijs/man.rst index 50dcd1d..b259c90 100644 --- a/type/__wikijs/man.rst +++ b/type/__wikijs/man.rst @@ -22,6 +22,9 @@ REQUIRED PARAMETERS database-password The password to the PSQL database. +version + 'wikijs' version to be deployed. + OPTIONAL PARAMETERS ------------------- @@ -37,6 +40,12 @@ letsencrypt-mail If the SSL parameter is passed, then we setup wikijs to automatically obtain certificates: this is the email used to sign up to a LE account. +http-port + Specify HTTP port, defaults to 80. + +http-port + Specify HTTPS port, defaults to 443. Only relevant if the SSL flag is enabled. + BOOLEAN PARAMETERS ------------------ diff --git a/type/__wikijs/manifest b/type/__wikijs/manifest index 2e3e96c..04a21af 100644 --- a/type/__wikijs/manifest +++ b/type/__wikijs/manifest @@ -32,7 +32,7 @@ then fi export SSL -if ! [ "$SSL" = "false" ]; +if [ "$SSL" = "true" ]; then if [ -f "${__object:?}/parameter/letsencrypt-mail" ]; then @@ -45,6 +45,10 @@ then fi fi +HTTP_PORT=$(cat "${__object:?}/parameter/http-port") +HTTPS_PORT=$(cat "${__object:?}/parameter/https-port") +export HTTP_PORT HTTPS_PORT + db_pass="$(cat "${__object:?}/parameter/database-password")" __package nodejs @@ -52,7 +56,7 @@ __package npm __directory /var/wiki/ # These things are Alpine-dependant. -__file /etc/init.d/wikijs --source "${__files:?}/files/wikijs-openrc" +__file /etc/init.d/wikijs --source "${__type:?}/files/wikijs-openrc" __package nghttp2-dev # Required for some reason, else a symbol is missing mkdir -p "${__object:?}/files" diff --git a/type/__wikijs/parameter/default/http-port b/type/__wikijs/parameter/default/http-port new file mode 100644 index 0000000..d15a2cc --- /dev/null +++ b/type/__wikijs/parameter/default/http-port @@ -0,0 +1 @@ +80 diff --git a/type/__wikijs/parameter/default/https-port b/type/__wikijs/parameter/default/https-port new file mode 100644 index 0000000..6a13cf6 --- /dev/null +++ b/type/__wikijs/parameter/default/https-port @@ -0,0 +1 @@ +443 diff --git a/type/__wikijs/parameter/optional b/type/__wikijs/parameter/optional index 9c309c9..be19c92 100644 --- a/type/__wikijs/parameter/optional +++ b/type/__wikijs/parameter/optional @@ -1,3 +1,5 @@ database database-user letsencrypt-mail +http-port +https-port diff --git a/type/__wikijs/parameter/required b/type/__wikijs/parameter/required index 8a109a1..ae542bc 100644 --- a/type/__wikijs/parameter/required +++ b/type/__wikijs/parameter/required @@ -1 +1,2 @@ database-password +version From 8929c566fcc0493ee50ca18974ea5488aa2f196b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Timoth=C3=A9e=20Floure?= Date: Tue, 12 Jan 2021 08:33:50 +0100 Subject: [PATCH 79/84] __wikijs: remove uneeded npm install call See https://github.com/Requarks/wiki/issues/1325. --- type/__wikijs/gencode-remote | 5 ----- type/__wikijs/manifest | 1 - 2 files changed, 6 deletions(-) diff --git a/type/__wikijs/gencode-remote b/type/__wikijs/gencode-remote index 81055e2..37c7df7 100755 --- a/type/__wikijs/gencode-remote +++ b/type/__wikijs/gencode-remote @@ -22,10 +22,5 @@ EOF # Install deps and launch cat << EOF cd /var/wiki || exit 1 -npm install -EOF - -# Restart service. -cat << EOF service wikijs restart EOF diff --git a/type/__wikijs/manifest b/type/__wikijs/manifest index 04a21af..b047223 100644 --- a/type/__wikijs/manifest +++ b/type/__wikijs/manifest @@ -52,7 +52,6 @@ export HTTP_PORT HTTPS_PORT db_pass="$(cat "${__object:?}/parameter/database-password")" __package nodejs -__package npm __directory /var/wiki/ # These things are Alpine-dependant. From a1620e8221738d30eb1f15230f5e8e093b493f8b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Timoth=C3=A9e=20Floure?= Date: Tue, 12 Jan 2021 16:32:29 +0100 Subject: [PATCH 80/84] __jitsi_meet: remove forgotten/invalid requirement --- type/__jitsi_meet/manifest | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/type/__jitsi_meet/manifest b/type/__jitsi_meet/manifest index ec65883..f5fbe8c 100755 --- a/type/__jitsi_meet/manifest +++ b/type/__jitsi_meet/manifest @@ -33,7 +33,7 @@ require="__package/gnupg2" __apt_key_uri jitsi_meet \ --uri https://download.jitsi.org/jitsi-key.gpg.key \ --state present ## Now the repositories (they are a tad weird, so distribution is 'stable/') -require="__ufw __apt_key_uri/jitsi_meet" __apt_source jitsi_meet \ +require="__apt_key_uri/jitsi_meet" __apt_source jitsi_meet \ --uri 'https://download.jitsi.org' \ --distribution 'stable/' \ --state present From 87d4c33e26b2b8fa67da0dcbc01a9f70f5e9c705 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Timoth=C3=A9e=20Floure?= Date: Wed, 13 Jan 2021 08:54:28 +0100 Subject: [PATCH 81/84] Make shellcheck happy with the __jitsi_* types --- type/__jitsi_meet/manifest | 6 +++--- type/__jitsi_meet_domain/manifest | 2 ++ 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/type/__jitsi_meet/manifest b/type/__jitsi_meet/manifest index f5fbe8c..d4d16dc 100755 --- a/type/__jitsi_meet/manifest +++ b/type/__jitsi_meet/manifest @@ -43,6 +43,7 @@ require="__apt_source/jitsi_meet" __apt_update_index export require="${require} __apt_source/jitsi_meet __apt_update_index" # Pre-feed debconf settings, so Jitsi's installation has a good config +# shellcheck source=type/__jitsi_meet/files/debconf_settings.sh . "${__type}/files/debconf_settings.sh" # This defines DEBCONF_SETTINGS __debconf_set_selections jitsi_meet --file - < Date: Sun, 24 Jan 2021 09:25:02 +0100 Subject: [PATCH 82/84] __matrix_element: fix download tarball name All releases after 1.7.14 have a diffrent tarball name than releases before this. This finally takes over the new name. The version comparement function was taken from __sensible_editor, to provide backward compatibility to older versions (if someone needs it). Maybe this logic can be removed in a while .. --- type/__matrix_element/gencode-remote | 28 +++++++++++++++++++++++++++- 1 file changed, 27 insertions(+), 1 deletion(-) diff --git a/type/__matrix_element/gencode-remote b/type/__matrix_element/gencode-remote index e643976..ff3bbaa 100755 --- a/type/__matrix_element/gencode-remote +++ b/type/__matrix_element/gencode-remote @@ -18,11 +18,37 @@ # along with cdist. If not, see . # +# Function to compare version strings. Returns success (0) if the version +# given by stdin is higher than the version provided by the argument. +# +# Taken from the cdist core type __sensible_editor. +version_ge() { + awk -F '[^0-9.]' -v target="${1:?}" ' + function max(x, y) { return x > y ? x : y; } + BEGIN { + getline; + nx = split($1, x, "."); + ny = split(target, y, "."); + for (i = 1; i <= max(nx, ny); ++i) { + diff = int(x[i]) - int(y[i]); + if (diff < 0) exit 1; + else if (diff > 0) exit 0; + else continue; + } + }' +} + + VERSION=$(cat "$__object/parameter/version") INSTALL_DIR=$(cat "$__object/parameter/install_dir") OWNER=$(cat "$__object/parameter/owner") -src="riot-v$VERSION" +# tarball name changed due to application renaming +if echo "$VERSION" | version_ge 1.7.14; then + src="element-v$VERSION" +else + src="riot-v$VERSION" +fi archive="$src.tar.gz" url="https://github.com/vector-im/riot-web/releases/download/v$VERSION/$archive" From 8aee2ec76d8d9734df77a8b5f27391f29ef7643a Mon Sep 17 00:00:00 2001 From: Matthias Stecher Date: Mon, 7 Mar 2022 15:27:26 +0100 Subject: [PATCH 83/84] __netbox: pass handling of requirements.txt to pip3 Previous handling passed a list of pip packages from the requirements.txt via xargs to the pip install directly. This is error-prone, as shown with the major 3 Netbox release. This type breaks cause of comments inside of it. This commit fixes it, while keeping the compatibility to install gnuicorn separate. --- type/__netbox/gencode-remote | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/type/__netbox/gencode-remote b/type/__netbox/gencode-remote index 5d4b7be..2206b03 100755 --- a/type/__netbox/gencode-remote +++ b/type/__netbox/gencode-remote @@ -51,7 +51,9 @@ fi # Install python dependencies. # avoid gunicorn, because it will be done in an other type grep -v "^gunicorn==" "\$tmpdir/$src/requirements.txt" \ - | xargs /opt/netbox/venv/bin/pip3 install -q + > "\$tmpdir/$src/requirements.txt.new" +/opt/netbox/venv/bin/pip3 install -q -r "\$tmpdir/$src/requirements.txt.new" + EOF if [ -f "$__object/parameter/ldap-server" ]; then From dfaeab2cf5a0d64640e67cdbbc8b26e490a52f72 Mon Sep 17 00:00:00 2001 From: Matthias Stecher Date: Mon, 7 Mar 2022 15:36:13 +0100 Subject: [PATCH 84/84] __netbox: add manpage warning for "big version jumps" As getting myself into trouble while upgrading from 2.10 to 3.1 cause of an migration break which allowing upgrades only from 2.11, I've add this warning or notice to be a bit more aware of this. --- type/__netbox/man.rst | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/type/__netbox/man.rst b/type/__netbox/man.rst index 135304c..1d05b12 100644 --- a/type/__netbox/man.rst +++ b/type/__netbox/man.rst @@ -31,6 +31,12 @@ version on GitHub at the NetBox project page under "`Releases `_". + Too big version jumps can break the NetBox migration path. It's good + practise to don't skip major versions and common that you must upgrade to + the latest minor inside the current major version till you can upgrade to + the next major version. Diffrent version steps must be done manually as + this type only upgrades to the given version directly. + database PostgreSQL database name.