diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 81db798..dba7864 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -1,29 +1,14 @@ stages: - test - - doc -image: code.ungleich.ch:5050/ungleich-public/cdist-contrib/ci-container:latest +image: code.ungleich.ch:5050/ungleich-public/cdist/cdist-ci:latest shellcheck: stage: test script: - - make lint + - ./scripts/run-shellcheck.sh manpages: stage: test script: - - make check-manpages - -docs: - stage: doc - only: - - master - before_script: - - eval $(ssh-agent -s) - - echo "$CD_SSH_PRIVATE_KEY" | tr -d '\r' | ssh-add - > /dev/null - - mkdir -p ~/.ssh - - echo "$CD_SSH_SERVER_HOSTKEYS" > ~/.ssh/known_hosts - - chmod 644 ~/.ssh/known_hosts - script: - - make html - - sftp fnux@staticwebhosting.ungleich.ch:public_html/cdist-contrib <<< "put -r docs/dist/html/*" + - ./scripts/run-manpage-checks.sh diff --git a/CHANGELOG.md b/CHANGELOG.md new file mode 100644 index 0000000..d2ebad0 --- /dev/null +++ b/CHANGELOG.md @@ -0,0 +1,3 @@ +# cdist-contrib changes + +* 2020-04-28: New type: __find_exec (Ander Punnar) diff --git a/Makefile b/Makefile deleted file mode 100644 index 1a0cfb3..0000000 --- a/Makefile +++ /dev/null @@ -1,70 +0,0 @@ -.PHONY: help -help: - @echo "Please use \`make ' where is one of" - @echo "man build only man user documentation" - @echo "html build only html user documentation" - @echo "docs build both man and html user documentation" - @echo "check-manpages check for manpage in types" - @echo "lint run shellcheck on types" - @echo "check run both type manpage checks and linting" - @echo "clean clean" - -DOCS_SRC_DIR=./docs/src -TYPEDIR=./type - -SPHINXM=make -C $(DOCS_SRC_DIR) man -SPHINXH=make -C $(DOCS_SRC_DIR) html -SPHINXC=make -C $(DOCS_SRC_DIR) clean - -################################################################################ -# Manpages -# -MAN7DSTDIR=$(DOCS_SRC_DIR)/man7 - -# Use shell / ls to get complete list - $(TYPEDIR)/*/man.rst does not work -# Using ls does not work if no file with given pattern exist, so use wildcard -MANTYPESRC=$(wildcard $(TYPEDIR)/*/man.rst) -MANTYPEPREFIX=$(subst $(TYPEDIR)/,$(MAN7DSTDIR)/cdist-type,$(MANTYPESRC)) -MANTYPES=$(subst /man.rst,.rst,$(MANTYPEPREFIX)) - -# Link manpage: do not create man.html but correct named file -$(MAN7DSTDIR)/cdist-type%.rst: $(TYPEDIR)/%/man.rst - mkdir -p $(MAN7DSTDIR) - ln -sf "../../../$^" $@ - -DOCSINDEX=$(MAN7DSTDIR)/index.rst -DOCSINDEXH=$(DOCS_SRC_DIR)/index.rst.sh - -$(DOCSINDEX): $(DOCSINDEXH) - $(DOCSINDEXH) - -# Manpages: .cdist Types -DOT_CDIST_PATH=${HOME}/.cdist -DOTMAN7DSTDIR=$(MAN7DSTDIR) -DOTTYPEDIR=$(DOT_CDIST_PATH)/type - -# Link manpage: do not create man.html but correct named file -$(DOTMAN7DSTDIR)/cdist-type%.rst: $(DOTTYPEDIR)/%/man.rst - ln -sf "$^" $@ - -man: $(MANTYPES) $(DOCSINDEX) - $(SPHINXM) - -html: $(MANTYPES) $(DOCSINDEX) - $(SPHINXH) - -docs: man html - -check-manpages: - ./scripts/run-manpage-checks.sh - -lint: - ./scripts/run-shellcheck.sh - -check: check-manpages lint - -clean: - $(SPHINXC) - rm -f docs/src/index.rst - rm -rf docs/src/man7/ - rm -rf docs/src/__pycache__/ diff --git a/README.md b/README.md index 28f54db..ef4b2c3 100644 --- a/README.md +++ b/README.md @@ -5,9 +5,8 @@ tool with community-maitained types which are either too specific to fit/be maintained in cdist itself or were not accepted in code cdist but could still be useful. -This project does not have releases and is continously updated: see git history -for change log. You will find HTML documentation at -[contrib.cdi.st](https://contrib.cdi.st). +This project does not have releases and is continously updated: see +`CHANGELOG.md` for details. ## Using cdist-contrib @@ -33,11 +32,14 @@ And you would run [cdist][cdist] from the same directory as follows: ## Participating in the [cdist][cdist] community -Join us on [#cdist:ungleich.ch][cdistmatrix] on matrix! +Join us on [#cdist:ungleich.ch][cdistmatrix] on matrix or on +[#cdist over mattermost][cdistmattermost]. + [cdist]: https://www.cdi.st/ [cdistconfig]: https://www.cdi.st/manual/latest/cdist-configuration.html [cdistmatrix]: https://matrix.to/#/#cdist:ungleich.ch +[cdistmattermost]: https://chat.ungleich.ch/ungleich/channels/cdist ## Contributing @@ -51,11 +53,3 @@ Every type in cdist-contrib must: * Have a `man.rst` documentation page. * Pass [shellcheck](http://shellcheck.net/) without errors. - -## Other resources - -Some people/organizations are known to keep some cdist types that might be of -interest to others: - -* [cdist-evilham](https://git.sr.ht/~evilham/cdist-evilham): Evilham's cdist-types -* [cdist-recycledcloud](https://code.recycled.cloud/e-Durable/cdist-recycledcloud): e-Durable SA / Recycled Cloud public types diff --git a/docs/src/Makefile b/docs/src/Makefile deleted file mode 100644 index 2e9d6ce..0000000 --- a/docs/src/Makefile +++ /dev/null @@ -1,235 +0,0 @@ -# Makefile for Sphinx documentation -# - -# You can set these variables from the command line. -SPHINXOPTS ?= -SPHINXBUILD ?= sphinx-build -PAPER ?= -BUILDDIR ?= ../dist -# for cache, etc. -_BUILDDIR = _build - -# User-friendly check for sphinx-build -ifeq ($(shell which $(SPHINXBUILD) >/dev/null 2>&1; echo $$?), 1) - $(error The '$(SPHINXBUILD)' command was not found. Make sure you have Sphinx installed, then set the SPHINXBUILD environment variable to point to the full path of the '$(SPHINXBUILD)' executable. Alternatively you can add the directory with the executable to your PATH. If you don\'t have Sphinx installed, grab it from http://sphinx-doc.org/) -endif - -# Internal variables. -PAPEROPT_a4 = -D latex_paper_size=a4 -PAPEROPT_letter = -D latex_paper_size=letter -ALLSPHINXOPTS = -d $(_BUILDDIR)/doctrees $(PAPEROPT_$(PAPER)) $(SPHINXOPTS) . -# the i18n builder cannot share the environment and doctrees with the others -I18NSPHINXOPTS = $(PAPEROPT_$(PAPER)) $(SPHINXOPTS) . - -.PHONY: help -help: - @echo "Please use \`make ' where is one of" - @echo " html to make standalone HTML files" - @echo " dirhtml to make HTML files named index.html in directories" - @echo " singlehtml to make a single large HTML file" - @echo " pickle to make pickle files" - @echo " json to make JSON files" - @echo " htmlhelp to make HTML files and a HTML help project" - @echo " qthelp to make HTML files and a qthelp project" - @echo " applehelp to make an Apple Help Book" - @echo " devhelp to make HTML files and a Devhelp project" - @echo " epub to make an epub" - @echo " epub3 to make an epub3" - @echo " latex to make LaTeX files, you can set PAPER=a4 or PAPER=letter" - @echo " latexpdf to make LaTeX files and run them through pdflatex" - @echo " latexpdfja to make LaTeX files and run them through platex/dvipdfmx" - @echo " text to make text files" - @echo " man to make manual pages" - @echo " texinfo to make Texinfo files" - @echo " info to make Texinfo files and run them through makeinfo" - @echo " gettext to make PO message catalogs" - @echo " changes to make an overview of all changed/added/deprecated items" - @echo " xml to make Docutils-native XML files" - @echo " pseudoxml to make pseudoxml-XML files for display purposes" - @echo " linkcheck to check all external links for integrity" - @echo " doctest to run all doctests embedded in the documentation (if enabled)" - @echo " coverage to run coverage check of the documentation (if enabled)" - @echo " dummy to check syntax errors of document sources" - -.PHONY: clean -clean: - rm -rf $(BUILDDIR)/* - rm -rf $(_BUILDDIR)/* - -.PHONY: html -html: - $(SPHINXBUILD) -b html $(ALLSPHINXOPTS) $(BUILDDIR)/html - @echo - @echo "Build finished. The HTML pages are in $(BUILDDIR)/html." - -.PHONY: dirhtml -dirhtml: - $(SPHINXBUILD) -b dirhtml $(ALLSPHINXOPTS) $(BUILDDIR)/dirhtml - @echo - @echo "Build finished. The HTML pages are in $(BUILDDIR)/dirhtml." - -.PHONY: singlehtml -singlehtml: - $(SPHINXBUILD) -b singlehtml $(ALLSPHINXOPTS) $(BUILDDIR)/singlehtml - @echo - @echo "Build finished. The HTML page is in $(BUILDDIR)/singlehtml." - -.PHONY: pickle -pickle: - $(SPHINXBUILD) -b pickle $(ALLSPHINXOPTS) $(BUILDDIR)/pickle - @echo - @echo "Build finished; now you can process the pickle files." - -.PHONY: json -json: - $(SPHINXBUILD) -b json $(ALLSPHINXOPTS) $(BUILDDIR)/json - @echo - @echo "Build finished; now you can process the JSON files." - -.PHONY: htmlhelp -htmlhelp: - $(SPHINXBUILD) -b htmlhelp $(ALLSPHINXOPTS) $(BUILDDIR)/htmlhelp - @echo - @echo "Build finished; now you can run HTML Help Workshop with the" \ - ".hhp project file in $(BUILDDIR)/htmlhelp." - -.PHONY: qthelp -qthelp: - $(SPHINXBUILD) -b qthelp $(ALLSPHINXOPTS) $(BUILDDIR)/qthelp - @echo - @echo "Build finished; now you can run "qcollectiongenerator" with the" \ - ".qhcp project file in $(BUILDDIR)/qthelp, like this:" - @echo "# qcollectiongenerator $(BUILDDIR)/qthelp/cdist-docs.qhcp" - @echo "To view the help file:" - @echo "# assistant -collectionFile $(BUILDDIR)/qthelp/cdist-docs.qhc" - -.PHONY: applehelp -applehelp: - $(SPHINXBUILD) -b applehelp $(ALLSPHINXOPTS) $(BUILDDIR)/applehelp - @echo - @echo "Build finished. The help book is in $(BUILDDIR)/applehelp." - @echo "N.B. You won't be able to view it unless you put it in" \ - "~/Library/Documentation/Help or install it in your application" \ - "bundle." - -.PHONY: devhelp -devhelp: - $(SPHINXBUILD) -b devhelp $(ALLSPHINXOPTS) $(BUILDDIR)/devhelp - @echo - @echo "Build finished." - @echo "To view the help file:" - @echo "# mkdir -p $$HOME/.local/share/devhelp/cdist-docs" - @echo "# ln -s $(BUILDDIR)/devhelp $$HOME/.local/share/devhelp/cdist-docs" - @echo "# devhelp" - -.PHONY: epub -epub: - $(SPHINXBUILD) -b epub $(ALLSPHINXOPTS) $(BUILDDIR)/epub - @echo - @echo "Build finished. The epub file is in $(BUILDDIR)/epub." - -.PHONY: epub3 -epub3: - $(SPHINXBUILD) -b epub3 $(ALLSPHINXOPTS) $(BUILDDIR)/epub3 - @echo - @echo "Build finished. The epub3 file is in $(BUILDDIR)/epub3." - -.PHONY: latex -latex: - $(SPHINXBUILD) -b latex $(ALLSPHINXOPTS) $(BUILDDIR)/latex - @echo - @echo "Build finished; the LaTeX files are in $(BUILDDIR)/latex." - @echo "Run \`make' in that directory to run these through (pdf)latex" \ - "(use \`make latexpdf' here to do that automatically)." - -.PHONY: latexpdf -latexpdf: - $(SPHINXBUILD) -b latex $(ALLSPHINXOPTS) $(BUILDDIR)/latex - @echo "Running LaTeX files through pdflatex..." - $(MAKE) -C $(BUILDDIR)/latex all-pdf - @echo "pdflatex finished; the PDF files are in $(BUILDDIR)/latex." - -.PHONY: latexpdfja -latexpdfja: - $(SPHINXBUILD) -b latex $(ALLSPHINXOPTS) $(BUILDDIR)/latex - @echo "Running LaTeX files through platex and dvipdfmx..." - $(MAKE) -C $(BUILDDIR)/latex all-pdf-ja - @echo "pdflatex finished; the PDF files are in $(BUILDDIR)/latex." - -.PHONY: text -text: - $(SPHINXBUILD) -b text $(ALLSPHINXOPTS) $(BUILDDIR)/text - @echo - @echo "Build finished. The text files are in $(BUILDDIR)/text." - -.PHONY: man -man: - $(SPHINXBUILD) -b cman $(ALLSPHINXOPTS) $(BUILDDIR)/man - mkdir -p $(BUILDDIR)/man/man7 - mv -f $(BUILDDIR)/man/*.7 $(BUILDDIR)/man/man7/ - @echo - @echo "Build finished. The manual pages are in $(BUILDDIR)/man." - -.PHONY: texinfo -texinfo: - $(SPHINXBUILD) -b texinfo $(ALLSPHINXOPTS) $(BUILDDIR)/texinfo - @echo - @echo "Build finished. The Texinfo files are in $(BUILDDIR)/texinfo." - @echo "Run \`make' in that directory to run these through makeinfo" \ - "(use \`make info' here to do that automatically)." - -.PHONY: info -info: - $(SPHINXBUILD) -b texinfo $(ALLSPHINXOPTS) $(BUILDDIR)/texinfo - @echo "Running Texinfo files through makeinfo..." - make -C $(BUILDDIR)/texinfo info - @echo "makeinfo finished; the Info files are in $(BUILDDIR)/texinfo." - -.PHONY: gettext -gettext: - $(SPHINXBUILD) -b gettext $(I18NSPHINXOPTS) $(BUILDDIR)/locale - @echo - @echo "Build finished. The message catalogs are in $(BUILDDIR)/locale." - -.PHONY: changes -changes: - $(SPHINXBUILD) -b changes $(ALLSPHINXOPTS) $(BUILDDIR)/changes - @echo - @echo "The overview file is in $(BUILDDIR)/changes." - -.PHONY: linkcheck -linkcheck: - $(SPHINXBUILD) -b linkcheck $(ALLSPHINXOPTS) $(BUILDDIR)/linkcheck - @echo - @echo "Link check complete; look for any errors in the above output " \ - "or in $(BUILDDIR)/linkcheck/output.txt." - -.PHONY: doctest -doctest: - $(SPHINXBUILD) -b doctest $(ALLSPHINXOPTS) $(BUILDDIR)/doctest - @echo "Testing of doctests in the sources finished, look at the " \ - "results in $(BUILDDIR)/doctest/output.txt." - -.PHONY: coverage -coverage: - $(SPHINXBUILD) -b coverage $(ALLSPHINXOPTS) $(BUILDDIR)/coverage - @echo "Testing of coverage in the sources finished, look at the " \ - "results in $(BUILDDIR)/coverage/python.txt." - -.PHONY: xml -xml: - $(SPHINXBUILD) -b xml $(ALLSPHINXOPTS) $(BUILDDIR)/xml - @echo - @echo "Build finished. The XML files are in $(BUILDDIR)/xml." - -.PHONY: pseudoxml -pseudoxml: - $(SPHINXBUILD) -b pseudoxml $(ALLSPHINXOPTS) $(BUILDDIR)/pseudoxml - @echo - @echo "Build finished. The pseudo-XML files are in $(BUILDDIR)/pseudoxml." - -.PHONY: dummy -dummy: - $(SPHINXBUILD) -b dummy $(ALLSPHINXOPTS) $(BUILDDIR)/dummy - @echo - @echo "Build finished. Dummy builder generates no files." diff --git a/docs/src/conf.py b/docs/src/conf.py deleted file mode 100644 index 19b2dfd..0000000 --- a/docs/src/conf.py +++ /dev/null @@ -1,101 +0,0 @@ -#!/usr/bin/env python3 - -import sys -import os -import sphinx_rtd_theme - -from datetime import date - -# If extensions (or modules to document with autodoc) are in another directory, -# add these directories to sys.path here. If the directory is relative to the -# documentation root, use os.path.abspath to make it absolute, like shown here. -# sys.path.insert(0, os.path.abspath('.')) -sys.path.insert(0, os.path.abspath(os.path.join( - os.path.dirname(os.path.realpath(__file__)), "..", ".."))) - -# -- General configuration ------------------------------------------------ - -# If your documentation needs a minimal Sphinx version, state it here. -# needs_sphinx = '1.0' - -# Add any Sphinx extension module names here, as strings. They can be -# extensions coming with Sphinx (named 'sphinx.ext.*') or your custom -# ones. -extensions = [ - 'docs.src.manpage', - 'sphinx.ext.extlinks', -] - -# The suffix(es) of source filenames. -# You can specify multiple suffix as a list of string: -source_suffix = ['.rst'] - -# The encoding of source files. -# source_encoding = 'utf-8-sig' - -# The master toctree document. -master_doc = 'index' - -# General information about the project. -project = 'cdist-contrib' -copyright = 'cdist-contrib contributors' - -# The version info for the project you're documenting, acts as replacement for -# |version| and |release|, also used in various other places throughout the -# built documents. - -version = str(date.today()) -release = os.popen('git rev-parse HEAD').read() - -# The language for content autogenerated by Sphinx. Refer to documentation -# for a list of supported languages. -# -# This is also used if you do content translation via gettext catalogs. -# Usually you set "language" from the command line for these cases. -language = None - -# The name of the Pygments (syntax highlighting) style to use. -pygments_style = 'sphinx' - -# If true, `todo` and `todoList` produce output, else they produce nothing. -todo_include_todos = False - -# -- Options for HTML output ---------------------------------------------- - -# The theme to use for HTML and HTML Help pages. See the documentation for -# a list of builtin themes. -html_theme = 'sphinx_rtd_theme' -html_theme_path = [sphinx_rtd_theme.get_html_theme_path()] - -# Output file base name for HTML help builder. -htmlhelp_basename = 'cdistcontribdoc' - -# -- Options for manual page output --------------------------------------- - -# One entry per manual page. List of tuples -# (source start file, name, description, authors, manual section). -root_mandir = os.path.dirname(os.path.realpath(__file__)) -mandirs = [] -for mansubdir in ('man7',): - mandirs.append((os.path.join(root_mandir, mansubdir), mansubdir[-1])) -man_pages = [] -for mandir, section in mandirs: - for root, dirs, files in os.walk(mandir): - for fname in files: - froot, fext = os.path.splitext(fname) - if fext == '.rst': - man_page = (os.path.join('man' + str(section), froot), - froot, '', [], section) - man_pages.append(man_page) - -# man_pages = [ -# ('cdist-type', 'cdist-type', 'cdist-type documentation', -# [author], 1), -# ('man7/cdist-type__file', 'cdist-type__file', -# '', [], 1), -# ('cdist-type__directory', 'cdist-type__directory', -# 'cdist-type__directory documentation', [author], 1), -# ] - -# If true, show URL addresses after external links. -# man_show_urls = False diff --git a/docs/src/index.rst.sh b/docs/src/index.rst.sh deleted file mode 100755 index babc1d9..0000000 --- a/docs/src/index.rst.sh +++ /dev/null @@ -1,40 +0,0 @@ -#!/bin/sh - -__cdist_pwd="$(pwd -P)" -__cdist_mydir="${0%/*}"; -__cdist_abs_mydir="$(cd "$__cdist_mydir" && pwd -P)" -__cdist_myname=${0##*/}; -__cdist_abs_myname="$__cdist_abs_mydir/$__cdist_myname" - -filename="${__cdist_myname%.sh}" -dest="$__cdist_abs_mydir/$filename" - -if ! command -v pandoc > /dev/null; then - echo "Pandoc is required to generate HTML index from README." >&2 - exit 1 -fi - -cd "$__cdist_abs_mydir" - -exec > "$dest" - -pandoc -f markdown -t rst ../../README.md - -cat << EOF - -.. toctree:: - :hidden: - -EOF - -# If there is no such file then ls prints error to stderr, -# so redirect stderr to /dev/null. -for type in $(ls man7/cdist-type__*.rst 2>/dev/null | LC_ALL=C sort); do - no_dir="${type#man7/}"; - no_type="${no_dir#cdist-type}"; - name="${no_type%.rst}"; - manref="${no_dir%.rst}" - man="${manref}(7)" - - echo " $name" "" -done diff --git a/docs/src/manpage.py b/docs/src/manpage.py deleted file mode 100644 index 1f8ac4f..0000000 --- a/docs/src/manpage.py +++ /dev/null @@ -1,87 +0,0 @@ -import sphinx.builders.manpage -import sphinx.writers.manpage -from docutils.frontend import OptionParser -from sphinx.util.console import bold, darkgreen -from six import string_types -from docutils.io import FileOutput -from os import path -from sphinx.util.nodes import inline_all_toctrees -from sphinx import addnodes -from sphinx.util import logging - -""" - Extension based on sphinx builtin manpage. - It does not write its own .SH NAME based on config, - but leaves everything to actual reStructuredText file content. -""" - - -logger = logging.getLogger(__name__) - - -class ManualPageTranslator(sphinx.writers.manpage.ManualPageTranslator): - - def header(self): - tmpl = (".TH \"%(title_upper)s\" \"%(manual_section)s\"" - " \"%(date)s\" \"%(version)s\" \"%(manual_group)s\"\n") - return tmpl % self._docinfo - - -class ManualPageWriter(sphinx.writers.manpage.ManualPageWriter): - - def __init__(self, builder): - super().__init__(builder) - self.translator_class = ( - self.builder.get_translator_class() or ManualPageTranslator) - - -class ManualPageBuilder(sphinx.builders.manpage.ManualPageBuilder): - - name = 'cman' - default_translator_class = ManualPageTranslator - - def write(self, *ignored): - docwriter = ManualPageWriter(self) - docsettings = OptionParser( - defaults=self.env.settings, - components=(docwriter,), - read_config_files=True).get_default_values() - - logger.info(bold('writing... '), nonl=True) - - for info in self.config.man_pages: - docname, name, description, authors, section = info - if isinstance(authors, string_types): - if authors: - authors = [authors] - else: - authors = [] - - targetname = '%s.%s' % (name, section) - logger.info(darkgreen(targetname) + ' { ', nonl=True) - destination = FileOutput( - destination_path=path.join(self.outdir, targetname), - encoding='utf-8') - - tree = self.env.get_doctree(docname) - docnames = set() - largetree = inline_all_toctrees(self, docnames, docname, tree, - darkgreen, [docname]) - logger.info('} ', nonl=True) - self.env.resolve_references(largetree, docname, self) - # remove pending_xref nodes - for pendingnode in largetree.traverse(addnodes.pending_xref): - pendingnode.replace_self(pendingnode.children) - - largetree.settings = docsettings - largetree.settings.title = name - largetree.settings.subtitle = description - largetree.settings.authors = authors - largetree.settings.section = section - - docwriter.write(largetree, destination) - logger.info("") - - -def setup(app): - app.add_builder(ManualPageBuilder) diff --git a/scripts/ci-container/Dockerfile b/scripts/ci-container/Dockerfile deleted file mode 100644 index 9900322..0000000 --- a/scripts/ci-container/Dockerfile +++ /dev/null @@ -1,7 +0,0 @@ -# This image is used in the cdist-contrib CI for linting and generating the -# documentation. -FROM fedora:latest -MAINTAINER Timothée Floure - -RUN dnf install -y git findutils make python3-sphinx python3-sphinx_rtd_theme \ - ShellCheck openssh-clients pandoc diff --git a/scripts/run-shellcheck.sh b/scripts/run-shellcheck.sh index d6c2db6..769f853 100755 --- a/scripts/run-shellcheck.sh +++ b/scripts/run-shellcheck.sh @@ -1,29 +1,21 @@ -#!/bin/sh -eu +#!/bin/sh -SHELLCHECKCMD='shellcheck -s sh -f gcc -x' +SHELLCHECKCMD="shellcheck -s sh -f gcc -x" # Skip SC2154 for variables starting with __ since such variables are cdist # environment variables. SHELLCHECK_SKIP=': __.*is referenced but not assigned.*\[SC2154\]' -SHELLCHECKTMP='.shellcheck.tmp' +SHELLCHECKTMP=".shellcheck.tmp" # Move to top-level cdist-contrib directory. -cd "$(dirname $0)"/.. +cd $(dirname $0)/.. -check() { - find type/ -type f "$@" -exec ${SHELLCHECKCMD} {} + \ - | grep -v "${SHELLCHECK_SKIP}" >>"${SHELLCHECKTMP}" || true +check () { + find type/ -type f $1 $2 -exec ${SHELLCHECKCMD} {} + | grep -v "${SHELLCHECK_SKIP}" > "${SHELLCHECKTMP}" + test ! -s "${SHELLCHECKTMP}" || { cat "${SHELLCHECKTMP}"; exit 1; } } -rm -f "${SHELLCHECKTMP}" - -check -path '*/explorer/*' -check -path '*/files/*' -name '*.sh' +check -path "*/explorer/*" +check -path "*/files/*" check -name manifest check -name gencode-local check -name gencode-remote - -if test -s "${SHELLCHECKTMP}" -then - cat "${SHELLCHECKTMP}" >&2 - exit 1 -fi diff --git a/type/__borg_repo/gencode-remote b/type/__borg_repo/gencode-remote deleted file mode 100644 index 542bf5f..0000000 --- a/type/__borg_repo/gencode-remote +++ /dev/null @@ -1,36 +0,0 @@ -#!/bin/sh - -passphrase= -appendonly= - -case "$(cat "${__object:?}/parameter/encryption")" in - none) - enc=none - ;; - repokey) - enc=repokey - if [ -f "${__object:?}/parameter/passphrase" ]; - then - passphrase="$(cat "${__object:?}/parameter/passphrase")" - else - echo "__borg_repo cannot use repokey encryption with no passphrase. Aborting." >&2; - exit 1; - fi - ;; - *) - echo "$enc is not a known encryption mode for __borg_repo. Aborting." >&2 - exit 1; -esac - -if [ -f "${__object:?}/parameter/append-only" ]; -then - appendonly='--append-only' -fi - -cat <<- EOF - if ! borg check --repository-only 1>&2 2>/dev/null "/${__object_id:?}"; - then - BORG_NEW_PASSPHRASE=$passphrase borg init -e ${enc:?} $appendonly /${__object_id:?} - fi -EOF - diff --git a/type/__borg_repo/man.rst b/type/__borg_repo/man.rst deleted file mode 100644 index 38ab0c9..0000000 --- a/type/__borg_repo/man.rst +++ /dev/null @@ -1,43 +0,0 @@ -cdist-type__borg_repo(7) -======================== - -NAME ----- -cdist-type__borg_repo - Configure a borg repository on host - - -DESCRIPTION ------------ - -Initializes a borg repository at the location specified in the -`${__object_id}`. Nothing is done if the repository already exists. - -Currently, only `none` and `repokey` are supported as encryption modes; -`repokey` requires the `passphrase` argument to be given. The default is -`none`. - -REQUIRED PARAMETERS -------------------- -encryption - The encryption to use. - -OPTIONAL PARAMETERS -------------------- -passphrase - The passphrase to encrypt the keyfile with. - -BOOLEAN PARAMETERS ------------------- -append-only - If the repository is append-only - -AUTHORS -------- -Joachim Desroches - -COPYING -------- -Copyright \(C) 2020 Joachim Desroches. You can redistribute it -and/or modify it under the terms of the GNU General Public License as -published by the Free Software Foundation, either version 3 of the -License, or (at your option) any later version. diff --git a/type/__borg_repo/manifest b/type/__borg_repo/manifest deleted file mode 100644 index fe18c9c..0000000 --- a/type/__borg_repo/manifest +++ /dev/null @@ -1,14 +0,0 @@ -#!/bin/sh - -os="$(cat "${__global:?}"/explorer/os)" - -case "$os" in - "alpine") - borg_package=borgbackup - ;; - *) - echo "__borg_repo is not yet implemented for os $os. Aborting." >&2; - exit 1; -esac - -__package "$borg_package" diff --git a/type/__borg_repo/parameter/boolean b/type/__borg_repo/parameter/boolean deleted file mode 100644 index f8ee7c6..0000000 --- a/type/__borg_repo/parameter/boolean +++ /dev/null @@ -1 +0,0 @@ -append-only diff --git a/type/__borg_repo/parameter/default/encryption b/type/__borg_repo/parameter/default/encryption deleted file mode 100644 index 621e94f..0000000 --- a/type/__borg_repo/parameter/default/encryption +++ /dev/null @@ -1 +0,0 @@ -none diff --git a/type/__borg_repo/parameter/optional b/type/__borg_repo/parameter/optional deleted file mode 100644 index f63b25b..0000000 --- a/type/__borg_repo/parameter/optional +++ /dev/null @@ -1 +0,0 @@ -passphrase diff --git a/type/__borg_repo/parameter/required b/type/__borg_repo/parameter/required deleted file mode 100644 index a5465f8..0000000 --- a/type/__borg_repo/parameter/required +++ /dev/null @@ -1 +0,0 @@ -encryption diff --git a/type/__dma/explorer/auth_conf b/type/__dma/explorer/auth_conf deleted file mode 100755 index cef0aca..0000000 --- a/type/__dma/explorer/auth_conf +++ /dev/null @@ -1,49 +0,0 @@ -#!/bin/sh -e -# -# 2020 Dennis Camera (dennis.camera at ssrq-sds-fds.ch) -# -# This file is part of cdist. -# -# cdist is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# cdist is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with cdist. If not, see . -# -# This explorer determines the path of dma's auth.conf file - -# No dma.conf -> use default -test -f /etc/dma/dma.conf || { - echo /etc/dma/auth.conf - exit 0 -} -test -r /etc/dma/dma.conf || { - echo 'Cannot read /etc/dma/dma.conf' >&2 - exit 1 -} - -# Get AUTHPATH from dma.conf -awk -F'[ \t]' ' -{ - sub(/#.*$/, "", $0) # remove comments - if (!$0) next # ignore empty lines -} -$1 == "AUTHPATH" { - # Store authpath. In dma conf parsing last wins. - if ($2) authpath = substr($0, index($0, " ") + 1) -} -END { - if (authpath) { - print authpath - exit 0 - } else exit 1 -} -' /etc/dma/dma.conf \ -|| echo /etc/dma/auth.conf # default diff --git a/type/__dma/explorer/conf b/type/__dma/explorer/conf deleted file mode 100755 index b4d6d26..0000000 --- a/type/__dma/explorer/conf +++ /dev/null @@ -1,34 +0,0 @@ -#!/bin/sh -e -# -# 2020 Dennis Camera (dennis.camera at ssrq-sds-fds.ch) -# -# This file is part of cdist. -# -# cdist is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# cdist is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with cdist. If not, see . -# -# This explorer returns a sorted list of "active" (= non-commented) lines -# in the dma.conf file. -# "Trailing" line comments are stripped off. -# -# NOTE: This explorer assumes that the sort(1) utility supports the non-POXIX -# -s (stable sort) option. - -CONF_PATH=/etc/dma # set in Makefile -dma_conf="${CONF_PATH:?}/dma.conf" - -test -f "${dma_conf}" || exit 0 - -grep -v -e '^[ \t]*#\|^$' "${dma_conf}" \ -| sed -e 's/[ \t]*#.*$//' \ -| sort -s -k 1,1 diff --git a/type/__dma/files/update_dma_conf.awk b/type/__dma/files/update_dma_conf.awk deleted file mode 100644 index 15ef7bf..0000000 --- a/type/__dma/files/update_dma_conf.awk +++ /dev/null @@ -1,178 +0,0 @@ -#!/usr/bin/awk -f -# -# 2020 Dennis Camera (dennis.camera at ssrq-sds-fds.ch) -# -# This file is part of cdist. -# -# cdist is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# cdist is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with cdist. If not, see . - -function comment_line(line) { - # returns the position in line at which the comment's text starts - # (0 if the line is not a comment) - match(line, /^[ \t]*\#+[ \t]*/) - return RSTART ? (RLENGTH + 1) : 0 -} -function empty_line(line) { return line ~ /^[ \t]*$/ } -function is_word(s) { return s ~ /^[A-Z_]+$/ } # "looks like a plausible word" - -function first(line, sep_re) { - # returns the part of the line until sep is found - # (or the whole line if sep is not found) - if (!sep_re) sep_re = "[" SUBSEP "]" - match(line, sep_re) - return RSTART ? substr(line, 1, RSTART - 1) : line -} - -function rest(line, sep_re) { - # returns the part of the line after the first occurrence of sep is found. - # (or nothing if sep is not found) - if (!sep_re) sep_re = "[" SUBSEP "]" - if (match(line, sep_re)) - return substr(line, RSTART + RLENGTH) -} - -function conf_pop(word, value) { - # returns the next value for the config `word` and delete it from the list. - # if value is set, this function will only return value if it is the first - # option in the list, otherwise it returns 0. - - if (!(word in conf)) return 0 - if (!value) { - if (index(conf[word], SUBSEP)) # more than one element? - value = substr(conf[word], 1, index(conf[word], SUBSEP) - 1) - else - value = conf[word] - } - - if (index(conf[word], SUBSEP)) { - if (index(conf[word], value SUBSEP) != 1) return 0 - conf[word] = substr(conf[word], length(value) + 2) - } else { - if (conf[word] != value) return 0 - delete conf[word] - } - return value -} - -function print_conf(word, value) { - # print a config line with the given parameters - printf "%s", word - if (value) printf " %s", value - printf "\n" -} - -function print_confs(word, value) { - # print config lines for all values stored in conf[word]. - if (!(word in conf)) return - if (conf[word]) { - while (value = conf_pop(word)) - print_conf(word, value) - } else { - print_conf(word) - delete conf[word] - } -} - -BEGIN { - FS = "\n" - EQS = "[ \t]" # copied from dma/conf.c - - if (ARGV[2]) exit (e=1) - - # Loop over file twice! - ARGV[2] = ARGV[1] - ARGC++ - - # read the "should" state into the `conf` array. - while (getline < "/dev/stdin") { - word = first($0, EQS) - if ((word in conf)) - conf[word] = conf[word] SUBSEP rest($0, EQS) - else - conf[word] = rest($0, EQS) - } -} - -# first pass, gather information about where which information is stored in the -# current config file. This information will be used in the second pass. -NR == FNR { - if (comment_line($0)) { - # comment line - word = first(substr($0, comment_line($0)), " ") - if (is_word(word)) last_occ["#" word] = FNR - } else { - word = first($0, EQS) - if (is_word(word)) last_occ[word] = FNR - } -} - -# before second pass prepare hashes containing location information to be used -# in the second pass. -NR > FNR && FNR == 1 { - # First we drop the locations of commented-out options if a non-commented - # option is available. If a non-commented option is available, we will - # append new config options there to have them all at one place. - for (k in last_occ) - if (k ~ /^\#/ && (substr(k, 2) in last_occ)) - delete last_occ[k] - - # Reverse the option => line mapping. The line_map allows for easier lookups - # in the second pass. - for (k in last_occ) line_map[last_occ[k]] = k -} - -# second pass, generate and output new config -NR > FNR { - if (comment_line($0) || empty_line($0)) { - # comment or empty line - print - - if ((FNR in line_map)) { - if (line_map[FNR] ~ /^\#/) { - # This line contains a commented config option. If the conf hash - # contains options to be set, we output them here because this - # option is not used in the current config. - k = substr(line_map[FNR], 2) - if ((k in conf)) print_confs(k) - } - - if (("INSECURE" in conf) && line_map[FNR] ~ /^\#?SECURE$/) { - # INSECURE goes where SECURE comment is. - print_confs("INSECURE") - } - } - } else { - word = first($0, EQS) - value = rest($0, EQS) - sub(/[ \t]*\#.*$/, "", value) # ignore comments in value - - if ((word in conf) && value == first(conf[word])) { - # keep config options we want - conf_pop(word) - print - } - - if ((FNR in line_map) && line_map[FNR] == word) { - # rest of config options should be here - print_confs(word) - } - } -} - -END { - if (e) exit - - # print rest of config options ( - for (word in conf) print_confs(word) -} diff --git a/type/__dma/gencode-remote b/type/__dma/gencode-remote deleted file mode 100755 index 580b22e..0000000 --- a/type/__dma/gencode-remote +++ /dev/null @@ -1,177 +0,0 @@ -#!/bin/sh -e -# -# 2020 Dennis Camera (dennis.camera@ssrq-sds-fds.ch) -# -# This file is part of cdist. -# -# cdist is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# cdist is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with cdist. If not, see . -# - -quote() { printf "'%s'" "$(printf '%s' "$*" | sed -e "s/'/'\\\\''/g")"; } -drop_awk_comments() { quote "$(sed '/^[[:blank:]]*#.*$/d;/^$/d' "$@")"; } - -CONF_PATH=/etc/dma # set in Makefile - -# Determine mailname -if test -f "${__object:?}/parameter/mailname" -then - mailname=$(cat "${__object:?}/parameter/mailname") -else - case $(cat "${__global:?}/explorer/os") - in - (debian|devuan|ubuntu) - # On Debian-like systems use /etc/mailname unless --mailname is used - mailname='/etc/mailname' - ;; - (*) - mailname=${__target_fqdn:?} - ;; - esac -fi - - -# Generate "should" values for config -conf_should=$( - if test -s "${__object:?}/parameter/smarthost" - then - printf 'SMARTHOST %s\n' "$(cat "${__object:?}/parameter/smarthost")" - fi - - printf 'MAILNAME %s\n' "${mailname}" - - if test -s "${__object:?}/explorer/auth_conf" - then - printf "AUTHPATH %s\n" "$(cat "${__object:?}/explorer/auth_conf")" - fi - - case $(cat "${__object:?}/parameter/security") - in - (ssl|tls) - default_smtp_port=465 - echo 'SECURETRANSFER' - ;; - (starttls) - default_smtp_port=587 - echo 'SECURETRANSFER' - echo 'STARTTLS' - ;; - (opportunistic) - default_smtp_port=25 - echo 'SECURETRANSFER' - echo 'STARTTLS' - echo 'OPPORTUNISTIC_TLS' - ;; - (insecure) - default_smtp_port=25 - echo 'INSECURE' - ;; - esac - - if test -s "${__object:?}/parameter/port" - then - printf 'PORT %u\n' "$(cat "${__object:?}/parameter/port")" - elif test "${default_smtp_port}" -ne 25 # DMA uses port 25 by default - then - printf 'PORT %u\n' "${default_smtp_port}" - fi - - if test -f "${__object:?}/parameter/masquerade" - then - while read -r line - do - printf 'MASQUERADE %s\n' "${line}" - done <"${__object:?}/parameter/masquerade" - fi - - if test -f "${__object:?}/parameter/defer" - then - echo 'DEFER' - fi - - if test -f "${__object:?}/parameter/fullbounce" - then - echo 'FULLBOUNCE' - fi - - if test -f "${__object:?}/parameter/nullclient" - then - test -s "${__object:?}/parameter/smarthost" || { - echo '--nullclient requires a --smarthost to be defined' >&2 - exit 1 - } - - echo 'NULLCLIENT' - fi -) -# Sort conf_should to compare against "conf_is" -conf_should=$(echo "${conf_should}" | sort -s -k 1,1) - -config_updated=false -if ! echo "${conf_should}" | cmp -s "${__object:?}/explorer/conf" - -then - # config needs to be updated - dma_conf="${CONF_PATH:?}/dma.conf" - - # The following AWK script will output the new config file to be stored on - # disk. To do so it reads the current dma.conf file and the config options - # that should be set (from stdin). - # Note that the path to the current dma.conf is passed to AWK twice, because - # the new file cannot be generated in one pass. - - # The logic tries to place options at a sensible location, that is: - # a) if the option is already used in the config file: - # group all similar options (e.g. MASQUERADE) at one place in the order - # they are listed in stdin. - # b) if it is a new option and a "default comment" (e.g. "#PORT 25") exists: - # place options grouped directly after the comment (the comment is left - # alone) - # c) otherwise: - # options are grouped by word (the first word in the line) and appended - # at the end of the file. - - cat <<-CODE - awk $(drop_awk_comments "${__type:?}/files/update_dma_conf.awk") $(quote "${dma_conf}") <<'EOF' >$(quote "${dma_conf}.tmp") \ - && cat $(quote "${dma_conf}.tmp") >$(quote "${dma_conf}") - ${conf_should} - EOF - rm $(quote "${dma_conf}.tmp") - CODE - - config_updated=true - echo 'config updated' >>"${__messages_out:?}" -fi - - -# Send a test email if enabled and necessary (=configuration changed) -if test -f "${__object:?}/parameter/send-test-mail" -then - if grep -q '^__mail_alias/root:' "${__messages_in:?}" \ - || grep -q '^__dma_auth/' "${__messages_in:?}" \ - || ${config_updated} - then - cat <<-CODE - sendmail root <<'EOF' - Subject: [cdist] Test mail from '${__target_fqdn:?}' - - Hi, - - you can ignore this message. - Its sole purpose is to notify you that root mail on ${__target_fqdn:?} - will be redirected to you. - - Enjoy! - EOF - CODE - fi -fi diff --git a/type/__dma/man.rst b/type/__dma/man.rst deleted file mode 100644 index 29a71fa..0000000 --- a/type/__dma/man.rst +++ /dev/null @@ -1,112 +0,0 @@ -cdist-type__dma(7) -============================ - -NAME ----- -cdist-type__dma - Setup the DragonFly Mail Agent as the MTA. - - -DESCRIPTION ------------ -This (singleton) type uses DMA, a small Mail Transport Agent (MTA), to accept -mails from locally installed Mail User Agents (MUA) and either deliver the mails -to a remote smart host for delivery or communicate with remote SMTP servers -directly. - - -REQUIRED PARAMETERS -------------------- -None. - - -BOOLEAN PARAMETERS ------------------- -defer - If enabled, mail will not be sent immediately, but stored in a queue. - To flush the queue and send the mails, ```dma -q`` has to be run - periodically (e.g. using a cron job.) - This type does not manage such a cron job, but some operating systems ship - such a cron job with the package. -fullbounce - Enable if bounce messages should include the complete original message, - not just the headers. -nullclient - Enable to bypass aliases and local delivery, and instead forward all mails - to the defined ``--smarthost``. -send-test-mail - If set, this type will send a test email to root after setup, to check if - the configured settings work. - - -OPTIONAL PARAMETERS -------------------- -mailname - If present, this will be the hostname used to identify this host and the - remote part of the sender addresses. - If not defined, it defaults to ``/etc/mailname`` on Debian derivatives and - to ``__target_fqdn`` otherwise. - See `dma(8)` for more information. - - Note: on Debian derivatives the ``/etc/mailname`` file should be updated - instead of using this parameter. -masquerade - Masquerade the envelope-from addresses with this address/hostname. - Use this setting if mails are not accepted by destination mail servers - because your sender domain is invalid. - This option can be used multiple times. - For more information see the `dma(8)` man page. -port - The port on which to deliver email. - If not provided, a sensible default port will be used based on the - ``--security`` argument. -security - Configures whether and how DMA should use secure connections. - - ssl/tls - Enable TLS/SSL secured transfer. - starttls - Use STARTTLS to establish a secure connection. - opportunistic (default) - Will try to establish a secure connection using STARTTLS, but allow - unencrypted transfer if STARTTLS fails. - Most useful when dma is used without a smarthost, delivering remote - messages directly to the outside mail exchangers. - insecure - allow plain text SMTP login over an insecure connection. - Should really *not* be used anymore! -smarthost - The mail server used to send email. - It must be configured to act as a relay for the host being configured by - this type so that mail can be sent to users non-local to the smarthost. - - -EXAMPLES --------- - -.. code-block:: sh - - # Install DMA and use the smarthost mx1.domain.tld to send mail. - __dma --smarthost mx1.domain.tld --send-test-mail - - # Install DMA in a default configuration. - __dma - - -SEE ALSO --------- -- `DragonFly Mail Agent `_ -- `DragonFly Handbook MTA `_ - - -AUTHORS -------- -Evilham -Dennis Camera - - -COPYING -------- -Copyright \(C) 2020 Evilham and Dennis Camera. You can redistribute it -and/or modify it under the terms of the GNU General Public License as -published by the Free Software Foundation, either version 3 of the -License, or (at your option) any later version. diff --git a/type/__dma/manifest b/type/__dma/manifest deleted file mode 100755 index 530ad09..0000000 --- a/type/__dma/manifest +++ /dev/null @@ -1,66 +0,0 @@ -#!/bin/sh -e -# -# 2020 Dennis Camera (dennis.camera@ssrq-sds-fds.ch) -# -# This file is part of cdist. -# -# cdist is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# cdist is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with cdist. If not, see . -# - -os=$(cat "${__global:?}/explorer/os") - -# Install DMA -case ${os} -in - (alpine) - __package dma --state present - export require='__package/dma' - ;; - (debian|devuan|ubuntu) - __package dma --state present - export require='__package/dma' - ;; - (freebsd) - # Stop sendmail if necessary - __process 'sendmail' --name 'sendmail.*' --state absent \ - --stop '/etc/rc.d/sendmail onestop' - - # ... and disable it - __key_value 'rcconf-sendmail-enable' --file '/etc/rc.conf' \ - --key 'sendmail_enable' --delimiter '=' --value '"NONE"' \ - --exact_delimiter - - # Setup mailwrapper accordingly - __file '/etc/mail/mailer.conf' --mode 0644 --source - <<-'EOF' - # - # Execute the "real" sendmail program, named /usr/libexec/sendmail/sendmail - # - sendmail /usr/libexec/dma - send-mail /usr/libexec/dma - mailq /usr/libexec/dma - newaliases /usr/libexec/dma - rmail /usr/libexec/dma - EOF - ;; - (*) - cat <&2 -Your OS (${os}) is not supported yet. - -Maybe adding support is as simple as adapting the packages or allowing it, -we highly encourage you to open a PR with the necessary changes. -See: https://code.ungleich.ch/ungleich-public/cdist-contrib/ -EOF - exit 1 - ;; -esac diff --git a/type/__dma/parameter/boolean b/type/__dma/parameter/boolean deleted file mode 100644 index 523bb97..0000000 --- a/type/__dma/parameter/boolean +++ /dev/null @@ -1,4 +0,0 @@ -defer -fullbounce -nullclient -send-test-mail diff --git a/type/__dma/parameter/default/security b/type/__dma/parameter/default/security deleted file mode 100644 index 9f1e0a6..0000000 --- a/type/__dma/parameter/default/security +++ /dev/null @@ -1 +0,0 @@ -opportunistic diff --git a/type/__dma/parameter/optional b/type/__dma/parameter/optional deleted file mode 100644 index 615c189..0000000 --- a/type/__dma/parameter/optional +++ /dev/null @@ -1,4 +0,0 @@ -mailname -port -security -smarthost diff --git a/type/__dma/parameter/optional_multiple b/type/__dma/parameter/optional_multiple deleted file mode 100644 index 70f4146..0000000 --- a/type/__dma/parameter/optional_multiple +++ /dev/null @@ -1 +0,0 @@ -masquerade diff --git a/type/__dma_auth/explorer/auth_conf b/type/__dma_auth/explorer/auth_conf deleted file mode 120000 index e89de93..0000000 --- a/type/__dma_auth/explorer/auth_conf +++ /dev/null @@ -1 +0,0 @@ -../../__dma/explorer/auth_conf \ No newline at end of file diff --git a/type/__dma_auth/explorer/state b/type/__dma_auth/explorer/state deleted file mode 100755 index c829cd4..0000000 --- a/type/__dma_auth/explorer/state +++ /dev/null @@ -1,91 +0,0 @@ -#!/bin/sh -e -# -# 2020 Dennis Camera (dennis.camera at ssrq-sds-fds.ch) -# -# This file is part of cdist. -# -# cdist is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# cdist is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with cdist. If not, see . -# -# This explorer looks for a line matching the server parameter -# in dma's auth.conf and reports: -# present: a line matching login + host + password exists -# absent: no line matching login + host exists -# different_login: a line exists but with a different login user -# different_password: a line exists but with a different password -# multiple: multiple lines matching host exist (should not happen) - -auth_conf=$("${__type_explorer:?}/auth_conf") -test -r "${auth_conf}" || exit 0 - -awk -F'\n' ' -function getvalue(path) { - # Reads the first line of the file located at path and returns it. - getline < path - close(path) - return $0 -} - -BEGIN { - DP = "[: \t]" # copied from dma/conf.c - - parameter_dir = ENVIRON["__object"] "/parameter/" - - # Read the parameters of this object - host_param = ENVIRON["__object_id"] - login_param = getvalue(parameter_dir "login") - passwd_param = getvalue(parameter_dir "password") - - state = "absent" -} - -/^#/ || /^$/ { - # skip comments and empty lines - next -} - -{ - # parse line - - login = substr($0, 1, index($0, "|") - 1) - if (!login) { login = $0 } # if no "|" found - - host = substr($0, length(login) + 2) - - if (match(host, DP)) { - passwd = substr(host, RSTART + 1) - host = substr(host, 1, RSTART - 1) - } else { - passwd = "" - } -} - -host == host_param { - # a match… - if (state == "absent") { - if (login != login_param) - state = "different_login" - else if (passwd != passwd_param) - state = "different_password" - else - state = "present" - } else { - # report "multiple" to that the type can remove the duplicates. - state = "multiple" - } -} - -END { - print state -} -' "${auth_conf}" diff --git a/type/__dma_auth/files/update_dma_auth.awk b/type/__dma_auth/files/update_dma_auth.awk deleted file mode 100644 index c50198b..0000000 --- a/type/__dma_auth/files/update_dma_auth.awk +++ /dev/null @@ -1,93 +0,0 @@ -#!/usr/bin/awk -f -# -# 2020 Dennis Camera (dennis.camera@ssrq-sds-fds.ch) -# -# This file is part of cdist. -# -# cdist is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# cdist is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with cdist. If not, see . -# - -function getvalue(path) { - # Reads the first line of the file located at path and returns it. - getline < path - close(path) - return $0 -} - -function print_should() { - printf "%s|%s:%s\n", login_param, host_param, passwd_param -} - -BEGIN { - FS = "\n" - DP = "[: \t]" # copied from dma/conf.c - - parameter_dir = ENVIRON["__object"] "/parameter/" - - mode = (getvalue(parameter_dir "state") != "absent") - - host_param = ENVIRON["__object_id"] - login_param = getvalue(parameter_dir "login") - passwd_param = getvalue(parameter_dir "password") -} - -# skip comments and empty lines -/^#/ || /^$/ { - print - next -} - -{ - # parse line (like dma/conf.c would) - - login = substr($0, 1, index($0, "|") - 1) - if (!login) { login = $0 } # if no "|" found - - host = substr($0, length(login) + 2) - - if (match(host, DP)) { - passwd = substr(host, RSTART + 1) - host = substr(host, 1, RSTART - 1) - } else { - passwd = "" - } -} - -host == host_param { - if (mode) { - # state_should == present - if (!written) { - # replace first line if host matches (but only if no line has - # been written already -> no duplicates) - print_should() - written = 1 - } - next - } else { - # state_should == absent - next - } -} - -# leave other lines alone -{ - print -} - -END { - if (mode && !written) { - # append line if no match to replace was found - print_should() - } -} diff --git a/type/__dma_auth/gencode-remote b/type/__dma_auth/gencode-remote deleted file mode 100755 index b6a0100..0000000 --- a/type/__dma_auth/gencode-remote +++ /dev/null @@ -1,72 +0,0 @@ -#!/bin/sh -e -# -# 2020 Dennis Camera (dennis.camera@ssrq-sds-fds.ch) -# -# This file is part of cdist. -# -# cdist is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# cdist is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with cdist. If not, see . -# - -quote() { printf "'%s'" "$(printf '%s' "$*" | sed -e "s/'/'\\\\''/g")"; } -drop_awk_comments() { quote "$(sed '/^[[:blank:]]*#.*$/d;/^$/d' "$@")"; } - -state_is=$(cat "${__object:?}/explorer/state") -state_should=$(cat "${__object:?}/parameter/state") - -server=${__object_id:?} -login=$(cat "${__object:?}/parameter/login") - - -auth_conf=$(cat "${__object:?}/explorer/auth_conf") -test -n "${auth_conf}" || { - echo 'Cannot determine path of dma auth.conf' >&2 - exit 1 -} - -if test "${state_is}" = "${state_should}" -then - # state is as it should - exit 0 -fi - -case ${state_should} -in - (present) - test -n "${login}" || { echo '--login must be non-empty' >&2; exit 1; } - - if test "${state_is}" = 'absent' - then - printf 'add authuser %s on %s\n' "${login}" "${server}" >>"${__messages_out:?}" - else - printf 'set authuser %s on %s\n' "${login}" "${server}" >>"${__messages_out:?}" - fi - ;; - (absent) - printf 'delete authuser %s on %s\n' "${login}" "${server}" >>"${__messages_out:?}" - ;; - (*) - printf 'Invalid --state: %s.\n' "${state_should}" >&2 - printf 'Acceptable values are: present, absent.\n' >&2 - exit 1 - ;; -esac - - -cat <$(quote "${auth_conf}.tmp") \ -&& cat $(quote "${auth_conf}.tmp") >$(quote "${auth_conf}") -rm -f $(quote "${auth_conf}.tmp") -EOF diff --git a/type/__dma_auth/man.rst b/type/__dma_auth/man.rst deleted file mode 100644 index da76883..0000000 --- a/type/__dma_auth/man.rst +++ /dev/null @@ -1,66 +0,0 @@ -cdist-type__dma_auth(7) -======================= - -NAME ----- -cdist-type__dma_auth - Configure SMTP logins for the DragonFly Mail Agent MTA. - - -DESCRIPTION ------------ -This cdist type allows you to set up credentials to log in to remote SMTP -servers. - -NB: dma currently (v0.13) does not differentiate between users on a host. - It will use whatever user it finds in the ``auth.conf`` first. - Thus, this type will use the ``__object_id`` as the host specifier. - - -REQUIRED PARAMETERS -------------------- -login - The user's LOGIN name on the SMTP server. -password - The user's password (in plain text.) - - -OPTIONAL PARAMETERS -------------------- -state - Either ``present`` or ``absent``. Defaults to ``present``. - -BOOLEAN PARAMETERS ------------------- -None. - - -EXAMPLES --------- - -.. code-block:: sh - - # Set the password for smarthost - __dma_auth smarthost.example.com --login joe --password hunter2 - - # Set credentials for user at an external provider - __dma_auth mail.provider.com --login paul@example.com --password letmein - - # Delete credentials for example.com (for all users) - __dma_auth example.com --login '' --password '' --state absent - -SEE ALSO --------- -:strong:`cdist-type__dma`\ (7), :strong:`dma`\ (8) - - -AUTHORS -------- -Dennis Camera - - -COPYING -------- -Copyright \(C) 2020 Dennis Camera. You can redistribute it -and/or modify it under the terms of the GNU General Public License as -published by the Free Software Foundation, either version 3 of the -License, or (at your option) any later version. diff --git a/type/__dma_auth/nonparallel b/type/__dma_auth/nonparallel deleted file mode 100644 index e69de29..0000000 diff --git a/type/__dma_auth/parameter/default/state b/type/__dma_auth/parameter/default/state deleted file mode 100644 index e7f6134..0000000 --- a/type/__dma_auth/parameter/default/state +++ /dev/null @@ -1 +0,0 @@ -present diff --git a/type/__dma_auth/parameter/optional b/type/__dma_auth/parameter/optional deleted file mode 100644 index ff72b5c..0000000 --- a/type/__dma_auth/parameter/optional +++ /dev/null @@ -1 +0,0 @@ -state diff --git a/type/__dma_auth/parameter/required b/type/__dma_auth/parameter/required deleted file mode 100644 index ae3c622..0000000 --- a/type/__dma_auth/parameter/required +++ /dev/null @@ -1,2 +0,0 @@ -login -password diff --git a/type/__mail_alias/explorer/aliases b/type/__mail_alias/explorer/aliases deleted file mode 100755 index ac13d7c..0000000 --- a/type/__mail_alias/explorer/aliases +++ /dev/null @@ -1,73 +0,0 @@ -#!/bin/sh -e -# -# 2020 Dennis Camera (dennis.camera at ssrq-sds-fds.ch) -# -# This file is part of cdist. -# -# cdist is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# cdist is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with cdist. If not, see . -# -# Find aliases for a given user name and print the aliases (each one on a -# separate line) - -aliases_file=$("${__type_explorer:?}/aliases_file") -test -r "${aliases_file}" || exit 0 - -: "${__object_id:?}" # assert __object_id is set, because it is used in AWK - -awk -F ':[ \t]*' ' -function print_aliases(aliases, matches) { - # prints comma-separated aliases (one per line) - split(aliases, matches, /,[ \t]*/) - for (i in matches) { - gsub(/^[ \t]*|[ \t]*$/, "", matches[i]) - if (matches[i]) print matches[i] - } -} - -/^#/ { - # comment line (ignore) - select = 0; cont = 0 # comments terminate alias lists and continuations - next -} - -{ - # is this line a continuation line? - # (the prev. line ended in a backslash or the line starts with whitespace) - is_cont = /^[ \t]/ || cont - - # detect if the line is a line to be continued (ends with a backslash) - cont = /\\$/ - - # if it is, we drop the backslash from the line - if (cont) sub(/[ \t]*\\$/, "", $0) -} - -is_cont { - # if in the alias list of the "target" user, we also print these aliases. - if (select) print_aliases($0) - next -} - -$1 == ENVIRON["__object_id"] { - # "target" user -> print alias list - select = 1 - print_aliases($2) - next -} - -{ - # other user - select = 0 -} -' "${aliases_file}" diff --git a/type/__mail_alias/explorer/aliases_file b/type/__mail_alias/explorer/aliases_file deleted file mode 100755 index 7f09f88..0000000 --- a/type/__mail_alias/explorer/aliases_file +++ /dev/null @@ -1,52 +0,0 @@ -#!/bin/sh -e -# -# 2020 Dennis Camera (dennis.camera at ssrq-sds-fds.ch) -# -# This file is part of cdist. -# -# cdist is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# cdist is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with cdist. If not, see . -# -# This explorer finds the aliases file to modify. - -found() { echo "$*"; exit 0; } - -check_file() { - if test -f "$1" - then - found "$1" - fi -} - -case $("${__explorer:?}/os") -in - (freebsd|openbsd|solaris) - check_file /etc/mail/aliases - - # default - found /etc/mail/aliases - ;; - (alpine|debian|devuan|ubuntu) - check_file /etc/aliases - - # default - found /etc/aliases - ;; - (*) - check_file /etc/mail/aliases - check_file /etc/aliases - - # default - found /etc/aliases - ;; -esac diff --git a/type/__mail_alias/files/update_aliases.awk b/type/__mail_alias/files/update_aliases.awk deleted file mode 100644 index 11a4c85..0000000 --- a/type/__mail_alias/files/update_aliases.awk +++ /dev/null @@ -1,96 +0,0 @@ -#!/usr/bin/awk -f -# -# 2020 Dennis Camera (dennis.camera@ssrq-sds-fds.ch) -# -# This file is part of cdist. -# -# cdist is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# cdist is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with cdist. If not, see . -# - -function getvalue(path, line) { - # Reads the first line of the file located at path and returns it. - getline line < path - close(path) - return line -} - -function sepafter(f, def, _) { - # finds the separator between field $f and $(f+1) - _ = substr($0, length($f)+1, index(substr($0, length($f)+1), $(f+1))-1) - return _ ? _ : def -} - -function write_aliases( line) { - if (aliases_written) return - - # print aliases line - printf "%s%s", ENVIRON["__object_id"], sepafter(1, ": ") - while ((getline line < aliases_should_file) > 0) { - if (aliases_written) printf ", " - printf "%s", line - aliases_written = 1 - } - printf "\n" - close(aliases_should_file) -} - -BEGIN { - FS = ":[ \t]*" - - parameter_dir = ENVIRON["__object"] "/parameter/" - - mode = (getvalue(parameter_dir "state") != "absent") - aliases_should_file = (parameter_dir "/alias") -} - -/^[ \t]*\#/ { - # comment line (leave alone) - select = 0; cont = 0 # comments terminate alias lists and continuations - print - next -} - -{ - # is this line a continuation line? - # (the prev. line ended in a backslash or the line starts with whitespace) - is_cont = /^[ \t]/ || cont - - # detect if the line is a line to be continued (ends with a backslash) - cont = /\\$/ -} - -is_cont { - # we only print the line if it has not been rewritten (select) - if (!select) print - next -} - -$1 == ENVIRON["__object_id"] { - # "target" user -> rewrite aliases list - select = 1 - if (mode) write_aliases() - next -} - -{ - # other user - select = 0 - print -} - -END { - # if the last line was an alias, the separator will be reused (looks better) - if (mode && !aliases_written) - write_aliases() -} diff --git a/type/__mail_alias/gencode-remote b/type/__mail_alias/gencode-remote deleted file mode 100755 index 4a8f889..0000000 --- a/type/__mail_alias/gencode-remote +++ /dev/null @@ -1,87 +0,0 @@ -#!/bin/sh -e -# -# 2020 Dennis Camera (dennis.camera@ssrq-sds-fds.ch) -# -# This file is part of cdist. -# -# cdist is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# cdist is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with cdist. If not, see . -# - -quote() { printf "'%s'" "$(printf '%s' "$*" | sed -e "s/'/'\\\\''/g")"; } -drop_awk_comments() { quote "$(sed '/^[[:blank:]]*#.*$/d;/^$/d' "$@")"; } - -aliases_file=$(cat "${__object:?}/explorer/aliases_file") - -test -n "${aliases_file}" || { - echo 'Could not determine aliases file path.' >&2 - exit 1 -} - - -state_should=$(cat "${__object:?}/parameter/state") - -case ${state_should} -in - (present) - if cmp -s "${__object:?}/explorer/aliases" "${__object:?}/parameter/alias" - then - # all good! - exit 0 - fi - - test -s "${__object:?}/parameter/alias" || { - printf 'The --alias parameter is required if --state present.\n' >&2 - printf 'Use --state absent to remove all aliases.\n' >&2 - exit 1 - } - - if test -s "${__object:?}/explorer/aliases" - then - echo "update aliases" >>"${__messages_out:?}" - else - echo "add aliases" >>"${__messages_out:?}" - fi - ;; - (absent) - # nothing to do if no aliases found. - test -s "${__object:?}/explorer/aliases" || exit 0 - - echo "delete aliases" >>"${__messages_out:?}" - ;; - (*) - printf 'Invalid --state: %s.\n' "${state_should}" >&2 - printf 'Acceptable values are: present, absent.\n' >&2 - exit 1 -esac - -cat <$(quote "${aliases_file}.tmp") \ -|| { - rm -f $(quote "${aliases_file}.tmp") - echo 'Generating new aliases file failed!' >&2 - exit 1 -} - -if ! cmp -s $(quote "${aliases_file}") $(quote "${aliases_file}.tmp") -then - # aliases file was modified, replace: - cat $(quote "${aliases_file}.tmp") >$(quote "${aliases_file}") - - # then, run newaliases if present ("missing" on Alpine Linux because of typo) - command -v newaliases >/dev/null 2>&1 && newaliases || true -fi -rm -f $(quote "${aliases_file}.tmp") -EOF diff --git a/type/__mail_alias/man.rst b/type/__mail_alias/man.rst deleted file mode 100644 index de40512..0000000 --- a/type/__mail_alias/man.rst +++ /dev/null @@ -1,76 +0,0 @@ -cdist-type__mail_alias(7) -========================= - -NAME ----- -cdist-type__mail_alias - Manage mail aliases. - - -DESCRIPTION ------------ -This cdist type allows you to configure mail aliases (/etc/aliases). - - -REQUIRED PARAMETERS -------------------- -None. - - -OPTIONAL PARAMETERS -------------------- -state - 'present' or 'absent', defaults to 'present' -alias - an alias, i.e. a mail address where mail for the user should be redirected - to. - This parameter can be specified multiple times to redirect to multiple - recipients. - If ``--state`` is ``present`` this parameter is required. - See `aliases(5)` for the different forms this parameter can take. - - -BOOLEAN PARAMETERS ------------------- -None. - - -EXAMPLES --------- - -.. code-block:: sh - - # Redirect root mail to a "real" email address - __mail_alias root --alias admin@example.com - - # Disable redirection of mail for joe - __mail_alias joe --state absent - - -BUGS ----- -- Quoted strings are not parsed by this type. As a result, aliases - containing ``,`` (commas) are treated incorrectly (they are treated as - separate aliases.) - Make sure that email addresses, file names, and pipe commands do not contain - commas. -- ``:include:`` directives in the aliases file are not evaluated by this type. - They are treated like a regular alias, the values of the included file are - not expanded. - - -SEE ALSO --------- -:strong:`aliases`\ (5) - - -AUTHORS -------- -Dennis Camera - - -COPYING -------- -Copyright \(C) 2020 Dennis Camera. You can redistribute it -and/or modify it under the terms of the GNU General Public License as -published by the Free Software Foundation, either version 3 of the -License, or (at your option) any later version. diff --git a/type/__mail_alias/nonparallel b/type/__mail_alias/nonparallel deleted file mode 100644 index e69de29..0000000 diff --git a/type/__mail_alias/parameter/default/state b/type/__mail_alias/parameter/default/state deleted file mode 100644 index e7f6134..0000000 --- a/type/__mail_alias/parameter/default/state +++ /dev/null @@ -1 +0,0 @@ -present diff --git a/type/__mail_alias/parameter/optional b/type/__mail_alias/parameter/optional deleted file mode 100644 index ff72b5c..0000000 --- a/type/__mail_alias/parameter/optional +++ /dev/null @@ -1 +0,0 @@ -state diff --git a/type/__mail_alias/parameter/optional_multiple b/type/__mail_alias/parameter/optional_multiple deleted file mode 100644 index d077ed8..0000000 --- a/type/__mail_alias/parameter/optional_multiple +++ /dev/null @@ -1 +0,0 @@ -alias diff --git a/type/__matrix_element/files/config.json.sh b/type/__matrix_element/files/config.json.sh deleted file mode 100755 index 9791f38..0000000 --- a/type/__matrix_element/files/config.json.sh +++ /dev/null @@ -1,90 +0,0 @@ -#!/bin/sh -# -# Upstream configuration guide/documentation: -# https://github.com/vector-im/riot-web/blob/develop/docs/config.md - -generate_embedded_pages () { - if [ "$EMBED_HOMEPAGE" != "" ]; then - cat << EOF - "embeddedPages": { - "homeUrl": "home.html" - }, -EOF - fi -} - -generate_jitsi_config () { - if [ "$JITSI_DOMAIN" != "" ]; then - cat << EOF - "jitsi": { - "preferredDomain": "$JITSI_DOMAIN" - }, -EOF - fi -} - -generate_branding () { - echo '"branding": {' - - if [ "$BRANDING_AUTH_HEADER_LOGO_URL" != "" ]; then - cat << EOF - "authHeaderLogoUrl": "$BRANDING_AUTH_HEADER_LOGO_URL", -EOF - fi - - if [ "$BRANDING_AUTH_FOOTER_LINKS" != "" ]; then - cat << EOF - "authFooterLinks": "$BRANDING_AUTH_FOOTER_LINKS", -EOF - fi - - cat << EOF - "welcomeBackgroundUrl": "themes/element/img/backgrounds/lake.jpg" -EOF - echo '},' -} - -cat << EOF -{ - "default_server_config": { - "m.homeserver": { - "base_url": "$DEFAULT_SERVER_URL", - "server_name": "$DEFAULT_SERVER_NAME" - }, - "m.identity_server": { - "base_url": "https://vector.im" - } - }, - "brand": "$BRAND", - $(generate_branding) - "defaultCountryCode": "$DEFAULT_COUNTRY_CODE", - "integrations_ui_url": "https://scalar.vector.im/", - "integrations_rest_url": "https://scalar.vector.im/api", - "integrations_widgets_urls": [ - "https://scalar.vector.im/_matrix/integrations/v1", - "https://scalar.vector.im/api", - "https://scalar-staging.vector.im/_matrix/integrations/v1", - "https://scalar-staging.vector.im/api", - "https://scalar-staging.riot.im/scalar/api" - ], - "bug_report_endpoint_url": "https://riot.im/bugreports/submit", - "roomDirectory": { - "servers": [ - $ROOM_DIRECTORY_SERVERS - ] - }, - "disable_custom_urls": "$DISABLE_CUSTOM_URLS", - $(generate_embedded_pages) - $(generate_jitsi_config) - "terms_and_conditions_links": [ - { - "url": "$PRIVACY_POLICY_URL", - "text": "Privacy Policy" - }, - { - "url": "$COOKIE_POLICY_URL", - "text": "Cookie Policy" - } - ] -} -EOF diff --git a/type/__matrix_element/gencode-remote b/type/__matrix_element/gencode-remote deleted file mode 100755 index e643976..0000000 --- a/type/__matrix_element/gencode-remote +++ /dev/null @@ -1,69 +0,0 @@ -#!/bin/sh -e -# -# 2019 Timothée Floure (timothee.floure@ungleich.ch) -# -# This file is part of cdist. -# -# cdist is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# cdist is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with cdist. If not, see . -# - -VERSION=$(cat "$__object/parameter/version") -INSTALL_DIR=$(cat "$__object/parameter/install_dir") -OWNER=$(cat "$__object/parameter/owner") - -src="riot-v$VERSION" -archive="$src.tar.gz" -url="https://github.com/vector-im/riot-web/releases/download/v$VERSION/$archive" - -# tar and curl are installed by the __matrix-riot manifest. mktemp is usually -# provided by coreutils and assumed installed. -cat << EOF -set -e - -# Ensure that coreutils is installed. -if [ ! -x \$(which mktemp) ]; then - echo "mktemp is not available on the remote host." >&2 - exit 1 -fi - -# Create temporary working directory. -tmpdir=\$(mktemp -d) -custom_files_dir="\$tmpdir/custom_files" -cd \$tmpdir - -# Download and extract sources. -curl -L '$url' > $archive -tar xf $archive - -# Backup files deployed by __matrix_element. -mkdir -p \$custom_files_dir -for file in $INSTALL_DIR/cdist/*; do - cp "\$file" "\$custom_files_dir" -done - -# Deploy sources and restore configuration. -rm -r '$INSTALL_DIR' -mv '$src' '$INSTALL_DIR' - -for file in \$custom_files_dir/*; do - cp "\$file" '$INSTALL_DIR' -done - -# Chown deployed files to requested owner. -chown -R '$OWNER' '$INSTALL_DIR' - -# Remove temporary working directory. -cd / -rm -r \$tmpdir -EOF diff --git a/type/__matrix_element/man.rst b/type/__matrix_element/man.rst deleted file mode 100644 index 05f0685..0000000 --- a/type/__matrix_element/man.rst +++ /dev/null @@ -1,87 +0,0 @@ -cdist-type__matrix_element(7) -============================= - -NAME ----- -cdist-type__matrix_element - Install and configure Element, a web Matrix client. - - -DESCRIPTION ------------ -This type install and configure the Element web client. - - -REQUIRED PARAMETERS -------------------- -install_dir - Root directory of Element's static files. - -version - Release of Element to install. - -OPTIONAL PARAMETERS -------------------- -default_server_name - Name of matrix homeserver to connect to, defaults to 'matrix.org'. - -default_server_url - URL of matrix homeserver to connect to, defaults to 'https://matrix-client.matrix.org'. - -owner - Owner of the deployed files, passed to `chown`. Defaults to 'root'. - -brand - Web UI branding, defaults to 'Element'. - -default_country_code - ISO 3166 alpha2 country code to use when showing country selectors, such as - phone number inputs. Defaults to GB. - -privacy_policy_url - Defaults to 'https://element.io/privacy'. - -cookie_policy_url - Defaults to 'https://matrix.org/docs/guides/element_im_cookie_policy'. - -jitsi_domain - Domain name of preferred Jitsi instance (default is jitsi.element.im). This is - used whenever a user clicks on the voice/video call buttons. - -homepage - Path to custom homepage, displayed once logged in. - -welcomepage - Path to custom welcome (= login) page. - -custom_asset - Serve a file a the top-level directory (e.g. /my-custom-logo.svg). Can be specified multiple times. - -BOOLEAN PARAMETERS -------------------- -disable_custom_urls - Disallow the user to change the default homeserver when signing up or logging in. - -EXAMPLES --------- - -.. code-block:: sh - - __matrix_element my-element --install_dir /var/www/element-web --version 1.5.6 - - -SEE ALSO --------- -- `cdist-type__matrix_synapse(7) `_ - - -AUTHORS -------- -Timothée Floure - - -COPYING -------- -Copyright \(C) 2019 Timothée Floure. You can redistribute it -and/or modify it under the terms of the GNU General Public License as -published by the Free Software Foundation, either version 3 of the -License, or (at your option) any later version. diff --git a/type/__matrix_element/manifest b/type/__matrix_element/manifest deleted file mode 100755 index 544bd96..0000000 --- a/type/__matrix_element/manifest +++ /dev/null @@ -1,106 +0,0 @@ -#!/bin/sh -e -# -# 2019 Timothée Floure (timothee.floure@ungleich.ch) -# -# This file is part of cdist. -# -# cdist is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# cdist is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with cdist. If not, see . - -# Ignore "Declare and assign separately to avoid masking return values. [SC2155]" -# => not relevant for the type arguments. -# shellcheck disable=SC2155 - -INSTALL_DIR=$(cat "$__object/parameter/install_dir") - -export DEFAULT_SERVER_NAME=$(cat "$__object/parameter/default_server_name") -export DEFAULT_SERVER_URL=$(cat "$__object/parameter/default_server_url") -export BRAND=$(cat "$__object/parameter/brand") -export DEFAULT_COUNTRY_CODE=$(cat "$__object/parameter/default_country_code") -export ROOM_DIRECTORY_SERVERS=$(cat "$__object/parameter/room_directory_servers") -export PRIVACY_POLICY_URL=$(cat "$__object/parameter/privacy_policy_url") -export COOKIE_POLICY_URL=$(cat "$__object/parameter/cookie_policy_url") - -if [ -f "$__object/parameter/jitsi_domain" ]; then - export JITSI_DOMAIN=$(cat "$__object/parameter/jitsi_domain") -fi - -if [ -f "$__object/parameter/branding_auth_header_logo_url" ]; then - export BRANDING_AUTH_HEADER_LOGO_URL=$(cat "$__object/parameter/branding_auth_header_logo_url") -fi - -if [ -f "$__object/parameter/branding_auth_footer_links" ]; then - export BRANDING_AUTH_FOOTER_LINKS=$(cat "$__object/parameter/branding_auth_footer_links") -fi - -if [ -f "$__object/parameter/homepage" ]; then - export EMBED_HOMEPAGE=1 - homepage=$(cat "$__object/parameter/homepage") -fi - -if [ -f "$__object/parameter/welcomepage" ]; then - export EMBED_WELCOMEPAGE=1 - welcomepage=$(cat "$__object/parameter/welcomepage") -fi - -if [ -f "$__object/parameter/custom_asset" ]; then - "$__object/parameter/custom_asset" | while IFS= read -r file; do - require="__directory/$INSTALL_DIR/cdist" __file "$INSTALL_DIR/cdist/$(basename "$file")" \ - --source "$file" \ - --mode 0664 \ - --state present - done -fi - -if [ -f "$__object/parameter/disable_custom_urls" ]; then - export DISABLE_CUSTOM_URLS='true' -else - export DISABLE_CUSTOM_URLS='false' -fi - -# Owner of the uploaded files. -owner=$(cat "$__object/parameter/owner") - -# Ensure that curl and tar are installed, as they will be required by the -# gencode-remote script. -__package curl --state present -__package tar --state present - -# Generate and deploy configuration file. -mkdir -p "$__object/files" -"$__type/files/config.json.sh" > "$__object/files/config.json" - -# Install the config.json configuration file. The application's sources are -# downloaded and deployed by gencode-remote. -__directory "$INSTALL_DIR/cdist" \ - --owner "$owner" --mode 0755 --parents \ - --state present - -require="__directory/$INSTALL_DIR/cdist" __file "$INSTALL_DIR/cdist/config.json" \ - --source "$__object/files/config.json" \ - --mode 0664 \ - --state present - -if [ $EMBED_HOMEPAGE ]; then - require="__directory/$INSTALL_DIR/cdist" __file "$INSTALL_DIR/cdist/home.html" \ - --source "$homepage" \ - --mode 0664 \ - --state present -fi - -if [ $EMBED_WELCOMEPAGE ]; then - require="__directory/$INSTALL_DIR/cdist" __file "$INSTALL_DIR/cdist/welcome.html" \ - --source "$welcomepage" \ - --mode 0664 \ - --state present -fi diff --git a/type/__matrix_element/parameter/boolean b/type/__matrix_element/parameter/boolean deleted file mode 100644 index 4d77768..0000000 --- a/type/__matrix_element/parameter/boolean +++ /dev/null @@ -1 +0,0 @@ -disable_custom_urls diff --git a/type/__matrix_element/parameter/default/brand b/type/__matrix_element/parameter/default/brand deleted file mode 100644 index 907f907..0000000 --- a/type/__matrix_element/parameter/default/brand +++ /dev/null @@ -1 +0,0 @@ -Element diff --git a/type/__matrix_element/parameter/default/cookie_policy_url b/type/__matrix_element/parameter/default/cookie_policy_url deleted file mode 100644 index 04e9c2b..0000000 --- a/type/__matrix_element/parameter/default/cookie_policy_url +++ /dev/null @@ -1 +0,0 @@ -https://matrix.org/docs/guides/riot_im_cookie_policy diff --git a/type/__matrix_element/parameter/default/default_country_code b/type/__matrix_element/parameter/default/default_country_code deleted file mode 100644 index 30ac4a3..0000000 --- a/type/__matrix_element/parameter/default/default_country_code +++ /dev/null @@ -1 +0,0 @@ -GB diff --git a/type/__matrix_element/parameter/default/default_server_name b/type/__matrix_element/parameter/default/default_server_name deleted file mode 100644 index 5528ffd..0000000 --- a/type/__matrix_element/parameter/default/default_server_name +++ /dev/null @@ -1 +0,0 @@ -matrix.org diff --git a/type/__matrix_element/parameter/default/default_server_url b/type/__matrix_element/parameter/default/default_server_url deleted file mode 100644 index 2cb9227..0000000 --- a/type/__matrix_element/parameter/default/default_server_url +++ /dev/null @@ -1 +0,0 @@ -https://matrix-client.matrix.org diff --git a/type/__matrix_element/parameter/default/owner b/type/__matrix_element/parameter/default/owner deleted file mode 100644 index d8649da..0000000 --- a/type/__matrix_element/parameter/default/owner +++ /dev/null @@ -1 +0,0 @@ -root diff --git a/type/__matrix_element/parameter/default/privacy_policy_url b/type/__matrix_element/parameter/default/privacy_policy_url deleted file mode 100644 index 37fa4bc..0000000 --- a/type/__matrix_element/parameter/default/privacy_policy_url +++ /dev/null @@ -1 +0,0 @@ -https://element.io/privacy diff --git a/type/__matrix_element/parameter/default/room_directory_servers b/type/__matrix_element/parameter/default/room_directory_servers deleted file mode 100644 index 4ea73ad..0000000 --- a/type/__matrix_element/parameter/default/room_directory_servers +++ /dev/null @@ -1 +0,0 @@ -"matrix.org" diff --git a/type/__matrix_element/parameter/optional b/type/__matrix_element/parameter/optional deleted file mode 100644 index 21a2faf..0000000 --- a/type/__matrix_element/parameter/optional +++ /dev/null @@ -1,13 +0,0 @@ -default_server_url -default_server_name -brand -default_country_code -privacy_policy_url -cookie_policy_url -room_directory_servers -owner -homepage -welcomepage -jitsi_domain -branding_auth_header_logo_url -branding_auth_footer_links diff --git a/type/__matrix_element/parameter/optional_multiple b/type/__matrix_element/parameter/optional_multiple deleted file mode 100644 index 4c2ca54..0000000 --- a/type/__matrix_element/parameter/optional_multiple +++ /dev/null @@ -1 +0,0 @@ -custom_asset diff --git a/type/__matrix_element/parameter/required b/type/__matrix_element/parameter/required deleted file mode 100644 index a76477e..0000000 --- a/type/__matrix_element/parameter/required +++ /dev/null @@ -1,2 +0,0 @@ -version -install_dir diff --git a/type/__matterbridge/files/matterbridge.service.sh b/type/__matterbridge/files/matterbridge.service.sh deleted file mode 100755 index 9dbd1cb..0000000 --- a/type/__matterbridge/files/matterbridge.service.sh +++ /dev/null @@ -1,18 +0,0 @@ -#!/bin/sh - -cat <`_ - - -AUTHORS -------- -Timothée Floure - - -COPYING -------- -Copyright \(C) 2020 Timothée Floure. You can redistribute it -and/or modify it under the terms of the GNU General Public License as -published by the Free Software Foundation, either version 3 of the -License, or (at your option) any later version. diff --git a/type/__matterbridge/manifest b/type/__matterbridge/manifest deleted file mode 100755 index ef02112..0000000 --- a/type/__matterbridge/manifest +++ /dev/null @@ -1,98 +0,0 @@ -#!/bin/sh -e -# -# 2020 Timothée Floure (timothee.floure@ungleich.ch) -# -# This file is part of cdist. -# -# cdist is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# cdist is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with cdist. If not, see . -# - -os=$(cat "$__global/explorer/os") -case "$os" in - debian) - # This type assume systemd for service installation. - ;; - *) - printf "Your operating system (%s) is currently not supported by this type (%s)\n" "$os" "${__type##*/}" >&2 - printf "Please contribute an implementation for it if you can.\n" >&2 - exit 1 - ;; -esac - -# Required parameters. -VERSION=$(cat "$__object/parameter/version") -if [ -f "$__object/parameter/config" ]; then - CONFIG="$(cat "$__object/parameter/config")" - if [ "$CONFIG" = "-" ]; then - CONFIG=$(cat "$__object/stdin") - fi -fi - -# Hardcoded values used in templates. -export BINARY_PATH=/usr/local/bin/matterbridge -export CONFIG_PATH=/etc/matterbridge/matterbridge.toml -export USER=matterbridge -export GROUP=$USER - -# Internal variables. -artefact="matterbridge-$VERSION-linux-64bit" -checksum_file="checksums.txt" -release_download_url=https://github.com/42wim/matterbridge/releases/download -binary_url="$release_download_url/v$VERSION/$artefact" -checksum_file_url="$release_download_url/v$VERSION/$checksum_file" -config_dir=$(dirname $CONFIG_PATH) -systemd_unit_path='/etc/systemd/system/matterbridge.service' - -# Check if curl is available. -if ! command -v curl; then - echo "curl is required for this type, but could not be found. Exiting." >&2 - exit 1 -fi - -# Initialize working directory. -mkdir -p "$__object/files" - -# Download and check matterbridge binary. -curl -L "$binary_url" -o "$__object/files/$artefact" -curl -Ls "$checksum_file_url" | grep "$artefact" > "$__object/files/$checksum_file" -if ! (cd "$__object/files"; sha256sum --check $checksum_file); then - echo "Matterbridge binary checksum failed." >&2 - exit 1 -fi - -# Create service user. -__user $USER --home "/var/lib/$USER" - -# Deploy matterbridge binary. -require="__user/$USER" __file "$BINARY_PATH" \ - --source "$__object/files/$artefact" \ - --owner "$USER" --mode 755 - -# Generate and deploy configuration file. -"$__type/files/matterbridge.service.sh" > "$__object/files/matterbridge.service" - -require="__user/$USER" __directory "$config_dir" \ - --owner "$USER" --mode 0755 --parents \ - -require="__directory/$config_dir" __file "$CONFIG_PATH" \ - --owner "$USER" \ - --mode 0640 \ - --source "$CONFIG" - -__file "$systemd_unit_path" \ - --source "$__object/files/matterbridge.service" - -# Deal with init system. -require="__file/$systemd_unit_path" __start_on_boot matterbridge -require="__file/$BINARY_PATH __file/$CONFIG_PATH __file/$systemd_unit_path" __service matterbridge --action restart diff --git a/type/__matterbridge/parameter/required b/type/__matterbridge/parameter/required deleted file mode 100644 index ed5d8b3..0000000 --- a/type/__matterbridge/parameter/required +++ /dev/null @@ -1,2 +0,0 @@ -version -config diff --git a/type/__matterbridge/singleton b/type/__matterbridge/singleton deleted file mode 100644 index e69de29..0000000 diff --git a/type/__netbox/explorer/secretkey b/type/__netbox/explorer/secretkey deleted file mode 100755 index 7cce279..0000000 --- a/type/__netbox/explorer/secretkey +++ /dev/null @@ -1,8 +0,0 @@ -#!/bin/sh -e - -# Explorer will output the key if he exists. - -secretkey="/opt/netbox/cdist/secretkey" -if [ -f "$secretkey" ]; then - cat "$secretkey" -fi diff --git a/type/__netbox/explorer/version b/type/__netbox/explorer/version deleted file mode 100755 index ee3dde8..0000000 --- a/type/__netbox/explorer/version +++ /dev/null @@ -1,5 +0,0 @@ -#!/bin/sh -e - -# output version if exist -version_path="/opt/netbox/cdist/version" -if [ -f "$version_path" ]; then cat "$version_path"; fi diff --git a/type/__netbox/files/configuration.py.sh b/type/__netbox/files/configuration.py.sh deleted file mode 100755 index 31ebd05..0000000 --- a/type/__netbox/files/configuration.py.sh +++ /dev/null @@ -1,319 +0,0 @@ -#!/bin/sh - -cat << EOF -######################### -# # -# Required settings # -# # -######################### - -# This is a list of valid fully-qualified domain names (FQDNs) for the NetBox server. NetBox will not permit write -# access to the server via any other hostnames. The first FQDN in the list will be treated as the preferred name. -# -# Example: ALLOWED_HOSTS = ['netbox.example.com', 'netbox.internal.local'] -ALLOWED_HOSTS = [$ALLOWED_HOSTS ] - -# PostgreSQL database configuration. See the Django documentation for a complete list of available parameters: -# https://docs.djangoproject.com/en/stable/ref/settings/#databases -DATABASE = { - 'NAME': '$DATABASE_NAME', # Database name - 'USER': '$DATABASE_USER', # PostgreSQL username - 'PASSWORD': '$DATABASE_PASSWORD', # PostgreSQL password - 'HOST': '$DATABASE_HOST', # Database server - 'PORT': '$DATABASE_PORT', # Database port (leave blank for default) - 'CONN_MAX_AGE': 300, # Max database connection age -} - -# Redis database settings. Redis is used for caching and for queuing background tasks such as webhook events. A separate -# configuration exists for each. Full connection details are required in both sections, and it is strongly recommended -# to use two separate database IDs. -REDIS = { - 'tasks': { - 'HOST': '$REDIS_HOST', - 'PORT': $REDIS_PORT, - # Comment out \`HOST\` and \`PORT\` lines and uncomment the following if using Redis Sentinel - # 'SENTINELS': [('mysentinel.redis.example.com', 6379)], - # 'SENTINEL_SERVICE': 'netbox', - 'PASSWORD': '$REDIS_PASSWORD', - 'DATABASE': $((REDIS_DBID_OFFSET + 0)), - 'SSL': $REDIS_SSL, - }, - 'caching': { - 'HOST': '$REDIS_HOST', - 'PORT': $REDIS_PORT, - # Comment out \`HOST\` and \`PORT\` lines and uncomment the following if using Redis Sentinel - # 'SENTINELS': [('mysentinel.redis.example.com', 6379)], - # 'SENTINEL_SERVICE': 'netbox', - 'PASSWORD': '$REDIS_PASSWORD', - 'DATABASE': $((REDIS_DBID_OFFSET + 1)), - 'SSL': $REDIS_SSL, - } -} -RQ_DEFAULT_TIMEOUT = 300 - -# This key is used for secure generation of random numbers and strings. It must never be exposed outside of this file. -# For optimal security, SECRET_KEY should be at least 50 characters in length and contain a mix of letters, numbers, and -# symbols. NetBox will not run without this defined. For more information, see -# https://docs.djangoproject.com/en/stable/ref/settings/#std:setting-SECRET_KEY -SECRET_KEY = '$SECRET_KEY' - - -######################### -# # -# Optional settings # -# # -######################### - -# Specify one or more name and email address tuples representing NetBox administrators. These people will be notified of -# application errors (assuming correct email settings are provided). -ADMINS = [ - # ['John Doe', 'jdoe@example.com'], -] - -# URL schemes that are allowed within links in NetBox -ALLOWED_URL_SCHEMES = ( - 'file', 'ftp', 'ftps', 'http', 'https', 'irc', 'mailto', 'sftp', 'ssh', 'tel', 'telnet', 'tftp', 'vnc', 'xmpp', -) - -# Optionally display a persistent banner at the top and/or bottom of every page. HTML is allowed. To display the same -# content in both banners, define BANNER_TOP and set BANNER_BOTTOM = BANNER_TOP. -BANNER_TOP = '' -BANNER_BOTTOM = '' - -# Text to include on the login page above the login form. HTML is allowed. -BANNER_LOGIN = '' - -# Base URL path if accessing NetBox within a directory. For example, if installed at http://example.com/netbox/, set: -# BASE_PATH = 'netbox/' -BASE_PATH = '$BASEPATH' - -# Cache timeout in seconds. Set to 0 to dissable caching. Defaults to 900 (15 minutes) -CACHE_TIMEOUT = 900 - -# Maximum number of days to retain logged changes. Set to 0 to retain changes indefinitely. (Default: 90) -CHANGELOG_RETENTION = 90 - -# API Cross-Origin Resource Sharing (CORS) settings. If CORS_ORIGIN_ALLOW_ALL is set to True, all origins will be -# allowed. Otherwise, define a list of allowed origins using either CORS_ORIGIN_WHITELIST or -# CORS_ORIGIN_REGEX_WHITELIST. For more information, see https://github.com/ottoyiu/django-cors-headers -CORS_ORIGIN_ALLOW_ALL = False -CORS_ORIGIN_WHITELIST = [ - # 'https://hostname.example.com', -] -CORS_ORIGIN_REGEX_WHITELIST = [ - # r'^(https?://)?(\w+\.)?example\.com$', -] - -# Set to True to enable server debugging. WARNING: Debugging introduces a substantial performance penalty and may reveal -# sensitive information about your installation. Only enable debugging while performing testing. Never enable debugging -# on a production system. -DEBUG = False - -# Email settings -EMAIL = { - 'SERVER': '$SMTP_HOST', - 'PORT': $SMTP_PORT, - 'USERNAME': '$SMTP_USER', - 'PASSWORD': '$SMTP_PASSWORD', - 'USE_SSL': $SMTP_USE_SSL, - 'USE_TLS': $SMTP_USE_TLS, - 'TIMEOUT': 10, # seconds - 'FROM_EMAIL': '$SMTP_FROM_EMAIL', -} - -# Enforcement of unique IP space can be toggled on a per-VRF basis. To enforce unique IP space within the global table -# (all prefixes and IP addresses not assigned to a VRF), set ENFORCE_GLOBAL_UNIQUE to True. -ENFORCE_GLOBAL_UNIQUE = False - -# Exempt certain models from the enforcement of view permissions. Models listed here will be viewable by all users and -# by anonymous users. List models in the form \`.\`. Add '*' to this list to exempt all models. -EXEMPT_VIEW_PERMISSIONS = [ - # 'dcim.site', - # 'dcim.region', - # 'ipam.prefix', -] - -EOF - -if [ "$HTTP_PROXY" != "" ] || [ "$HTTPS_PROXY" != "" ]; then - cat << EOF -# HTTP proxies NetBox should use when sending outbound HTTP requests (e.g. for webhooks). -HTTP_PROXIES = { -EOF - if [ "$HTTP_PROXY" != "" ]; then - cat << EOF - 'http': '$HTTP_PROXY', -EOF - fi - if [ "$HTTPS_PROXY" != "" ]; then - cat << EOF - 'https': '$HTTPS_PROXY', -EOF - fi - cat << EOF -} -EOF -fi - -cat << EOF -# IP addresses recognized as internal to the system. The debugging toolbar will be available only to clients accessing -# NetBox from an internal IP. -INTERNAL_IPS = ('127.0.0.1', '::1') - -# Enable custom logging. Please see the Django documentation for detailed guidance on configuring custom logs: -# https://docs.djangoproject.com/en/stable/topics/logging/ -LOGGING = {} - -# Setting this to True will permit only authenticated users to access any part of NetBox. By default, anonymous users -# are permitted to access most data in NetBox (excluding secrets) but not make any changes. -LOGIN_REQUIRED = $LOGIN_REQUIRED - -# The length of time (in seconds) for which a user will remain logged into the web UI before being prompted to -# re-authenticate. (Default: 1209600 [14 days]) -LOGIN_TIMEOUT = None - -# Setting this to True will display a "maintenance mode" banner at the top of every page. -MAINTENANCE_MODE = False - -# An API consumer can request an arbitrary number of objects =by appending the "limit" parameter to the URL (e.g. -# "?limit=1000"). This setting defines the maximum limit. Setting it to 0 or None will allow an API consumer to request -# all objects by specifying "?limit=0". -MAX_PAGE_SIZE = 1000 - -EOF - -if [ "$MEDIA_ROOT" != "" ]; then - cat << EOF -# The file path where uploaded media such as image attachments are stored. A trailing slash is not needed. Note that -# the default value of this setting is derived from the installed location. -MEDIA_ROOT = '$MEDIA_ROOT' - -EOF -fi - -cat << EOF -# By default uploaded media is stored on the local filesystem. Using Django-storages is also supported. Provide the -# class path of the storage driver in STORAGE_BACKEND and any configuration options in STORAGE_CONFIG. For example: -# STORAGE_BACKEND = 'storages.backends.s3boto3.S3Boto3Storage' -# STORAGE_CONFIG = { -# 'AWS_ACCESS_KEY_ID': 'Key ID', -# 'AWS_SECRET_ACCESS_KEY': 'Secret', -# 'AWS_STORAGE_BUCKET_NAME': 'netbox', -# 'AWS_S3_REGION_NAME': 'eu-west-1', -# } - -# Expose Prometheus monitoring metrics at the HTTP endpoint '/metrics' -METRICS_ENABLED = False - -# Credentials that NetBox will uses to authenticate to devices when connecting via NAPALM. -NAPALM_USERNAME = '' -NAPALM_PASSWORD = '' - -# NAPALM timeout (in seconds). (Default: 30) -NAPALM_TIMEOUT = 30 - -# NAPALM optional arguments (see http://napalm.readthedocs.io/en/latest/support/#optional-arguments). Arguments must -# be provided as a dictionary. -NAPALM_ARGS = {} - -# Determine how many objects to display per page within a list. (Default: 50) -PAGINATE_COUNT = 50 - -# Enable installed plugins. Add the name of each plugin to the list. -PLUGINS = [] - -# Plugins configuration settings. These settings are used by various plugins that the user may have installed. -# Each key in the dictionary is the name of an installed plugin and its value is a dictionary of settings. -# PLUGINS_CONFIG = { -# 'my_plugin': { -# 'foo': 'bar', -# 'buzz': 'bazz' -# } -# } - -# When determining the primary IP address for a device, IPv6 is preferred over IPv4 by default. Set this to True to -# prefer IPv4 instead. -PREFER_IPV4 = False - -# Rack elevation size defaults, in pixels. For best results, the ratio of width to height should be roughly 10:1. -RACK_ELEVATION_DEFAULT_UNIT_HEIGHT = 22 -RACK_ELEVATION_DEFAULT_UNIT_WIDTH = 220 - -EOF - -if [ "$USE_LDAP" ]; then - cat << EOF -# Remote authentication support with ldap -REMOTE_AUTH_ENABLED = True -REMOTE_AUTH_BACKEND = 'netbox.authentication.LDAPBackend' -EOF -else - cat << EOF -# Remote authentication support -REMOTE_AUTH_ENABLED = False -REMOTE_AUTH_BACKEND = 'netbox.authentication.RemoteUserBackend' -EOF -fi - -cat << EOF -REMOTE_AUTH_HEADER = 'HTTP_REMOTE_USER' -REMOTE_AUTH_AUTO_CREATE_USER = True -REMOTE_AUTH_DEFAULT_GROUPS = [] -REMOTE_AUTH_DEFAULT_PERMISSIONS = {} - -# This determines how often the GitHub API is called to check the latest release of NetBox. Must be at least 1 hour. -RELEASE_CHECK_TIMEOUT = 24 * 3600 - -# This repository is used to check whether there is a new release of NetBox available. Set to None to disable the -# version check or use the URL below to check for release in the official NetBox repository. - -EOF - -if [ "$UPDATE_CHECK" != "" ]; then - cat << EOF -RELEASE_CHECK_URL = 'https://api.github.com/repos/netbox-community/netbox/releases' - -EOF -else - cat << EOF -RELEASE_CHECK_URL = None - -EOF -fi - -if [ "$REPORTS_ROOT" != "" ]; then - cat << EOF -# The file path where custom reports will be stored. A trailing slash is not needed. Note that the default value of -# this setting is derived from the installed location. -REPORTS_ROOT = '$REPORTS_ROOT' - -EOF -fi - -if [ "$SCRIPTS_ROOT" != "" ]; then - cat << EOF -# The file path where custom scripts will be stored. A trailing slash is not needed. Note that the default value of -# this setting is derived from the installed location. -SCRIPTS_ROOT = '$SCRIPTS_ROOT' - -EOF -fi - -cat << EOF -# By default, NetBox will store session data in the database. Alternatively, a file path can be specified here to use -# local file storage instead. (This can be useful for enabling authentication on a standby instance with read-only -# database access.) Note that the user as which NetBox runs must have read and write permissions to this path. -SESSION_FILE_PATH = None - -# Time zone (default: UTC) -TIME_ZONE = 'UTC' - -# Date/time formatting. See the following link for supported formats: -# https://docs.djangoproject.com/en/stable/ref/templates/builtins/#date -DATE_FORMAT = 'N j, Y' -SHORT_DATE_FORMAT = 'Y-m-d' -TIME_FORMAT = 'g:i a' -SHORT_TIME_FORMAT = 'H:i:s' -DATETIME_FORMAT = 'N j, Y g:i a' -SHORT_DATETIME_FORMAT = 'Y-m-d H:i' -EOF diff --git a/type/__netbox/files/ldap_config.py.sh b/type/__netbox/files/ldap_config.py.sh deleted file mode 100755 index 4e6b099..0000000 --- a/type/__netbox/files/ldap_config.py.sh +++ /dev/null @@ -1,82 +0,0 @@ -#!/bin/sh - -# no configuration if there are no ldap parameters -if [ -z "$USE_LDAP" ]; then - # skip - cat << EOF -############################## -# LDAP-backed authentication # -############################## - -# no options set -EOF - exit 0 -fi - - -cat << EOF -############################## -# LDAP-backed authentication # -############################## - -import ldap -from django_auth_ldap.config import LDAPSearch, PosixGroupType - -# Server URI -AUTH_LDAP_SERVER_URI = "$LDAP_SERVER" - -# Set the DN and password for the NetBox service account. -AUTH_LDAP_BIND_DN = "$LDAP_BIND_DN" -AUTH_LDAP_BIND_PASSWORD = "$LDAP_BIND_PASSWORD" - -# Search for user entry. -AUTH_LDAP_USER_SEARCH = LDAPSearch("$LDAP_USER_BASE", - ldap.SCOPE_SUBTREE, - "(uid=%(user)s)") - -# You can map user attributes to Django attributes as so. -AUTH_LDAP_USER_ATTR_MAP = { - "first_name": "givenName", - "last_name": "sn", - "email": "mail" -} -EOF - -if [ "$LDAP_GROUP_BASE" != "" ]; then - cat << EOF - -# This search ought to return all groups to which the user belongs. django_auth_ldap uses this to determine group -# hierarchy. -AUTH_LDAP_GROUP_SEARCH = LDAPSearch("$LDAP_GROUP_BASE", ldap.SCOPE_SUBTREE, - "(objectClass=posixGroup)") -AUTH_LDAP_GROUP_TYPE = PosixGroupType() - -# Mirror LDAP group assignments. -AUTH_LDAP_MIRROR_GROUPS = True -# For more granular permissions, map LDAP groups to Django groups. -AUTH_LDAP_FIND_GROUP_PERMS = True -EOF - - if [ "$LDAP_REQUIRE_GROUP" != "" ]; then - cat << EOF - -# Define a group required to login. -AUTH_LDAP_REQUIRE_GROUP = "$LDAP_REQUIRE_GROUP" -EOF - fi - - cat << EOF - -# Define special user types using groups. Exercise great caution when assigning superuser status. -AUTH_LDAP_USER_FLAGS_BY_GROUP = { -EOF - # superuser - if [ "$LDAP_SUPERUSER_GROUP" != "" ]; then - echo " \"is_superuser\": \"$LDAP_SUPERUSER_GROUP\"," - fi - # staff user - if [ "$LDAP_STAFF_GROUP" != "" ]; then - echo " \"is_staff\": \"$LDAP_STAFF_GROUP\"," - fi - echo "}" -fi diff --git a/type/__netbox/files/netbox-rq.service b/type/__netbox/files/netbox-rq.service deleted file mode 100644 index 330e675..0000000 --- a/type/__netbox/files/netbox-rq.service +++ /dev/null @@ -1,24 +0,0 @@ -[Unit] -Description=NetBox Request Queue Worker -Documentation=https://netbox.readthedocs.io/en/stable/ -PartOf=netbox.service -Wants=network.target -After=netbox.service -After=network.target -After=redis-server.service postgresql.service - -[Service] -Type=simple - -User=netbox -Group=netbox -WorkingDirectory=/opt/netbox - -ExecStart=/opt/netbox/venv/bin/python3 /opt/netbox/netbox/manage.py rqworker - -Restart=on-failure -RestartSec=30 -PrivateTmp=true - -[Install] -WantedBy=multi-user.target diff --git a/type/__netbox/files/netbox.service b/type/__netbox/files/netbox.service deleted file mode 100644 index 68010e9..0000000 --- a/type/__netbox/files/netbox.service +++ /dev/null @@ -1,13 +0,0 @@ -[Unit] -Description=NetBox Service Wrapper -Documentation=https://netbox.readthedocs.io/en/stable/ -Wants=network.target -After=network.target - -[Service] -Type=oneshot -RemainAfterExit=yes -ExecStart=/bin/true - -[Install] -WantedBy=multi-user.target diff --git a/type/__netbox/files/netbox.socket.sh b/type/__netbox/files/netbox.socket.sh deleted file mode 100755 index 2ef9e81..0000000 --- a/type/__netbox/files/netbox.socket.sh +++ /dev/null @@ -1,33 +0,0 @@ -#!/bin/sh -e -# __netbox/files/netbox.socket.sh - -# This is shared between all WSGI-server types. - -# Arguments: -# 1: File which list all sockets to listen on (sepearated by \n) - -if [ $# -ne 1 ]; then - printf "netbox.socket.sh: argument \$1 missing or too much given!\n" >&2 - exit 1 -fi - - -cat << UNIT -[Unit] -Description=Socket for NetBox via $TYPE - -[Socket] -UNIT - -# read all sockets to listen to -while read -r line; do - printf "ListenStream=%s\n" "$line" -done < "$1" - -cat << UNIT -SocketUser=netbox -SocketGroup=www-data - -[Install] -WantedBy=sockets.target -UNIT diff --git a/type/__netbox/gencode-remote b/type/__netbox/gencode-remote deleted file mode 100755 index 5d4b7be..0000000 --- a/type/__netbox/gencode-remote +++ /dev/null @@ -1,120 +0,0 @@ -#!/bin/sh -e - -old_version="$(cat "$__object/explorer/version")" -VERSION=$(cat "$__object/parameter/version") - -src="netbox-$VERSION" -archive="v$VERSION.tar.gz" -url="https://github.com/netbox-community/netbox/archive/$archive" -install_dir=/opt/netbox/netbox - -if [ "$VERSION" != "$old_version" ]; then - cat << EOF -# Ensure that coreutils is installed. -if [ ! -x \$(which mktemp) ]; then - echo "mktemp is not available on the remote host." >&2 - exit 1 -fi - -# Create temporary working directory. -tmpdir=\$(mktemp -d) -cd "\$tmpdir" - -# Download and extract sources. -curl -sS -L '$url' > '$archive' -tar xf '$archive' - - -# virtualenv is given already by __pyvenv, just using it - -# backup requirement files -if [ -f /opt/netbox/requirements.txt ]; then - mv /opt/netbox/requirements.txt /opt/netbox/old-requirements.txt -else - # preseve file-not-found errors and warnings - touch /opt/netbox/old-requirements.txt -fi -cp '$src/requirements.txt' /opt/netbox/ - -# Uninstall packages not required anymore -# if versions not be shortend, they will be ignored by pip, but not by comm -# all of this could be done with grep, too, but it's still must be shortend with awk -awk -F== '{print \$1}' '/opt/netbox/requirements.txt' | sort > "\$tmpdir/curr-reqs.txt" -awk -F== '{print \$1}' '/opt/netbox/old-requirements.txt' | sort > "\$tmpdir/old-reqs.txt" -comm -23 "\$tmpdir/old-reqs.txt" "\$tmpdir/curr-reqs.txt" > "\$tmpdir/pip-uninstall.txt" - -# only uninstall if something is available (to avoid errors cause of this) -if [ -s "\$tmpdir/pip-uninstall.txt" ]; then - /opt/netbox/venv/bin/pip3 uninstall -qy -r "\$tmpdir/pip-uninstall.txt" -fi - -# Install python dependencies. -# avoid gunicorn, because it will be done in an other type -grep -v "^gunicorn==" "\$tmpdir/$src/requirements.txt" \ - | xargs /opt/netbox/venv/bin/pip3 install -q -EOF - - if [ -f "$__object/parameter/ldap-server" ]; then - echo "/opt/netbox/venv/bin/pip3 install -q django-auth-ldap" - else - echo "/opt/netbox/venv/bin/pip3 uninstall -qy django-auth-ldap" - fi - - cat << EOF - -# Deploy sources and restore configuration. -rm -rf '$install_dir' -cp -r '$src/netbox' '$install_dir' -# force links to the cdist directory -ln -fs /opt/netbox/cdist/configuration.py '$install_dir/netbox/configuration.py' -ln -fs /opt/netbox/cdist/ldap_config.py '$install_dir/netbox/ldap_config.py' - -# Set final permissions. -chown -R netbox /opt/netbox - - -# NetBox manage scripts -# Run database migrations. -sudo -u netbox /opt/netbox/venv/bin/python3 /opt/netbox/netbox/manage.py migrate -# Generate static assets. -sudo -u netbox /opt/netbox/venv/bin/python3 /opt/netbox/netbox/manage.py collectstatic --no-input -# Delete any stale content types -sudo -u netbox /opt/netbox/venv/bin/python3 /opt/netbox/netbox/manage.py remove_stale_contenttypes --no-input -# Delete any expired user sessions -sudo -u netbox /opt/netbox/venv/bin/python3 /opt/netbox/netbox/manage.py clearsessions -# Clear all cached data -sudo -u netbox /opt/netbox/venv/bin/python3 /opt/netbox/netbox/manage.py invalidate all - -# Remove temporary working directory. -cd / -rm -rf "\$tmpdir" - -# Save version after successful installation -printf "%s\\n" "$VERSION" > /opt/netbox/cdist/version - -EOF - - # meta - printf "installed %s\n" "$VERSION" >> "$__messages_out" - changes=yes -fi - -# check if configuration changed -if grep -q "^__file/opt/netbox/" "$__messages_in"; then - # meta - printf "configured\n" >> "$__messages_out" - changes=yes -fi - - -# Check for changes -if [ "$changes" = "yes" ]; then - # After the upstream upgrade.sh script, it's ok to migrate while the - # application is running ;) - - # restarting after changes - cat << EOF -# Restart service. All required services are included with netbox.service. -systemctl restart netbox -EOF -fi diff --git a/type/__netbox/man.rst b/type/__netbox/man.rst deleted file mode 100644 index 5f78f1d..0000000 --- a/type/__netbox/man.rst +++ /dev/null @@ -1,274 +0,0 @@ -cdist-type__netbox(7) -===================== - -NAME ----- -cdist-type__netbox - Install and configure NetBox - - -DESCRIPTION ------------ -This (singleton) type installs and configures a NetBox instance, a web -application to help manage and document computer networks. - -It installs it with the user ``netbox`` at ``/opt/netbox`` with `python-venv`. -It setup systemd unit files for the services `netbox` and `netbox-rq`. The -`netbox` service only wrap all netbox related services, e.g. restarting and -so one will be delegated to all related services. - -The application is still not accessable because a WSGI server is required. To -access the application through WSGI, uWSGI or Gunicorn can be used. The setup -can be done via there own types `__netbox_gunicorn` and `__netbox_uwsgi`. - -The Gunicorn setup is recommended from the NetBox documentation. Consult each -manual page to decide. The types must be called after the `__netbox` type. - - -REQUIRED PARAMETERS -------------------- -version - NetBox version to be installed. You can find the correct and newest version - on GitHub at the NetBox project page under - "`Releases `_". - -database - PostgreSQL database name. - -database-user - PostgreSQL database user. - -database-password - PostgreSQL database password. - -host - Hostname (domain or IP address) on which the application is served. - Multiple hostnames are possible; given as multiple arguments. - - -OPTIONAL PARAMETERS -------------------- -secret-key - Random secret key of at least 50 alphanumeric characters and symbols. This - key must be unique to this installation and must not be shared outside the - local system. If no secret key is given, the type generates an own 50 chars - long key and saves it on the remote host to remember it for the next run. - - The secret, random string is used to assist in the creation new - cryptographic hashes for passwords and HTTP cookies. It is not directly - used for hasing user passwords or for encrpted storage. It can be changed - at any time, but will invalidate all existing sessions. - -database-host - PostgreSQL database hostname. Defaults to ``localhost``. - -database-port - PostgreSQL database port. Defaults to empty (uses the default port). - -ldap-server - LDAP server URI. Enables LDAP-backed authentication if specified. - -ldap-bind-dn - DN for the NetBox service account. Required for LDAP authentication. - -ldap-bind-password - Password for the NetBox service account. Required for LDAP authentication. - -ldap-user-base - Base used for searching user entries. Required for LDAP authentication. - -ldap-group-base - Base used for searching group entries. - -ldap-require-group - Group required to login. - -ldap-staff-group - Make members of this group to "staff". This gives the users "Admin Access", - which means access to the "NetBox Administration" site. - -ldap-superuser-group - Make members of this groups superusers. - -redis-host - Redis database hostname. Defaults to ``localhost``. - -redis-port - Redis database port. Defaults to ``6379``. - -redis-password - Redis password. Defaults to empty password. - -redis-dbid-offset - Offset to set the redis database id's. The `tasks` database id is - `offset + 0` and `caching` is `offset + 1`. The offset defaults to ``0``. - -smtp-host - Host of the SMTP email server. Defaults to ``localhost``. - -smtp-port - Port of the SMTP email server. Defaults to ``25``. - -smtp-user - Username to access the SMTP email server. Defaults to empty. - -smtp-password - Password to access the SMTP email server. Defaults to empty. - -smtp-from-email - Email from which NetBox will be sent of. Defaults to empty. - -basepath - Base URL path if accessing netbox within a directory instead of directly the - webroot ``/``. For example, if installed at https://example.com/netbox/, set - the value ``netbox/``. - -https-proxy - Proxy which will be used with any HTTP request like webhooks. - -data-root - This parameter set's the media, reports and scripts root to subdirectories - of the given directory. Values can be overwritten by special parameters like - `--media-root` for example. Use this option if you want to store persistant - data of netbox on an other partition. A trailing slash is not needed. - - The data directories have following predefined sub-directory names: - - media root: - ``$data_root/media`` - reports root: - ``$data_root/reports`` - scripts root: - ``$data_root/scripts`` - - To preserve all data from installation upgrades - which just replace the - installation directory - the data will be kept in the netbox home directory - rather than the installation directory by default (``/opt/netbox/data/``). - This way, no data will be deleted after the installation directory - replacement because it remains outside of the installation directory. - -media-root - The file path to where media files (like image attachments) are stored. - Change this path if you require to store data on an other partiotion. - A trailing slash is not needed. Defaults to ``$data_root/media``. - -reports-root - The file path of where custom reports are kept. Change this path if you - require to store data on an other partition. A trailing slash is not - needed. Defaults to ``$data_root/reports``. - -scripts-root - The file path of where custom scripts are kept. Change this path if you - require to store data on an other partition. A trailing slash is not - needed. Defaults to ``$data_root/scripts``. - - -BOOLEAN PARAMETERS ------------------- -redis-ssl - Enables a secure TLS/SSL connection to the redis database. By default, ssl - is disabled. - -smtp-use-tls - Uses TLS to connect to the SMTP email server. `See documentation - `__ - for more information. - -smtp-use-ssl - Uses implicit TLS with the SMTP email server. `See documentation - `__ - for more information. - -login-required - Sets if a login is required to access all sites. By default, anonymous - users can see most data (excluding secrets) but not make any changes. - -update-notify - Enables the NetBox version check for new upstream updates. It checks every - 24 hours for new releases and notify the admin users in the gui if any. - - -MESSAGES --------- -installed $VERSION - Netbox was fresh installed or updated. The new version number is appended. - -configured - Some configuration files got updated and therefore the service was - restarted. This message will not be echoed if configuration got updated due - a standard installation. - - -EXAMPLES --------- - -.. code-block:: sh - - __netbox --version 2.8.7 --database netbox \ - --database-password "secretsecretsecret" \ - --secret-key "secretsecretsecret" \ - --host "${__target_host:?}" \ - --host "cool-netbox.xyz" \ - --ldap-server "ldaps://ldap.domain.tld" \ - --ldap-bind-dn "uid=netbox,ou=services,dc=domain,dc=tld" \ - --ldap-bind-password "secretsecretsecret" \ - --ldap-user-base "ou=users,dc=domain,dc=tld" \ - --ldap-group-base "ou=groups,dc=domain,dc=tld" \ - --ldap-require-group "cn=netbox-login,ou=groups,dc=domain,dc=tld" \ - --ldap-superuser-group "cn=netbox-admin,ou=groups,dc=domain,dc=tld" - # using recommended gunicorn setup - require="__netbox" __netbox_gunicorn - - -NOTES ------ -The configuration of NetBox contains more optional settings than that what can -be set with this type. If you think an important setting is missing or there -is a more good way to inject python code for dynamic configuration variables, -you are welcome to contribute! - -- `Possible optional settings - `_ - -If you not setup ldap authentification, you may be interested into how to -`setting up a super user -`_ -directly on the machine to be able to access and use NetBox. - -You may also be interested of writing a own type which handles the creation of -the super user. To do this non-interactivly, see the ansible role as `reference -`_. - -If you change the secret key while the netbox instance is running, there is a -time frame where the access to the application corrupts the whole database. -Then, you need to restore a backup or wipe the database. - -Currently, the cause is not clear, but it should work if you do not touch -netbox while the configuration is done (do not shut it down, too). It only -applies for changes of the secret key, which not happen normally. - -Maybe the `--restart` flag for the `__systemd_unit` types is not the best idea, -but avoids that the changes will not be applied. It could be solved if the type -would send messages from his actions. - - -SEE ALSO --------- -`NetBox documentation `_ - -:strong:`cdist-type__netbox_gunicorn`\ (7) -:strong:`cdist-type__netbox_uwsgi`\ (7) - - -AUTHORS -------- -Timothée Floure -Matthias Stecher - - -COPYING -------- -Copyright \(C) 2020 Timothée Floure. -Copyright \(C) 2020 Matthias Stecher. -You can redistribute it and/or modify it under the terms of the GNU -General Public License as published by the Free Software Foundation, -either version 3 of the License, or (at your option) any later version. diff --git a/type/__netbox/manifest b/type/__netbox/manifest deleted file mode 100755 index 4be49bd..0000000 --- a/type/__netbox/manifest +++ /dev/null @@ -1,226 +0,0 @@ -#!/bin/sh -e - -os=$(cat "$__global/explorer/os") - -case "$os" in - debian|ubuntu) - # Install netbox dependencies. - for pkg in python3-pip python3-venv python3-dev build-essential libxml2-dev \ - libxslt1-dev libffi-dev libpq-dev libssl-dev zlib1g-dev curl sudo; do - __package $pkg - done - - if [ -f "$__object/parameter/ldap-server" ]; then - for pkg in libldap2-dev libsasl2-dev libssl-dev; do - __package $pkg - done - fi - ;; - *) - printf "Your operating system (%s) is currently not supported by this type (%s)\n" "$os" "${__type##*/}" >&2 - printf "Please contribute an implementation for it if you can.\n" >&2 - exit 1 - ;; -esac - - -DATABASE_NAME=$(cat "$__object/parameter/database") -export DATABASE_NAME -DATABASE_USER="$(cat "$__object/parameter/database-user")" -export DATABASE_USER -DATABASE_PASSWORD=$(cat "$__object/parameter/database-password") -export DATABASE_PASSWORD -DATABASE_HOST="$(cat "$__object/parameter/database-host")" -export DATABASE_HOST -DATABASE_PORT="$(cat "$__object/parameter/database-port")" -export DATABASE_PORT - -# list of hosts -ALLOWED_HOSTS="" -while read -r hostname; do - # shellcheck disable=SC2089 - ALLOWED_HOSTS="$ALLOWED_HOSTS '$hostname'," -done < "$__object/parameter/host" -# shellcheck disable=SC2090 -export ALLOWED_HOSTS - -if [ -f "$__object/parameter/secret-key" ]; then - SECRET_KEY=$(cat "$__object/parameter/secret-key") -elif [ -s "$__object/explorer/secretkey" ]; then - # take the key that is already used - SECRET_KEY="$(cat "$__object/explorer/secretkey")" -else - # Can be done over netbox/generate_secret_key.py too, but it can't be - # generated right now where it's required (only if it's preloaded for - # this type to execute it now). - # Generates a 50-character long key with the same character set like - # the helper script. Must escape the '-' to be no character range. - SECRET_KEY="$(tr -cd '!@#$%^&*(\-_=+)[:alnum:]' < /dev/urandom | head -c50)" -fi -export SECRET_KEY - -if [ -f "$__object/parameter/ldap-server" ]; then - LDAP_SERVER=$(cat "$__object/parameter/ldap-server") - USE_LDAP=yes - export LDAP_SERVER -fi -if [ -f "$__object/parameter/ldap-bind-dn" ]; then - LDAP_BIND_DN=$(cat "$__object/parameter/ldap-bind-dn") - USE_LDAP=yes - export LDAP_BIND_DN -fi -if [ -f "$__object/parameter/ldap-bind-password" ]; then - LDAP_BIND_PASSWORD=$(cat "$__object/parameter/ldap-bind-password") - USE_LDAP=yes - export LDAP_BIND_PASSWORD -fi -if [ -f "$__object/parameter/ldap-user-base" ]; then - LDAP_USER_BASE=$(cat "$__object/parameter/ldap-user-base") - USE_LDAP=yes - export LDAP_USER_BASE -fi -if [ -f "$__object/parameter/ldap-group-base" ]; then - LDAP_GROUP_BASE=$(cat "$__object/parameter/ldap-group-base") - export LDAP_GROUP_BASE -fi -if [ -f "$__object/parameter/ldap-require-group" ]; then - LDAP_REQUIRE_GROUP=$(cat "$__object/parameter/ldap-require-group") - export LDAP_REQUIRE_GROUP -fi -if [ -f "$__object/parameter/ldap-superuser-group" ]; then - LDAP_SUPERUSER_GROUP=$(cat "$__object/parameter/ldap-superuser-group") - export LDAP_SUPERUSER_GROUP -fi -if [ -f "$__object/parameter/ldap-staff-group" ]; then - LDAP_STAFF_GROUP="$(cat "$__object/parameter/ldap-staff-group")" - export LDAP_STAFF_GROUP -fi -# export if base ldap parameters are used -export USE_LDAP - -# have default values -REDIS_HOST="$(cat "$__object/parameter/redis-host")" -export REDIS_HOST -REDIS_PORT="$(cat "$__object/parameter/redis-port")" -export REDIS_PORT -REDIS_PASSWORD="$(cat "$__object/parameter/redis-password")" -export REDIS_PASSWORD -REDIS_DBID_OFFSET="$(cat "$__object/parameter/redis-dbid-offset")" -export REDIS_DBID_OFFSET -if [ -f "$__object/parameter/redis-ssl" ]; then - REDIS_SSL="True" -else - REDIS_SSL="False" -fi -export REDIS_SSL - -SMTP_HOST="$(cat "$__object/parameter/smtp-host")" -export SMTP_HOST -SMTP_PORT="$(cat "$__object/parameter/smtp-port")" -export SMTP_PORT -SMTP_USER="$(cat "$__object/parameter/smtp-user")" -export SMTP_USER -SMTP_PASSWORD="$(cat "$__object/parameter/smtp-password")" -export SMTP_PASSWORD -SMTP_FROM_EMAIL="$(cat "$__object/parameter/smtp-from-email")" -export SMTP_FROM_EMAIL - -if [ -f "$__object/parameter/smtp-use-ssl" ]; then - SMTP_USE_SSL="True" -else - SMTP_USE_SSL="False" -fi -export SMTP_USE_SSL -if [ -f "$__object/parameter/smtp-use-tls" ]; then - if [ "$SMTP_USE_SSL" = "True" ]; then - echo "options --smtp-use-ssl and --smtp-use-tls are not compatible" >&2 - exit 2 - fi - SMTP_USE_TLS="True" -else - SMTP_USE_TLS="False" -fi -export SMTP_USE_TLS - -BASEPATH="$(cat "$__object/parameter/basepath")" -export BASEPATH - -if [ -f "$__object/parameter/http-proxy" ]; then - HTTP_PROXY=$(cat "$__object/parameter/http-proxy") - export HTTP_PROXY -fi -if [ -f "$__object/parameter/https-proxy" ]; then - HTTPS_PROXY=$(cat "$__object/parameter/https-proxy") - export HTTPS_PROXY -fi - -if [ -f "$__object/parameter/login-required" ]; then - LOGIN_REQUIRED="True" -else - LOGIN_REQUIRED="False" -fi -export LOGIN_REQUIRED - -data_root="$(cat "$__object/parameter/data-root")" -MEDIA_ROOT="$data_root/media" -REPORTS_ROOT="$data_root/reports" -SCRIPTS_ROOT="$data_root/scripts" - -if [ -f "$__object/parameter/media-root" ]; then - MEDIA_ROOT="$(cat "$__object/parameter/media-root")" -fi -export MEDIA_ROOT -if [ -f "$__object/parameter/reports-root" ]; then - REPORTS_ROOT="$(cat "$__object/parameter/reports-root")" -fi -export REPORTS_ROOT -if [ -f "$__object/parameter/scripts-root" ]; then - SCRIPTS_ROOT="$(cat "$__object/parameter/scripts-root")" -fi -export SCRIPTS_ROOT - -if [ -f "$__object/parameter/update-notify" ]; then - UPDATE_CHECK="yes" - export UPDATE_CHECK -fi - - -# Create system user used to run netbox. -__user netbox --system --home /opt/netbox --create-home -# Generate python environment (user will be set by gencode-remote) -require="__user/netbox" __pyvenv /opt/netbox/venv/ - -# Generate and upload netbox configuration. -mkdir -p "$__object/files" -"$__type/files/configuration.py.sh" > "$__object/files/configuration.py" -"$__type/files/ldap_config.py.sh" > "$__object/files/ldap_config.py" - -require="__user/netbox" __directory /opt/netbox/cdist -require="__directory/opt/netbox/cdist" __file \ - /opt/netbox/cdist/configuration.py --mode 640 --owner netbox \ - --source "$__object/files/configuration.py" - -if [ -f "$__object/parameter/ldap-server" ]; then - require="__directory/opt/netbox/cdist" __file \ - /opt/netbox/cdist/ldap_config.py --mode 640 --owner netbox \ - --source "$__object/files/ldap_config.py" -else - require="__directory/opt/netbox/cdist" __file \ - /opt/netbox/cdist/ldap_config.py --state absent -fi - -# save secret -require="__directory/opt/netbox/cdist" __file /opt/netbox/cdist/secretkey \ - --mode 400 --owner netbox --source - << SECRET -$SECRET_KEY -SECRET - - -# Upload systemd unit for worker and wsgi service -# does not restart netbox on change cause it only restart all other services -__systemd_unit netbox.service \ - --source "$__type/files/netbox.service" \ - --enablement-state enabled -__systemd_unit netbox-rq.service \ - --source "$__type/files/netbox-rq.service" \ - --enablement-state enabled --restart diff --git a/type/__netbox/parameter/boolean b/type/__netbox/parameter/boolean deleted file mode 100644 index d568037..0000000 --- a/type/__netbox/parameter/boolean +++ /dev/null @@ -1,5 +0,0 @@ -redis-ssl -smtp-use-ssl -smtp-use-tls -login-required -update-notify diff --git a/type/__netbox/parameter/default/basepath b/type/__netbox/parameter/default/basepath deleted file mode 100644 index 8b13789..0000000 --- a/type/__netbox/parameter/default/basepath +++ /dev/null @@ -1 +0,0 @@ - diff --git a/type/__netbox/parameter/default/data-root b/type/__netbox/parameter/default/data-root deleted file mode 100644 index 45faab0..0000000 --- a/type/__netbox/parameter/default/data-root +++ /dev/null @@ -1 +0,0 @@ -/opt/netbox/data diff --git a/type/__netbox/parameter/default/database-host b/type/__netbox/parameter/default/database-host deleted file mode 100644 index 2fbb50c..0000000 --- a/type/__netbox/parameter/default/database-host +++ /dev/null @@ -1 +0,0 @@ -localhost diff --git a/type/__netbox/parameter/default/database-port b/type/__netbox/parameter/default/database-port deleted file mode 100644 index 8b13789..0000000 --- a/type/__netbox/parameter/default/database-port +++ /dev/null @@ -1 +0,0 @@ - diff --git a/type/__netbox/parameter/default/redis-dbid-offset b/type/__netbox/parameter/default/redis-dbid-offset deleted file mode 100644 index 573541a..0000000 --- a/type/__netbox/parameter/default/redis-dbid-offset +++ /dev/null @@ -1 +0,0 @@ -0 diff --git a/type/__netbox/parameter/default/redis-host b/type/__netbox/parameter/default/redis-host deleted file mode 100644 index 2fbb50c..0000000 --- a/type/__netbox/parameter/default/redis-host +++ /dev/null @@ -1 +0,0 @@ -localhost diff --git a/type/__netbox/parameter/default/redis-password b/type/__netbox/parameter/default/redis-password deleted file mode 100644 index 8b13789..0000000 --- a/type/__netbox/parameter/default/redis-password +++ /dev/null @@ -1 +0,0 @@ - diff --git a/type/__netbox/parameter/default/redis-port b/type/__netbox/parameter/default/redis-port deleted file mode 100644 index a8c4b8e..0000000 --- a/type/__netbox/parameter/default/redis-port +++ /dev/null @@ -1 +0,0 @@ -6379 diff --git a/type/__netbox/parameter/default/smtp-from-email b/type/__netbox/parameter/default/smtp-from-email deleted file mode 100644 index 8b13789..0000000 --- a/type/__netbox/parameter/default/smtp-from-email +++ /dev/null @@ -1 +0,0 @@ - diff --git a/type/__netbox/parameter/default/smtp-host b/type/__netbox/parameter/default/smtp-host deleted file mode 100644 index 2fbb50c..0000000 --- a/type/__netbox/parameter/default/smtp-host +++ /dev/null @@ -1 +0,0 @@ -localhost diff --git a/type/__netbox/parameter/default/smtp-password b/type/__netbox/parameter/default/smtp-password deleted file mode 100644 index 8b13789..0000000 --- a/type/__netbox/parameter/default/smtp-password +++ /dev/null @@ -1 +0,0 @@ - diff --git a/type/__netbox/parameter/default/smtp-port b/type/__netbox/parameter/default/smtp-port deleted file mode 100644 index 7273c0f..0000000 --- a/type/__netbox/parameter/default/smtp-port +++ /dev/null @@ -1 +0,0 @@ -25 diff --git a/type/__netbox/parameter/default/smtp-user b/type/__netbox/parameter/default/smtp-user deleted file mode 100644 index 8b13789..0000000 --- a/type/__netbox/parameter/default/smtp-user +++ /dev/null @@ -1 +0,0 @@ - diff --git a/type/__netbox/parameter/optional b/type/__netbox/parameter/optional deleted file mode 100644 index 9495f7a..0000000 --- a/type/__netbox/parameter/optional +++ /dev/null @@ -1,27 +0,0 @@ -secret-key -database-host -database-port -ldap-server -ldap-bind-dn -ldap-bind-password -ldap-user-base -ldap-group-base -ldap-require-group -ldap-staff-group -ldap-superuser-group -redis-host -redis-port -redis-password -redis-dbid-offset -smtp-host -smtp-port -smtp-user -smtp-password -smtp-from-email -basepath -http-proxy -https-proxy -data-root -media-root -reports-root -scripts-root diff --git a/type/__netbox/parameter/required b/type/__netbox/parameter/required deleted file mode 100644 index 02fca9f..0000000 --- a/type/__netbox/parameter/required +++ /dev/null @@ -1,4 +0,0 @@ -version -database -database-user -database-password diff --git a/type/__netbox/parameter/required_multiple b/type/__netbox/parameter/required_multiple deleted file mode 100644 index c70dc2d..0000000 --- a/type/__netbox/parameter/required_multiple +++ /dev/null @@ -1 +0,0 @@ -host diff --git a/type/__netbox/singleton b/type/__netbox/singleton deleted file mode 100644 index e69de29..0000000 diff --git a/type/__netbox_gunicorn/explorer/installed b/type/__netbox_gunicorn/explorer/installed deleted file mode 100755 index c6f5d87..0000000 --- a/type/__netbox_gunicorn/explorer/installed +++ /dev/null @@ -1,4 +0,0 @@ -#!/bin/sh -e - -# print version if available -/opt/netbox/venv/bin/pip3 show gunicorn | awk '/Version:/{print $2}' diff --git a/type/__netbox_gunicorn/explorer/should_installed b/type/__netbox_gunicorn/explorer/should_installed deleted file mode 100755 index 073be92..0000000 --- a/type/__netbox_gunicorn/explorer/should_installed +++ /dev/null @@ -1,3 +0,0 @@ -#!/bin/sh -e - -awk -v FS="==" '$1 ~ /gunicorn/{print $2}' /opt/netbox/requirements.txt diff --git a/type/__netbox_gunicorn/files/gunicorn.py.sh b/type/__netbox_gunicorn/files/gunicorn.py.sh deleted file mode 100755 index c1e6ee5..0000000 --- a/type/__netbox_gunicorn/files/gunicorn.py.sh +++ /dev/null @@ -1,31 +0,0 @@ -#!/bin/sh -e - -# Generates gunicorn config -# see https://docs.gunicorn.org/en/stable/settings.html - -# fix missing $__explorer -# see https://code.ungleich.ch/ungleich-public/cdist/-/issues/834 -__explorer="$__global/explorer" - -# size workes by cpu -cores="$(cat "$__explorer/cpu_cores")" - - -cat << EOF -# The IP address (typically localhost) and port that the Netbox WSGI process should listen on -#bind = done via systemd socket 'gunicorn-netbox.socket' - -# Number of gunicorn workers to spawn. This should typically be 2n+1, where -# n is the number of CPU cores present. -workers = $(( 2*cores + 1 )) - -# Number of threads per worker process -threads = 3 - -# Timeout (in seconds) for a request to complete -timeout = 120 - -# The maximum number of requests a worker can handle before being respawned -max_requests = 5000 -max_requests_jitter = 500 -EOF diff --git a/type/__netbox_gunicorn/files/netbox.service b/type/__netbox_gunicorn/files/netbox.service deleted file mode 100644 index 28b6b45..0000000 --- a/type/__netbox_gunicorn/files/netbox.service +++ /dev/null @@ -1,29 +0,0 @@ -[Unit] -Description=NetBox Gunicorn WSGI Service -Documentation=https://netbox.readthedocs.io/en/stable/ -PartOf=netbox.service -Requires=netbox-rq.service -Requires=gunicorn-netbox.socket -Wants=network.target -After=netbox.service -After=network.target -After=redis-server.service postgresql.service - -[Service] -Type=notify - -User=netbox -Group=netbox -WorkingDirectory=/opt/netbox - -ExecStart=/opt/netbox/venv/bin/gunicorn --pythonpath /opt/netbox/netbox --config /opt/netbox/gunicorn.py netbox.wsgi -# signals: https://docs.gunicorn.org/en/stable/signals.html -ExecReload=kill -HUP $MAINPID -ExecStop=kill -TERM $MAINPID -KillSignal=SIGQUIT - -Restart=on-failure -RestartSec=30 - -[Install] -WantedBy=netbox.service diff --git a/type/__netbox_gunicorn/files/netbox.socket.sh b/type/__netbox_gunicorn/files/netbox.socket.sh deleted file mode 120000 index 28ce920..0000000 --- a/type/__netbox_gunicorn/files/netbox.socket.sh +++ /dev/null @@ -1 +0,0 @@ -../../__netbox/files/netbox.socket.sh \ No newline at end of file diff --git a/type/__netbox_gunicorn/gencode-remote b/type/__netbox_gunicorn/gencode-remote deleted file mode 100755 index 4fae788..0000000 --- a/type/__netbox_gunicorn/gencode-remote +++ /dev/null @@ -1,50 +0,0 @@ -#!/bin/sh -e - -# control state -state="$(cat "$__object/parameter/state")" - -case "$state" in - # install gunicorn - enabled|disabled) - curr_installed="$(cat "$__object/explorer/installed")" - should_installed="$(cat "$__object/explorer/should_installed")" - - # gunicorn version change - if [ "$curr_installed" != "$should_installed" ]; then - # (re)installing gunicorn - echo "/opt/netbox/venv/bin/pip3 install 'gunicorn==$should_installed'" - - if [ "$curr_installed" != "" ]; then - printf "updated %s to %s\n" "$curr_installed" "$should_installed" \ - >> "$__messages_out" - else - printf "installed\n" >> "$__messages_out" - fi - do_restart=yes - fi - - # configuration changes - if grep -q "^__file/opt/netbox/gunicorn.py:" "$__messages_in"; then - do_restart=yes - printf "configured\n" >> "$__messages_out" - fi - - - # restart gunicorn - if [ "$do_restart" ] && [ "$state" != "disabled" ]; then - cat << EOF -# Restart service -systemctl restart gunicorn-netbox -EOF - fi - ;; - - # uninstall - absent) - # check if installed - if [ -s "$__object/explorer/installed" ]; then - # service already disabled - echo "/opt/netbox/venv/bin/pip3 uninstall -y gunicorn" - printf "uninstalled\n" >> "$__messages_out" - fi -esac diff --git a/type/__netbox_gunicorn/man.rst b/type/__netbox_gunicorn/man.rst deleted file mode 100644 index 8860294..0000000 --- a/type/__netbox_gunicorn/man.rst +++ /dev/null @@ -1,117 +0,0 @@ -cdist-type__netbox_gunicorn(7) -============================== - -NAME ----- -cdist-type__netbox_gunicorn - Run NetBox with Gunicorn - - -DESCRIPTION ------------ -This (singleton) type installs Gunicorn into the NetBox `python-venv` to host -the NetBox WSGI application. It provides the application as HTTP over the given -sockets. Static content must be served independent of Gunicorn. The Gunicorn -daemon is available as the `gunicorn-netbox` systemd service, but also -available via the `netbox` wrapper service. - -It will use systemd socket activation to listen to the given sockets. This -should allow to bind to privileaged ports (all below 1024) and hot reloads. - - -REQUIRED PARAMETERS -------------------- -None. - - -OPTIONAL PARAMETERS -------------------- -state - Represents the state of the Gunciron application. Defaults to ``enabled``. - - enabled - The Gunicorn service is enabled and running. - disabled - The Gunicorn service is installed, but disabled. - absent - The uWSGI service is not installed and all configuration removed. - - This type does not guarantee anything about the running state of the - service. To be sure about the service is stopped or not, use the type - :strong:`cdist-type__systemd_service`\ (7) after this execution. - -bind-to - The hosts the gunicorn socket should be bind to. Formats are `IP`, - `IP:PORT`, `PATH` or anything other that systemd socket units will - understand as stream. Parameter can be set multiple times. Defaults - to ``127.0.0.1:8001``. - - -BOOLEAN PARAMETERS ------------------- -None. - - -MESSAGES --------- -installed - The software was installed. - -upgraded $old to $new - The version of the gunicorn software was updated from `$old` to `$new`. - -configured - Configuration for gunicorn changed. - -uninstalled - The Gunicorn application was removed. - -In all cases where the application is still present, it restarts the service to -use the up-to-date version. - - -EXAMPLES --------- - -.. code-block:: sh - - # simple - __netbox $args - require="__netbox" __netbox_gunicorn - - # with arguments - __netbox $args - require="__netbox" __netbox_gunicorn \ - --bind-to 0.0.0.0:8001 \ - --bind-to 1.2.3.4:5678 - - # replace uwsgi with gunicorn - __netbox $args - require="__netbox" __netbox_uwsgi --state absent - # it should depend on __netbox_uwsgi if they use the same socket - require="__netbox_uwsgi" __netbox_gunicorn --state enabled - - # be sure the service is disabled - __netbox $args - require="__netbox" __netbox_gunicorn --state disabled - require="__netbox_gunicorn" __systemd_service gunicorn-netbox --state stopped - - -SEE ALSO --------- -`Gunicorn Documentation `_ - -:strong:`cdist-type__netbox`\ (7) -:strong:`cdist-type__netbox_uwsgi`\ (7) - - -AUTHORS -------- -Matthias Stecher - - -COPYING -------- -Copyright \(C) 2020 Matthias Stecher. You can redistribute it -and/or modify it under the terms of the GNU General Public License as -published by the Free Software Foundation, either version 3 of the -License, or (at your option) any later version. diff --git a/type/__netbox_gunicorn/manifest b/type/__netbox_gunicorn/manifest deleted file mode 100755 index 5748e9d..0000000 --- a/type/__netbox_gunicorn/manifest +++ /dev/null @@ -1,57 +0,0 @@ -#!/bin/sh -e -# __netbox_gunicorn/manifest - -# Check states -state="" -unit_state="" -param_state="$(cat "$__object/parameter/state")" - -case "$param_state" in - enabled|disabled) - state="present" - unit_state="$param_state" - ;; - - absent) - state="absent" - unit_state="disabled" - ;; - - *) - # does not exist - printf "The state '%s' does not exist, can't continue!\n" "$param_state" >&2 - exit 2 - ;; -esac - - -mkdir "$__object/files" - -if [ "$state" = "present" ]; then - # process template - "$__type/files/gunicorn.py.sh" > "$__object/files/gunicorn.py" - - # gunicorn config file - __file /opt/netbox/gunicorn.py \ - --mode 644 --owner netbox \ - --source "$__object/files/gunicorn.py" - -else - # absent config file - __file /opt/netbox/gunicorn.py --state absent -fi - - -TYPE="Gunicorn" -export TYPE - -"$__type/files/netbox.socket.sh" "$__object/parameter/bind-to" \ - > "$__object/files/netbox.socket" - -# install systemd files -__systemd_unit gunicorn-netbox.socket \ - --state "$state" --enablement-state "$unit_state" \ - --source "$__object/files/netbox.socket" --restart -__systemd_unit gunicorn-netbox.service \ - --state "$state" --enablement-state "$unit_state" \ - --source "$__type/files/netbox.service" --restart diff --git a/type/__netbox_gunicorn/parameter/default/bind-to b/type/__netbox_gunicorn/parameter/default/bind-to deleted file mode 100644 index f4c980e..0000000 --- a/type/__netbox_gunicorn/parameter/default/bind-to +++ /dev/null @@ -1 +0,0 @@ -127.0.0.1:8001 diff --git a/type/__netbox_gunicorn/parameter/default/state b/type/__netbox_gunicorn/parameter/default/state deleted file mode 100644 index 86981e6..0000000 --- a/type/__netbox_gunicorn/parameter/default/state +++ /dev/null @@ -1 +0,0 @@ -enabled diff --git a/type/__netbox_gunicorn/parameter/optional b/type/__netbox_gunicorn/parameter/optional deleted file mode 100644 index ff72b5c..0000000 --- a/type/__netbox_gunicorn/parameter/optional +++ /dev/null @@ -1 +0,0 @@ -state diff --git a/type/__netbox_gunicorn/parameter/optional_multiple b/type/__netbox_gunicorn/parameter/optional_multiple deleted file mode 100644 index 331c077..0000000 --- a/type/__netbox_gunicorn/parameter/optional_multiple +++ /dev/null @@ -1 +0,0 @@ -bind-to diff --git a/type/__netbox_gunicorn/singleton b/type/__netbox_gunicorn/singleton deleted file mode 100644 index e69de29..0000000 diff --git a/type/__netbox_uwsgi/explorer/bind-capability b/type/__netbox_uwsgi/explorer/bind-capability deleted file mode 100755 index c5c0365..0000000 --- a/type/__netbox_uwsgi/explorer/bind-capability +++ /dev/null @@ -1,12 +0,0 @@ -#!/bin/sh -e -# explorer/bind-capablility - -# Checks if the uWSGI binary have the capability to bind to privileaged ports -# as a non-root user. It's required if no systemd sockets are used (cause of -# the use of multiple protocols etc.) - -binary="/opt/netbox/venv/bin/uwsgi" -# -v verifies if capability is set -if setcap -q -v CAP_NET_BIND_SERVICE+ep "$binary"; then - echo set -fi diff --git a/type/__netbox_uwsgi/explorer/installed b/type/__netbox_uwsgi/explorer/installed deleted file mode 100755 index a2393d0..0000000 --- a/type/__netbox_uwsgi/explorer/installed +++ /dev/null @@ -1,4 +0,0 @@ -#!/bin/sh -e - -# print version if available -/opt/netbox/venv/bin/pip3 show uwsgi | awk '/Version:/{print $2}' diff --git a/type/__netbox_uwsgi/explorer/upgradeable b/type/__netbox_uwsgi/explorer/upgradeable deleted file mode 100755 index f4b0a22..0000000 --- a/type/__netbox_uwsgi/explorer/upgradeable +++ /dev/null @@ -1,4 +0,0 @@ -#!/bin/sh -e - -# print latest version if availble -/opt/netbox/venv/bin/pip3 list --outdated | awk '$1 == "uwsgi" {print $3}' diff --git a/type/__netbox_uwsgi/files/netbox.service.sh b/type/__netbox_uwsgi/files/netbox.service.sh deleted file mode 100755 index 3705769..0000000 --- a/type/__netbox_uwsgi/files/netbox.service.sh +++ /dev/null @@ -1,40 +0,0 @@ -#!/bin/sh -e - -cat << EOF -[Unit] -Description=Netbox uWSGI WSGI Service -Documentation=https://netbox.readthedocs.io/en/stable/ -PartOf=netbox.service -Requires=netbox-rq.service -EOF - -# Add dependency to own socket -if [ "$(cat "$__object/files/systemd_socket")" = "yes" ]; then - echo "Requires=uwsgi-netbox.socket" -fi - -cat << EOF -Wants=network.target -After=netbox.service -After=network.target -After=redis-server.service postgresql.service - -[Service] -Type=notify - -User=netbox -Group=netbox -WorkingDirectory=/opt/netbox - -ExecStart=/opt/netbox/venv/bin/uwsgi --master --chdir /opt/netbox/netbox --module netbox.wsgi uwsgi.ini -# signals: https://uwsgi-docs.readthedocs.io/en/latest/Management.html#signals-for-controlling-uwsgi -ExecReload=kill -HUP \$MAINPID -ExecStop=kill -INT \$MAINPID -KillSignal=SIGQUIT - -Restart=on-failure -RestartSec=30 - -[Install] -WantedBy=netbox.service -EOF diff --git a/type/__netbox_uwsgi/files/netbox.socket.sh b/type/__netbox_uwsgi/files/netbox.socket.sh deleted file mode 120000 index 28ce920..0000000 --- a/type/__netbox_uwsgi/files/netbox.socket.sh +++ /dev/null @@ -1 +0,0 @@ -../../__netbox/files/netbox.socket.sh \ No newline at end of file diff --git a/type/__netbox_uwsgi/files/uwsgi.ini.sh b/type/__netbox_uwsgi/files/uwsgi.ini.sh deleted file mode 100755 index 4bae613..0000000 --- a/type/__netbox_uwsgi/files/uwsgi.ini.sh +++ /dev/null @@ -1,60 +0,0 @@ -#!/bin/sh -e - -# Generates uwsgi config -# see https://uwsgi-docs.readthedocs.io/en/latest/Options.html -# or https://uwsgi-docs-additions.readthedocs.io/en/latest/Options.html - -# params: -# 1: parameter name -# 2: parameter value file -# -# output: the lines for the configuration option -multi_options() { - while read -r line; do - printf "%s = %s\n" "$1" "$line" - done < "$2" -} - -# fix missing $__explorer -# see https://code.ungleich.ch/ungleich-public/cdist/-/issues/834 -__explorer="$__global/explorer" - -# size workes by cpu -cores="$(cat "$__explorer/cpu_cores")" - - -cat << EOF -[uwsgi] -; socket(s) to bind -EOF - -if [ "$SYSTEMD_SOCKET" != "yes" ]; then - # special protocol to bind - find "$__object/parameter/" -maxdepth 1 -name "*-bind" -print \ - | while read -r param; do - multi_options "$(basename "$param" | awk -F'-' '{print $1}')-socket" "$param" - done -else - # else, systemd will offer socket - echo "; sockets managed via 'uwsgi-netbox.socket'" - printf "protocol = %s\n" "$PROTOCOL" -fi - - -# multi-process settings -cat << EOF - -; processes and threads -processes = $(( 2*cores + 1 )) -threads = 2 -EOF - - -# optional mapping of static content -if [ "$STATIC_MAP" != "" ]; then - cat << EOF - -; map static content -static-map = /static=/opt/netbox/netbox/static -EOF -fi diff --git a/type/__netbox_uwsgi/gencode-remote b/type/__netbox_uwsgi/gencode-remote deleted file mode 100755 index 7c3b826..0000000 --- a/type/__netbox_uwsgi/gencode-remote +++ /dev/null @@ -1,101 +0,0 @@ -#!/bin/sh -e - -# control state -state="$(cat "$__object/parameter/state")" - -# Set capabilities to aquire privileaged ports as netbox user. Two modes are -# available to efficiently set capabilites. Assumes libcap-bin is installed as -# default on debian systems. -# -# Arguments: -# 1: mode to detect if capabilites are required to set ('set' or 'correct') -set_bind_cap() { - cap_mode="" # reset variable from the execution before - - # check if capabilites are required after given mode - case "$1" in - # assumes capabilites are not set (cause of new binaries) - set) - if [ "$SYSTEMD_SOCKET" != "yes" ]; then - cap_mode="+ep" - fi - ;; - - # check if capabilities have changed - correct) - if [ -s "$__object/explorer/bind-capability" ]; then - # capabilites are set - if [ "$SYSTEMD_SOCKET" = "yes" ]; then - cap_mode="-ep" # unset - fi - else - # capabilities are unset - if [ "$SYSTEMD_SOCKET" != "yes" ]; then - cap_mode="+ep" # set - fi - fi - ;; - - # faulty mode - *) - echo "called set_bind_cap incorrect (\$1 missing)" >&2 - ;; - esac - - # set capabilities if any - if [ "$cap_mode" ]; then - printf "setcap -q CAP_NET_BIND_SERVICE%s /opt/netbox/venv/bin/uwsgi\n" "$cap_mode" - fi -} -SYSTEMD_SOCKET="$(cat "$__object/files/systemd_socket")" - - -case "$state" in - # install uwsgi - enabled|disabled) - # not installed - if ! [ -s "$__object/explorer/installed" ]; then - echo "/opt/netbox/venv/bin/pip3 install -q uwsgi" - set_bind_cap set - do_restart=yes - printf "installed\n" >> "$__messages_out" - - # updates available - elif [ -s "$__object/explorer/upgradeable" ]; then - echo "/opt/netbox/venv/bin/pip3 install -q --upgrade uwsgi" - set_bind_cap set - do_restart=yes - printf "upgraded\n" >> "$__messages_out" - fi - - # changed configuration - if grep -q "^__file/opt/netbox/uwsgi.ini:" "$__messages_in"; then - do_restart=yes - printf "configured\n" >> "$__messages_out" - fi - - # if no capabilities were set yet, check if any are required - if [ -z "$cap_mode" ]; then - set_bind_cap correct - fi - - - # restart uwsgi - if [ "$do_restart" ] && [ "$state" != "disabled" ]; then - cat << EOF -# Restart service -systemctl restart uwsgi-netbox -EOF - fi - ;; - - # uninstall - absent) - # check if installed - if [ -s "$__object/explorer/installed" ]; then - # service already disabled - echo "/opt/netbox/venv/bin/pip3 uninstall -qy uwsgi" - printf "uninstalled\n" >> "$__messages_out" - fi - ;; -esac diff --git a/type/__netbox_uwsgi/man.rst b/type/__netbox_uwsgi/man.rst deleted file mode 100644 index 13dc6dc..0000000 --- a/type/__netbox_uwsgi/man.rst +++ /dev/null @@ -1,183 +0,0 @@ -cdist-type__netbox_uwsgi(7) -=========================== - -NAME ----- -cdist-type__netbox_uwsgi - Run NetBox with uWSGI - - -DESCRIPTION ------------ -This (singleton) type installs uWSGI into the NetBox `python-venv`. It hosts -the NetBox WSGI application via the WSGI protocol. A further server must be -installed to provide it as HTTP and serve static content. It supports multiple -protocols like uwsgi, fastcgi or HTTP to comunicate with the proxy server. This -application is available via the `uwsgi-netbox` systemd service. It is -controllable via the `netbox` wrapper service, too. - -**As uWSGI will be started as netbox user, it does not have privileges to -bind to a privileaged port (all ports below 1024).** Because uWSGI will -drop privileages anyway before binding to a port, solutions are to use -the systemd sockets to activate the ports as root or set linux kernel -capabilites to bind to such a privileaged port. - -As systemd sockets (or uwsgi itself) do not allow to distinguish multiple -sockets if different protocols are used for different sockets, this type does -not use systemd sockets if it is requested from the user. Using the -``--bind-to`` and ``--protocol`` parameters, it uses the systemd socket -activation. Else, it set the different sockets and protocols natively to uwsgi -and add kernel capabilities to be able to listen to privileaged ports. - - -REQUIRED PARAMETERS -------------------- -None. - - -OPTIONAL PARAMETERS -------------------- -state - Represents the state of the uWSGI application. Defaults to ``enabled``. - - enabled - The uWSGI service is enabled and running. - disabled - The uWSGI service is installed, but disabled. - absent - The uWSGI service is not installed and all configuration removed. - - This type does not guarantee anything about the running state of the - service. To be sure about the service is stopped or not, use the type - :strong:`cdist-type__systemd_service`\ (7) after this execution. - - -bind-to - The socket uwsgi should bind to. Must be UNIX/TCP (or anything that - systemd sockets accept as stream). Defaults to ``127.0.0.1:3031``. Can be - set multiple times. The used protocol is defined by ``--protocol``. - - **By setting up the socket via this parameter, it uses systemd sockets to - handle these.** This parameter will be ignored if a more detailed paramter - is given (``--$proto-bind``). - -protocol - The protocol which should be used for the socket given by the ``--bind-to`` - parameter. Possible values are ``uwsgi``, ``http``, ``fastcgi`` and - ``scgi``. If nothing given, it defaults to ``uwsgi``. - -scgi-bind, uwsgi-bind, http-bind, fastcgi-bind - Bind the application to a specific protocol instead of implicit uwsgi via - ``--bind-to``. If such parameter given, ``--bind-to`` will be ignored. Must - be a UNIX/TCP socket. Can be set multiple times. - - **By using such parameters instead of ``--bind-to``, no systemd sockets - will be used because it can not handle sockets for multiple protocols.** - Instead, the native socket binding will be used. It will add kernel - capabilites to bind to privileaged ports, too. This allow binds to ports - like 80 as netbox user. - - -BOOLEAN PARAMETERS ------------------- -serve-static - Setup uWSGI to serve the static content, too. This is generally not - recommended for real production setups, as it is the job of the reverse - proxy server, who will thread it as static cachable content. This option - is only recommended for small setups or direct usage of the uWSGI socket - like using it as standalone HTTP server for NetBox. - - **Hint**: This parameter does not work in junction with the `__netbox` - parameter ``--basepath``. It is because this type does not know the - parameter value and this case is very unlikly to happen; although an - implementation is not difficult. - - -MESSAGES --------- -installed - The uwsgi service was installed. - -upgraded - The uwsgi service was upgraded. - -configured - The uwsgi configuration got updated. - -uninstalled - The uWSGI application was removed. - -In all cases where the application is still present, it restarts the service to -use the up-to-date version. - - -EXAMPLES --------- - -.. code-block:: sh - - # simple - __netbox $args - require="__netbox" __netbox_uwsgi - - # with multiple binds - __netbox $args - require="__netbox" __netbox_uwsgi --bind-to 0.0.0.0:3032 \ - --bind-to 0.0.0.0:3033 - - # with multiple protocols - # parameter `--bind-to` will be ignored - # avoids systemd sockets, but can handle multiple protocols - __netbox $args - require="__netbox" __netbox_uwsgi --uwsgi-bind 0.0.0.0:3031 \ - --http-bind 0.0.0.0:8080 \ - --fastcgi-bind 1.2.3.4:5678 - - # as standalone server - __netbox $args - require="__netbox" __netbox_uwsgi --serve-static --http-bind 0.0.0.0:80 - - # replace gunicorn with uwsgi - __netbox $args - require="__netbox" __netbox_gunicorn --state absent - # it should depend on __netbox_gunicorn if they use the same socket - require="__netbox_gunicorn" __netbox_uwsgi --state enabled - - # be sure the service is disabled - __netbox $args - require="__netbox" __netbox_uwsgi --state disabled - require="__netbox_uwsgi" __systemd_service uwsgi-netbox --state stopped - - -NOTES ------ -If systemd sockets are used, uwsgi can not be reloaded because it does not -handle the socket correctly. It works by completly restarting uwsgi (because -it is near the same cause of the systemd socket) or tweaking the service unit -with the line ``StandardInput=socket``, which limits you to only one address -to bind to (else, the service will not start). - -Maybe someone is interested in enabling log files, because the "log to stdout" -is not the fanciest approach (because it is shown in the journal). See the -`uwsgi documentation ` for -reference. - - -SEE ALSO --------- -`uWSGI Documentation `_ - -:strong:`cdist-type__netbox`\ (7) -:strong:`cdist-type__netbox_gunicorn`\ (7) - - -AUTHORS -------- -Matthias Stecher - - -COPYING -------- -Copyright \(C) 2020 Matthias Stecher. You can redistribute it -and/or modify it under the terms of the GNU General Public License as -published by the Free Software Foundation, either version 3 of the -License, or (at your option) any later version. diff --git a/type/__netbox_uwsgi/manifest b/type/__netbox_uwsgi/manifest deleted file mode 100755 index 7c593e8..0000000 --- a/type/__netbox_uwsgi/manifest +++ /dev/null @@ -1,86 +0,0 @@ -#!/bin/sh -e -# __netbox_uwsgi/manifest - -# Check states -state="" -unit_state="" -param_state="$(cat "$__object/parameter/state")" - -case "$param_state" in - enabled|disabled) - state="present" - unit_state="$param_state" - ;; - - absent) - state="absent" - unit_state="disabled" - ;; - - *) - # does not exist - printf "The state '%s' does not exist, can't continue!\n" "$param_state" >&2 - exit 2 - ;; -esac - - -mkdir "$__object/files" - -# check if systemd sockets will be used -if [ -f "$__object/parameter/bind-to" ]; then - SYSTEMD_SOCKET="yes" -fi -if find "$__object/parameter/" -maxdepth 1 -name "*-bind" -print -quit | grep -q .; then - SYSTEMD_SOCKET="no" -fi -echo "$SYSTEMD_SOCKET" > "$__object/files/systemd_socket" - -if [ "$state" = "present" ]; then - # already checked outside this if-clause - export SYSTEMD_SOCKET - - PROTOCOL="$(cat "$__object/parameter/protocol")" - export PROTOCOL - - if [ -f "$__object/parameter/serve-static" ]; then - STATIC_MAP="yes" - export STATIC_MAP - fi - - # process template - "$__type/files/uwsgi.ini.sh" > "$__object/files/uwsgi.ini" - - # uwsgi config file - # TODO maybe patching with __key_value cause of .ini ? - __file /opt/netbox/uwsgi.ini \ - --mode 644 --owner netbox \ - --source "$__object/files/uwsgi.ini" - -else - # absent config file - __file /opt/netbox/uwsgi.ini --state absent -fi - - -# handle the systemd socket -if [ "$SYSTEMD_SOCKET" = "yes" ]; then - TYPE="uWSGI" - export TYPE - - # generate and set the socket unit - "$__type/files/netbox.socket.sh" "$__object/parameter/bind-to" \ - > "$__object/files/netbox.socket" - __systemd_unit uwsgi-netbox.socket \ - --state "$state" --enablement-state "$unit_state" \ - --source "$__object/files/netbox.socket" --restart -else - # remove the systemd socket unit - __systemd_unit uwsgi-netbox.socket --state absent -fi - -# install service file -"$__type/files/netbox.service.sh" > "$__object/files/netbox.service" -__systemd_unit uwsgi-netbox.service \ - --state "$state" --enablement-state "$unit_state" \ - --source "$__object/files/netbox.service" --restart diff --git a/type/__netbox_uwsgi/parameter/boolean b/type/__netbox_uwsgi/parameter/boolean deleted file mode 100644 index aa08196..0000000 --- a/type/__netbox_uwsgi/parameter/boolean +++ /dev/null @@ -1 +0,0 @@ -serve-static diff --git a/type/__netbox_uwsgi/parameter/default/bind-to b/type/__netbox_uwsgi/parameter/default/bind-to deleted file mode 100644 index c696456..0000000 --- a/type/__netbox_uwsgi/parameter/default/bind-to +++ /dev/null @@ -1 +0,0 @@ -127.0.0.1:3031 diff --git a/type/__netbox_uwsgi/parameter/default/protocol b/type/__netbox_uwsgi/parameter/default/protocol deleted file mode 100644 index caf986e..0000000 --- a/type/__netbox_uwsgi/parameter/default/protocol +++ /dev/null @@ -1 +0,0 @@ -uwsgi diff --git a/type/__netbox_uwsgi/parameter/default/state b/type/__netbox_uwsgi/parameter/default/state deleted file mode 100644 index 86981e6..0000000 --- a/type/__netbox_uwsgi/parameter/default/state +++ /dev/null @@ -1 +0,0 @@ -enabled diff --git a/type/__netbox_uwsgi/parameter/optional b/type/__netbox_uwsgi/parameter/optional deleted file mode 100644 index 3284ccc..0000000 --- a/type/__netbox_uwsgi/parameter/optional +++ /dev/null @@ -1,2 +0,0 @@ -state -protocol diff --git a/type/__netbox_uwsgi/parameter/optional_multiple b/type/__netbox_uwsgi/parameter/optional_multiple deleted file mode 100644 index 3f3e7d4..0000000 --- a/type/__netbox_uwsgi/parameter/optional_multiple +++ /dev/null @@ -1,5 +0,0 @@ -bind-to -uwsgi-bind -http-bind -fastcgi-bind -scgi-bind diff --git a/type/__netbox_uwsgi/singleton b/type/__netbox_uwsgi/singleton deleted file mode 100644 index e69de29..0000000 diff --git a/type/__root_mail_dma/files/aliases b/type/__root_mail_dma/files/aliases new file mode 100644 index 0000000..d341318 --- /dev/null +++ b/type/__root_mail_dma/files/aliases @@ -0,0 +1,68 @@ +# Based off FreeBSD's /etc/aliases +# +# >>>>>>>>>> The program "newaliases" must be run after +# >> NOTE >> this file is updated for any changes to +# >>>>>>>>>> show through to sendmail. +# +# +# See also RFC 2142, `MAILBOX NAMES FOR COMMON SERVICES, ROLES +# AND FUNCTIONS', May 1997 +# http://tools.ietf.org/html/rfc2142 + +# Pretty much everything else in this file points to "root", so +# you would do well in either reading root's mailbox or forwarding +# root's email from here. + +# root: me@my.domain + + +# Basic system aliases -- these MUST be present +MAILER-DAEMON: postmaster +postmaster: root + +# General redirections for pseudo accounts +_dhcp: root +_pflogd: root +auditdistd: root +bin: root +bind: root +daemon: root +games: root +hast: root +kmem: root +mailnull: postmaster +man: root +news: root +nobody: root +operator: root +pop: root +proxy: root +smmsp: postmaster +sshd: root +system: root +toor: root +tty: root +usenet: news +uucp: root + +# Well-known aliases -- these should be filled in! +manager: root +dumper: root + +# BUSINESS-RELATED MAILBOX NAMES +info: root +marketing: root +sales: root +support: root + +# NETWORK OPERATIONS MAILBOX NAMES +abuse: root +noc: root +security: root + +# SUPPORT MAILBOX NAMES FOR SPECIFIC INTERNET SERVICES +ftp: root +ftp-bugs: ftp +hostmaster: root +webmaster: root +www: webmaster diff --git a/type/__root_mail_dma/gencode-remote b/type/__root_mail_dma/gencode-remote new file mode 100755 index 0000000..2961c09 --- /dev/null +++ b/type/__root_mail_dma/gencode-remote @@ -0,0 +1,20 @@ +#!/bin/sh -e + +if [ -f "${__object}/parameter/send-test-email" ]; then + SEND_EMAIL="YES" +fi + +if [ "${SEND_EMAIL}" != "YES" ]; then + exit 0 +fi + +cat <`_ +- `DragonFly Handbook MTA `_ + + +AUTHORS +------- +Evilham + + +COPYING +------- +Copyright \(C) 2020 Evilham. You can redistribute it +and/or modify it under the terms of the GNU General Public License as +published by the Free Software Foundation, either version 3 of the +License, or (at your option) any later version. diff --git a/type/__root_mail_dma/manifest b/type/__root_mail_dma/manifest new file mode 100755 index 0000000..abcaa5b --- /dev/null +++ b/type/__root_mail_dma/manifest @@ -0,0 +1,153 @@ +#!/bin/sh -e + +os="$(cat "${__global}/explorer/os")" + +root_email="$(tr '\n' ',' < "${__object}/parameter/root-email" | sed -E 's/,+$//')" +smart_host="$(cat "${__object}/parameter/smart-host")" + +if [ -f "${__object}/parameter/mailname" ]; then + mailname="$(cat "${__object}/parameter/mailname")" +else + # default mailname behaviour is different in certain systems + case ${os} in + debian|devuan|ubuntu) + # Debian-like default to /etc/mailname + mailname="/etc/mailname" + ;; + *) + # Otherwise let's use the hostname + mailname="${__target_host}" + ;; + esac +fi + +aliases_file=/etc/mail/aliases +case ${os} in + debian|devuan|ubuntu) + # Debian-like requires installing DMA + __package dma + # Moving forward without DMA doesn't make much sense + export require="__package/dma" + aliases_file=/etc/aliases + ;; + freebsd) + # Disable sendmail + stop if necessary + __key_value \ + --file "/etc/rc.conf" \ + --comment "# Disable sendmail " \ + --key "sendmail_enable" \ + --delimiter "=" \ + --value "NONE" \ + --onchange "service sendmail onestop || true" \ + "sendmail_enable" + # Setup mailwrapper accordingly + __file /etc/mail/mailer.conf \ + --mode 0644 \ + --source '-' < /dev/stderr < - # local-data: "" - # o deny serves local data (if any), else, drops queries. - # o refuse serves local data (if any), else, replies with error. - # o static serves local data, else, nxdomain or nodata answer. - # o transparent gives local data, but resolves normally for other names - # o redirect serves the zone data for any subdomain in the zone. - # o nodefault can be used to normally resolve AS112 zones. - # o typetransparent resolves normally for other types and other names - # o inform acts like transparent, but logs client IP address - # o inform_deny drops queries and logs client IP address - # o inform_redirect redirects queries and logs client IP address - # o always_transparent, always_refuse, always_nxdomain, resolve in - # that way but ignore local data for that name - # o noview breaks out of that view towards global local-zones. - # - # defaults are localhost address, reverse for 127.0.0.1 and ::1 - # and nxdomain for AS112 zones. If you configure one of these zones - # the default content is omitted, or you can omit it with 'nodefault'. - # - # If you configure local-data without specifying local-zone, by - # default a transparent local-zone is created for the data. - # - # You can add locally served data with - # local-zone: "local." static - # local-data: "mycomputer.local. IN A 192.0.2.51" - # local-data: 'mytext.local TXT "content of text record"' - # - # You can override certain queries with - # local-data: "adserver.example.com A 127.0.0.1" - # - # You can redirect a domain to a fixed address with - # (this makes example.com, www.example.com, etc, all go to 192.0.2.3) - # local-zone: "example.com" redirect - # local-data: "example.com A 192.0.2.3" -$(generate_local_data) - # - # Shorthand to make PTR records, "IPv4 name" or "IPv6 name". - # You can also add PTR records using local-data directly, but then - # you need to do the reverse notation yourself. - # local-data-ptr: "192.0.2.3 www.example.com" - - # tag a localzone with a list of tag names (in "" with spaces between) - # local-zone-tag: "example.com" "tag2 tag3" - - # add a netblock specific override to a localzone, with zone type - # local-zone-override: "example.com" 192.0.2.0/24 refuse - - # service clients over TLS (on the TCP sockets), with plain DNS inside - # the TLS stream. Give the certificate to use and private key. - # default is "" (disabled). requires restart to take effect. - # tls-service-key: "path/to/privatekeyfile.key" - # tls-service-pem: "path/to/publiccertfile.pem" - # tls-port: 853 - - # cipher setting for TLSv1.2 - # tls-ciphers: "DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256" - # cipher setting for TLSv1.3 - # tls-ciphersuites: "TLS_AES_128_GCM_SHA256:TLS_AES_128_CCM_8_SHA256:TLS_AES_128_CCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256" - - # Add the secret file for TLS Session Ticket. - # Secret file must be 80 bytes of random data. - # First key use to encrypt and decrypt TLS session tickets. - # Other keys use to decrypt only. - # requires restart to take effect. - # tls-session-ticket-keys: "path/to/secret_file1" - # tls-session-ticket-keys: "path/to/secret_file2" - - # request upstream over TLS (with plain DNS inside the TLS stream). - # Default is no. Can be turned on and off with unbound-control. - # tls-upstream: no - - # Certificates used to authenticate connections made upstream. - # tls-cert-bundle: "" - - # Add system certs to the cert bundle, from the Windows Cert Store - # tls-win-cert: no - - # Also serve tls on these port numbers (eg. 443, ...), by listing - # tls-additional-port: portno for each of the port numbers. - - # DNS64 prefix. Must be specified when DNS64 is use. - # Enable dns64 in module-config. Used to synthesize IPv6 from IPv4. - dns64-prefix: $DNS64_PREFIX - - # DNS64 ignore AAAA records for these domains and use A instead. - # dns64-ignore-aaaa: "example.com" - - # ratelimit for uncached, new queries, this limits recursion effort. - # ratelimiting is experimental, and may help against randomqueryflood. - # if 0(default) it is disabled, otherwise state qps allowed per zone. - # ratelimit: 0 - - # ratelimits are tracked in a cache, size in bytes of cache (or k,m). - # ratelimit-size: 4m - # ratelimit cache slabs, reduces lock contention if equal to cpucount. - # ratelimit-slabs: 4 - - # 0 blocks when ratelimited, otherwise let 1/xth traffic through - # ratelimit-factor: 10 - - # override the ratelimit for a specific domain name. - # give this setting multiple times to have multiple overrides. - # ratelimit-for-domain: example.com 1000 - # override the ratelimits for all domains below a domain name - # can give this multiple times, the name closest to the zone is used. - # ratelimit-below-domain: com 1000 - - # global query ratelimit for all ip addresses. - # feature is experimental. - # if 0(default) it is disabled, otherwise states qps allowed per ip address - # ip-ratelimit: 0 - - # ip ratelimits are tracked in a cache, size in bytes of cache (or k,m). - # ip-ratelimit-size: 4m - # ip ratelimit cache slabs, reduces lock contention if equal to cpucount. - # ip-ratelimit-slabs: 4 - - # 0 blocks when ip is ratelimited, otherwise let 1/xth traffic through - # ip-ratelimit-factor: 10 - - # Limit the number of connections simultaneous from a netblock - # tcp-connection-limit: 192.0.2.0/24 12 - - # select from the fastest servers this many times out of 1000. 0 means - # the fast server select is disabled. prefetches are not sped up. - # fast-server-permil: 0 - # the number of servers that will be used in the fast server selection. - # fast-server-num: 3 - - # Specific options for ipsecmod. unbound needs to be configured with - # --enable-ipsecmod for these to take effect. - # - # Enable or disable ipsecmod (it still needs to be defined in - # module-config above). Can be used when ipsecmod needs to be - # enabled/disabled via remote-control(below). - # ipsecmod-enabled: yes - # - # Path to executable external hook. It must be defined when ipsecmod is - # listed in module-config (above). - # ipsecmod-hook: "./my_executable" - # - # When enabled unbound will reply with SERVFAIL if the return value of - # the ipsecmod-hook is not 0. - # ipsecmod-strict: no - # - # Maximum time to live (TTL) for cached A/AAAA records with IPSECKEY. - # ipsecmod-max-ttl: 3600 - # - # Reply with A/AAAA even if the relevant IPSECKEY is bogus. Mainly used for - # testing. - # ipsecmod-ignore-bogus: no - # - # Domains for which ipsecmod will be triggered. If not defined (default) - # all domains are treated as being whitelisted. - # ipsecmod-whitelist: "example.com" - # ipsecmod-whitelist: "nlnetlabs.nl" - - -# Python config section. To enable: -# o use --with-pythonmodule to configure before compiling. -# o list python in the module-config string (above) to enable. -# It can be at the start, it gets validated results, or just before -# the iterator and process before DNSSEC validation. -# o and give a python-script to run. -python: - # Script file to load - # python-script: "/ubmodule-tst.py" - -# Remote control config section. -remote-control: - # Enable remote control with unbound-control(8) here. - # set up the keys and certificates with unbound-control-setup. - control-enable: $RC_ENABLE - - # what interfaces are listened to for remote control. - # give 0.0.0.0 and ::0 to listen to all interfaces. - # set to an absolute path to use a unix local name pipe, certificates - # are not used for that, so key and cert files need not be present. - # control-interface: 127.0.0.1 - control-interface: $RC_INTERFACE - - # port number for remote control operations. - # control-port: 8953 - - # for localhost, you can disable use of TLS by setting this to "no" - # For local sockets this option is ignored, and TLS is not used. - # control-use-cert: "yes" - - # unbound server key file. - server-key-file: "$RC_SERVER_KEY_FILE" - - # unbound server certificate file. - server-cert-file: "$RC_SERVER_CERT_FILE" - - # unbound-control key file. - control-key-file: "$RC_CONTROL_KEY_FILE" - - # unbound-control certificate file. - control-cert-file: "$RC_CONTROL_CERT_FILE" - -# Stub zones. -# Create entries like below, to make all queries for 'example.com' and -# 'example.org' go to the given list of nameservers. list zero or more -# nameservers by hostname or by ipaddress. If you set stub-prime to yes, -# the list is treated as priming hints (default is no). -# With stub-first yes, it attempts without the stub if it fails. -# Consider adding domain-insecure: name and local-zone: name nodefault -# to the server: section if the stub is a locally served zone. -# stub-zone: -# name: "example.com" -# stub-addr: 192.0.2.68 -# stub-prime: no -# stub-first: no -# stub-tls-upstream: no -# stub-no-cache: no -# stub-zone: -# name: "example.org" -# stub-host: ns.example.com. - -# Forward zones -# Create entries like below, to make all queries for 'example.com' and -# 'example.org' go to the given list of servers. These servers have to handle -# recursion to other nameservers. List zero or more nameservers by hostname -# or by ipaddress. Use an entry with name "." to forward all queries. -# If you enable forward-first, it attempts without the forward if it fails. -# forward-zone: -# name: "example.com" -# forward-addr: 192.0.2.68 -# forward-addr: 192.0.2.73@5355 # forward to port 5355. -# forward-first: no -# forward-tls-upstream: no -# forward-no-cache: no -# forward-zone: -# name: "example.org" -# forward-host: fwd.example.com - -forward-zone: - name: "." -$(generate_forward_addr) - -# Authority zones -# The data for these zones is kept locally, from a file or downloaded. -# The data can be served to downstream clients, or used instead of the -# upstream (which saves a lookup to the upstream). The first example -# has a copy of the root for local usage. The second serves example.org -# authoritatively. zonefile: reads from file (and writes to it if you also -# download it), master: fetches with AXFR and IXFR, or url to zonefile. -# With allow-notify: you can give additional (apart from masters) sources of -# notifies. -# auth-zone: -# name: "." -# master: 199.9.14.201 # b.root-servers.net -# master: 192.33.4.12 # c.root-servers.net -# master: 199.7.91.13 # d.root-servers.net -# master: 192.5.5.241 # f.root-servers.net -# master: 192.112.36.4 # g.root-servers.net -# master: 193.0.14.129 # k.root-servers.net -# master: 192.0.47.132 # xfr.cjr.dns.icann.org -# master: 192.0.32.132 # xfr.lax.dns.icann.org -# master: 2001:500:200::b # b.root-servers.net -# master: 2001:500:2::c # c.root-servers.net -# master: 2001:500:2d::d # d.root-servers.net -# master: 2001:500:2f::f # f.root-servers.net -# master: 2001:500:12::d0d # g.root-servers.net -# master: 2001:7fd::1 # k.root-servers.net -# master: 2620:0:2830:202::132 # xfr.cjr.dns.icann.org -# master: 2620:0:2d0:202::132 # xfr.lax.dns.icann.org -# fallback-enabled: yes -# for-downstream: no -# for-upstream: yes -# auth-zone: -# name: "example.org" -# for-downstream: yes -# for-upstream: yes -# zonefile: "example.org.zone" - -# Views -# Create named views. Name must be unique. Map views to requests using -# the access-control-view option. Views can contain zero or more local-zone -# and local-data options. Options from matching views will override global -# options. Global options will be used if no matching view is found. -# With view-first yes, it will try to answer using the global local-zone and -# local-data elements if there is no view specific match. -# view: -# name: "viewname" -# local-zone: "example.com" redirect -# local-data: "example.com A 192.0.2.3" -# local-data-ptr: "192.0.2.3 www.example.com" -# view-first: no -# view: -# name: "anotherview" -# local-zone: "example.com" refuse - -# DNSCrypt -# Caveats: -# 1. the keys/certs cannot be produced by unbound. You can use dnscrypt-wrapper -# for this: https://github.com/cofyc/dnscrypt-wrapper/blob/master/README.md#usage -# 2. dnscrypt channel attaches to an interface. you MUST set interfaces to -# listen on 'dnscrypt-port' with the follo0wing snippet: -# server: -# interface: 0.0.0.0@443 -# interface: ::0@443 -# -# Finally, 'dnscrypt' config has its own section. -# dnscrypt: -# dnscrypt-enable: yes -# dnscrypt-port: 443 -# dnscrypt-provider: 2.dnscrypt-cert.example.com. -# dnscrypt-secret-key: /path/unbound-conf/keys1/1.key -# dnscrypt-secret-key: /path/unbound-conf/keys2/1.key -# dnscrypt-provider-cert: /path/unbound-conf/keys1/1.cert -# dnscrypt-provider-cert: /path/unbound-conf/keys2/1.cert - -# CacheDB -# Enable external backend DB as auxiliary cache. Specify the backend name -# (default is "testframe", which has no use other than for debugging and -# testing) and backend-specific options. The 'cachedb' module must be -# included in module-config, just before the iterator module. -# cachedb: -# backend: "testframe" -# # secret seed string to calculate hashed keys -# secret-seed: "default" -# -# # For "redis" backend: -# # redis server's IP address or host name -# redis-server-host: 127.0.0.1 -# # redis server's TCP port -# redis-server-port: 6379 -# # timeout (in ms) for communication with the redis server -# redis-timeout: 100 -EOF diff --git a/type/__unbound/gencode-remote b/type/__unbound/gencode-remote deleted file mode 100755 index ba6d92b..0000000 --- a/type/__unbound/gencode-remote +++ /dev/null @@ -1,16 +0,0 @@ -#!/bin/sh - -UNBOUND_CERTS_DIR=/etc/unbound - -if [ -f "$__object/parameter/enable_rc" ]; then - echo "unbound-control-setup -d $UNBOUND_CERTS_DIR" - echo "chown unbound:unbound $UNBOUND_CERTS_DIR/*.pem $UNBOUND_CERTS_DIR/*.key" -fi - -cat << EOF -if pgrep unbound; then - service unbound reload -else - service unbound start -fi -EOF diff --git a/type/__unbound/man.rst b/type/__unbound/man.rst deleted file mode 100644 index 316d011..0000000 --- a/type/__unbound/man.rst +++ /dev/null @@ -1,84 +0,0 @@ -cdist-type__unbound(7) -=============================== - -NAME ----- -cdist-type__ungleich_unbound - unbound server deployment for ungleich - - -DESCRIPTION ------------ -This unbound (dns resolver and cache) deployment provides DNS64 and fetch -answers from specified upstrean DNS server. This is a singleton type. - -REQUIRED PARAMETERS -------------------- -dns64_prefix - IPv6 prefix used for DNS64. - -forward_addr - DNS servers used to lookup names, can be provided multiple times. It can be - either an IPv4 or IPv6 address but no domain name. - -OPTIONAL PARAMETERS -------------------- -interface - Interface to listen on, can be provided multiple times. Defaults to - '127.0.0.1' and '::1'. - -access_control - Controls which clients are allowed queries to the unbound service (everything - but localhost is refused by default), can be provided multiple times. The - format is described in unbound.conf(5). - -rc_interface - Address or path to socket used for remote control (see `--enable_control`. Defaults to `127.0.0.1`). - -local_data - Configure local data, which is served in reply to queries for it. Can be - specified multiple times. - -BOOLEAN PARAMETERS ------------------- -disable-ip4 - Do not answer or issue queries over IPv4. Cannot be used alongside the - `--disable-ip6` flag. - -disable-ip6 - Do not answer or issue queries over IPv6. Cannot be used alongside the - `--disable-ip4` flag. - -enable_rc - Enable remote control (see `unbound-control(8)`). - -EXAMPLES --------- - -.. code-block:: sh - - __ungleich_unbound \ - --interface '::0' \ - --dns64_prefix '2a0a:e5c0:2:10::/96' \ - --forward_addr '2a0a:e5c0:2:1::5' \ - --forward_addr '2a0a:e5c0:2:1::6' \ - --access_control '::0/0 deny' \ - --access_control '2a0a:e5c0::/29 allow' \ - --access_control '2a09:2940::/29 allow' \ - --ip6 - -SEE ALSO --------- -- `unbound.conf(5) `_ - - -AUTHORS -------- -Timothée Floure - - -COPYING -------- -Copyright \(C) 2020 Timothée Floure. You can redistribute it -and/or modify it under the terms of the GNU General Public License as -published by the Free Software Foundation, either version 3 of the -License, or (at your option) any later version. diff --git a/type/__unbound/manifest b/type/__unbound/manifest deleted file mode 100755 index 5d6b50f..0000000 --- a/type/__unbound/manifest +++ /dev/null @@ -1,102 +0,0 @@ -#!/bin/sh -e -# -# 2020 Timothée Floure (timothee.floure@ungleich.ch) -# -# This file is part of cdist. -# -# cdist is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# cdist is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with cdist. If not, see . -# - - -os=$(cat "$__global/explorer/os") - -case "$os" in - alpine) - __package unbound --state present - ;; - *) - printf "Your operating system (%s) is currently not supported by this type (%s)\n" "$os" "${__type##*/}" >&2 - printf "Please contribute an implementation for it if you can.\n" >&2 - exit 1 - ;; -esac - -# Required parameters: -DNS64_PREFIX=$(cat "$__object/parameter/dns64_prefix") -export DNS64_PREFIX -FORWARD_ADDRS=$(cat "$__object/parameter/forward_addr") -export FORWARD_ADDRS - -# Optional parameters: -if [ -f "$__object/parameter/interface" ]; then - INTERFACES=$(cat "$__object/parameter/interface") - export INTERFACES -fi - -if [ -f "$__object/parameter/access_control" ]; then - ACCESS_CONTROLS=$(cat "$__object/parameter/access_control") - export ACCESS_CONTROLS -fi - -if [ -f "$__object/parameter/rc_interface" ]; then - RC_INTERFACE=$(cat "$__object/parameter/rc_interface") - export RC_INTERFACE -fi - -if [ -f "$__object/parameter/local_data" ]; then - LOCAL_DATA=$(cat "$__object/parameter/local_data") - export LOCAL_DATA -fi - -# Boolean parameters: -if [ -f "$__object/parameter/disable_ip4" ] && \ - [ -f "$__object/parameter/disable_ip6" ]; then - echo "--disable-ip4 and --disable-ip6 cannot be used at the same time." >&2 - exit 1 -fi - -if [ -f "$__object/parameter/disable_ip4" ]; then - export DO_IP4='no' -else - export DO_IP4='yes' -fi - -if [ -f "$__object/parameter/disable_ip6" ]; then - export DO_IP6='no' -else - export DO_IP6='yes' -fi - -if [ -f "$__object/parameter/enable_rc" ]; then - export RC_ENABLE='yes' -else - export RC_ENABLE='no' -fi - -# Certs for remote control: -export RC_SERVER_KEY_FILE='/etc/unbound/unbound_server.key' -export RC_SERVER_CERT_FILE='/etc/unbound/unbound_server.pem' -export RC_CONTROL_KEY_FILE='/etc/unbound/unbound_control.key' -export RC_CONTROL_CERT_FILE='/etc/unbound/unbound_control.pem' - -# Generate and deploy configuration files. -source_file="$__object/files/unbound.conf" -target_file="/etc/unbound/unbound.conf" - -mkdir -p "$__object/files" -"$__type/files/unbound.conf.sh" > "$source_file" -require="__package/unbound" __file "$target_file" \ - --source "$source_file" \ - --owner root \ - --mode 644 diff --git a/type/__unbound/parameter/boolean b/type/__unbound/parameter/boolean deleted file mode 100644 index b6e53a1..0000000 --- a/type/__unbound/parameter/boolean +++ /dev/null @@ -1,3 +0,0 @@ -disable_ip6 -disable_ip4 -enable_rc diff --git a/type/__unbound/parameter/default/rc_interface b/type/__unbound/parameter/default/rc_interface deleted file mode 100644 index 7b9ad53..0000000 --- a/type/__unbound/parameter/default/rc_interface +++ /dev/null @@ -1 +0,0 @@ -127.0.0.1 diff --git a/type/__unbound/parameter/optional b/type/__unbound/parameter/optional deleted file mode 100644 index 0826b6e..0000000 --- a/type/__unbound/parameter/optional +++ /dev/null @@ -1 +0,0 @@ -rc_interface diff --git a/type/__unbound/parameter/optional_multiple b/type/__unbound/parameter/optional_multiple deleted file mode 100644 index 3fe7eca..0000000 --- a/type/__unbound/parameter/optional_multiple +++ /dev/null @@ -1,3 +0,0 @@ -access_control -local_data -interface diff --git a/type/__unbound/parameter/required b/type/__unbound/parameter/required deleted file mode 100644 index 4ad232f..0000000 --- a/type/__unbound/parameter/required +++ /dev/null @@ -1 +0,0 @@ -dns64_prefix diff --git a/type/__unbound/parameter/required_multiple b/type/__unbound/parameter/required_multiple deleted file mode 100644 index 776abf5..0000000 --- a/type/__unbound/parameter/required_multiple +++ /dev/null @@ -1 +0,0 @@ -forward_addr diff --git a/type/__unbound/singleton b/type/__unbound/singleton deleted file mode 100644 index e69de29..0000000 diff --git a/type/__unbound_exporter/files/openrc-service b/type/__unbound_exporter/files/openrc-service deleted file mode 100644 index 6caed5e..0000000 --- a/type/__unbound_exporter/files/openrc-service +++ /dev/null @@ -1,12 +0,0 @@ -#!/sbin/openrc-run - -name=$RC_SVCNAME -command="/usr/local/bin/unbound_exporter" -command_args="" -command_user="unbound" -command_background="yes" -pidfile="/var/run/$RC_SVCNAME.pid" - -depend() { - need unbound -} diff --git a/type/__unbound_exporter/gencode-remote b/type/__unbound_exporter/gencode-remote deleted file mode 100755 index fcd85fb..0000000 --- a/type/__unbound_exporter/gencode-remote +++ /dev/null @@ -1,46 +0,0 @@ -#!/bin/sh -e -# -# 2020 Timothée Floure (timothee.floure@ungleich.ch) -# -# This file is part of cdist. -# -# cdist is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# cdist is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with cdist. If not, see . - -upstream=https://github.com/wish/unbound_exporter/archive -version=$(cat "$__object/parameter/version") -release="unbound_exporter-$version" - -cat << EOF -if command -v unbound_exporter -then - # already installed - ignoring. - echo "Nothing to do -" -else - # Initialize working directory - workdir=\$(mktemp -d) - cd \$workdir - - # Download and extract sources for requested release. - curl -L $upstream/v$version.tar.gz --output $release.tar.gz - tar xf $release.tar.gz - - # Build and install binary. - cd $release - go build - install -m755 unbound_exporter /usr/local/bin/ - - # Clean up! - rm -r \$workdir -fi -EOF diff --git a/type/__unbound_exporter/man.rst b/type/__unbound_exporter/man.rst deleted file mode 100644 index 934bdd7..0000000 --- a/type/__unbound_exporter/man.rst +++ /dev/null @@ -1,63 +0,0 @@ -cdist-type__unbound_exporter(7) -=============================== - -NAME ----- -cdist-type__unbound_exporter - A prometheus exporter for unbound - - -DESCRIPTION ------------ -Simple Prometheus metrics exporter for the Unbound DNS -resolver. It leverages the unbound remote control endpoint -and exposes metrics on port 9167. - - -REQUIRED PARAMETERS -------------------- -version - unbound_exporter release to be used. - -OPTIONAL PARAMETERS -------------------- -None. - - -BOOLEAN PARAMETERS ------------------- -None. - - -EXAMPLES --------- - -.. code-block:: sh - - __unbound \ - --interface '::0' \ - --forward_addr '2a0a:e5c0:2:1::5' \ - --forward_addr '2a0a:e5c0:2:1::6' \ - --access_control '::0/0 deny' \ - --access_control '2a0a:e5c0::/29 allow' \ - --access_control '2a09:2940::/29 allow' \ - --disable_ip4 \ - --enable_rc \ - --rc_interface '::1' - - __unbound_exporter --version 0.1.3 - -SEE ALSO --------- -:strong:`cdist-type__unbound(7)` - -AUTHORS -------- -Timothée Floure - - -COPYING -------- -Copyright \(C) 2020 Timothée Floure. You can redistribute it -and/or modify it under the terms of the GNU General Public License as -published by the Free Software Foundation, either version 3 of the -License, or (at your option) any later version. diff --git a/type/__unbound_exporter/manifest b/type/__unbound_exporter/manifest deleted file mode 100755 index 3602e47..0000000 --- a/type/__unbound_exporter/manifest +++ /dev/null @@ -1,45 +0,0 @@ -#!/bin/sh -e -# -# 2020 Timothée Floure (timothee.floure@ungleich.ch) -# -# This file is part of cdist. -# -# cdist is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# cdist is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with cdist. If not, see . -# - - -os=$(cat "$__global/explorer/os") - -case "$os" in - alpine) - # Used in gencode-remote. - __package curl - __package tar - __package openssl - __package go - __package libc-dev - ;; - *) - printf "Your operating system (%s) is currently not supported by this type (%s)\n" "$os" "${__type##*/}" >&2 - printf "Please contribute an implementation for it if you can.\n" >&2 - exit 1 - ;; -esac - -__file /etc/init.d/unbound_exporter \ - --source "$__type/files/openrc-service" \ - --mode 755 - -require="__file/etc/init.d/unbound_exporter" __service unbound_exporter --action start -require="__file/etc/init.d/unbound_exporter" __start_on_boot unbound_exporter diff --git a/type/__unbound_exporter/parameter/required b/type/__unbound_exporter/parameter/required deleted file mode 100644 index 088eda4..0000000 --- a/type/__unbound_exporter/parameter/required +++ /dev/null @@ -1 +0,0 @@ -version diff --git a/type/__unbound_exporter/singleton b/type/__unbound_exporter/singleton deleted file mode 100644 index e69de29..0000000 diff --git a/type/__wikijs/files/config.yml.sh b/type/__wikijs/files/config.yml.sh deleted file mode 100755 index b66687a..0000000 --- a/type/__wikijs/files/config.yml.sh +++ /dev/null @@ -1,46 +0,0 @@ -#!/bin/sh - -if [ $# -ne 1 ]; -then - echo "You have to give me the database password as an argument:" - echo "on some systems, anyone can read env(1)." - exit 1; -fi - -generate_ssl_section () { - - cat << EOF -ssl: - enabled: ${SSL} -EOF - -if [ "$SSL" = "true" ]; then - cat << EOF - port: $HTTPS_PORT - provider: letsencrypt - domain: ${__target_host:?} - subscriberEmail: ${LE_EMAIL:?} -EOF - fi -} - -cat << EOF -port: $HTTP_PORT -db: - type: postgres - host: localhost - port: 5432 - user: ${DB_USER:?} - pass: $1 - db: ${DB_NAME:?} - ssl: false -$(generate_ssl_section) -pool: - min: 2 - max: 10 -bindIP: 0.0.0.0 -logLevel: warn -offline: false -ha: false -dataPath: ./data -EOF diff --git a/type/__wikijs/files/wikijs-openrc b/type/__wikijs/files/wikijs-openrc deleted file mode 100644 index e484647..0000000 --- a/type/__wikijs/files/wikijs-openrc +++ /dev/null @@ -1,10 +0,0 @@ -#!/sbin/openrc-run - -command='/usr/bin/node' -command_args='server' -command_background=true -description="Run wiki.js" -directory='/var/wiki' -error_log=/var/log/"$RC_SVCNAME".err -output_log=/var/log/"$RC_SVCNAME".log -pidfile="/run/$RC_SVCNAME.pid" diff --git a/type/__wikijs/gencode-remote b/type/__wikijs/gencode-remote deleted file mode 100755 index 37c7df7..0000000 --- a/type/__wikijs/gencode-remote +++ /dev/null @@ -1,26 +0,0 @@ -#!/bin/sh - -VERSION_FILE=/var/wiki/version -version=$(cat "${__object:?}/parameter/version") - -# Check for installation -cat << EOF -if [ -f $VERSION_FILE ] && [ "\$(cat $VERSION_FILE)" = "$version" ]; -then - # Assume everything is done already. - exit 0; -else - echo "$version" > $VERSION_FILE -fi -EOF - -# Download and copy source -cat << EOF -wget -O - https://github.com/Requarks/wiki/releases/download/$version/wiki-js.tar.gz | tar xz -C /var/wiki -EOF - -# Install deps and launch -cat << EOF -cd /var/wiki || exit 1 -service wikijs restart -EOF diff --git a/type/__wikijs/man.rst b/type/__wikijs/man.rst deleted file mode 100644 index b259c90..0000000 --- a/type/__wikijs/man.rst +++ /dev/null @@ -1,64 +0,0 @@ -cdist-type__wikijs(7) -======================== - -NAME ----- -cdist-type__wikijs - Deploy the wiki.js software. - -DESCRIPTION ------------ - -See wiki.js.org for more information. This type deploys with a postgresql -database, since it is the upstream recommended for production, and they seem to -strongly suggest that in the next releases, they will not support anything else. - -Currently, this type servers wikijs as standalone, listening on ports 80 and -443, and with a service file for OpenRC. Feel free to contribute a -generalisation if you require one. - -REQUIRED PARAMETERS -------------------- - -database-password - The password to the PSQL database. - -version - 'wikijs' version to be deployed. - -OPTIONAL PARAMETERS -------------------- - -database - The name of the PSQL database to connect to. If omitted, then 'wikijs' is - used. - -database-user - The name of the PSQL database user to connec as. If omitted, then 'wikijs' is - used. - -letsencrypt-mail - If the SSL parameter is passed, then we setup wikijs to automatically obtain - certificates: this is the email used to sign up to a LE account. - -http-port - Specify HTTP port, defaults to 80. - -http-port - Specify HTTPS port, defaults to 443. Only relevant if the SSL flag is enabled. - -BOOLEAN PARAMETERS ------------------- - -ssl - Whether or not to enable the wikijs automatic obtention of LE certificates. - -AUTHORS -------- -Joachim Desroches - -COPYING -------- -Copyright \(C) 2020 Joachim Desroches. You can redistribute it -and/or modify it under the terms of the GNU General Public License as -published by the Free Software Foundation, either version 3 of the -License, or (at your option) any later version. diff --git a/type/__wikijs/manifest b/type/__wikijs/manifest deleted file mode 100644 index b047223..0000000 --- a/type/__wikijs/manifest +++ /dev/null @@ -1,64 +0,0 @@ -#!/bin/sh - -os="$(cat "${__global:?}"/explorer/os)" - -case "$os" in - alpine) - : - ;; - *) - echo "This type has no implementation for $os. Aborting." >&2; - exit 1; -esac - -DB_USER=wikijs -if [ -f "${__object:?}/parameter/database-user" ]; -then - DB_USER="$(cat "${__object:?}/parameter/database-user")" -fi -export DB_USER - -DB_NAME=wikijs -if [ -f "${__object:?}/parameter/database" ]; -then - DB_NAME="$(cat "${__object:?}/parameter/database")" -fi -export DB_NAME - -SSL=false -if [ -f "${__object:?}/parameter/ssl" ]; -then - SSL=true -fi -export SSL - -if [ "$SSL" = "true" ]; -then - if [ -f "${__object:?}/parameter/letsencrypt-mail" ]; - then - LE_EMAIL="$(cat "${__object:?}/parameter/letsencrypt-mail")" - export LE_EMAIL - else - echo "You must specify an email account if you request SSL." - echo "Hit me." - exit 1 - fi -fi - -HTTP_PORT=$(cat "${__object:?}/parameter/http-port") -HTTPS_PORT=$(cat "${__object:?}/parameter/https-port") -export HTTP_PORT HTTPS_PORT - -db_pass="$(cat "${__object:?}/parameter/database-password")" - -__package nodejs -__directory /var/wiki/ - -# These things are Alpine-dependant. -__file /etc/init.d/wikijs --source "${__type:?}/files/wikijs-openrc" -__package nghttp2-dev # Required for some reason, else a symbol is missing - -mkdir -p "${__object:?}/files" -"${__type:?}/files/config.yml.sh" "$db_pass" > "${__object:?}/files/config.yml" -require='__directory/var/wiki' \ - __file /var/wiki/config.yml --source "${__object:?}/files/config.yml" diff --git a/type/__wikijs/parameter/boolean b/type/__wikijs/parameter/boolean deleted file mode 100644 index a2647ce..0000000 --- a/type/__wikijs/parameter/boolean +++ /dev/null @@ -1 +0,0 @@ -ssl diff --git a/type/__wikijs/parameter/default/http-port b/type/__wikijs/parameter/default/http-port deleted file mode 100644 index d15a2cc..0000000 --- a/type/__wikijs/parameter/default/http-port +++ /dev/null @@ -1 +0,0 @@ -80 diff --git a/type/__wikijs/parameter/default/https-port b/type/__wikijs/parameter/default/https-port deleted file mode 100644 index 6a13cf6..0000000 --- a/type/__wikijs/parameter/default/https-port +++ /dev/null @@ -1 +0,0 @@ -443 diff --git a/type/__wikijs/parameter/optional b/type/__wikijs/parameter/optional deleted file mode 100644 index be19c92..0000000 --- a/type/__wikijs/parameter/optional +++ /dev/null @@ -1,5 +0,0 @@ -database -database-user -letsencrypt-mail -http-port -https-port diff --git a/type/__wikijs/parameter/required b/type/__wikijs/parameter/required deleted file mode 100644 index ae542bc..0000000 --- a/type/__wikijs/parameter/required +++ /dev/null @@ -1,2 +0,0 @@ -database-password -version diff --git a/type/__wikijs/singleton b/type/__wikijs/singleton deleted file mode 100644 index e69de29..0000000