mhameed/cdist-contrib
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

Compare commits

base: mhameed:master
Branches Tags
mhameed:master
mhameed:__ipset
mhameed:jitsi
mhameed:unbound-nodns64
mhameed:__matrix_synapse
mhameed:root-mail-dma
..
compare: mhameed:__matrix_synapse
Branches Tags
mhameed:__ipset
mhameed:jitsi
mhameed:master
mhameed:unbound-nodns64
mhameed:__matrix_synapse
mhameed:root-mail-dma

2 commits
master ... __matrix_s

Author SHA1 Message Date
Timothée Floure
716b4de8e1 __matrix_synapse: make shellcheck happy! 2020-07-28 14:44:37 +02:00
Timothée Floure
451f09d746 Import __matrix_synapse type from ungleich's dot-cdist 2020-06-25 11:16:20 +02:00
171 changed files with 2442 additions and 4979 deletions
Download patch file Download diff file Expand all files Collapse all files

21
.gitlab-ci.yml
View file

@ -1,29 +1,14 @@
stages:
- test
- doc
image: code.ungleich.ch:5050/ungleich-public/cdist-contrib/ci-container:latest
image: code.ungleich.ch:5050/ungleich-public/cdist/cdist-ci:latest
shellcheck:
stage: test
script:
- make lint
- ./scripts/run-shellcheck.sh
manpages:
stage: test
script:
- make check-manpages
docs:
stage: doc
only:
- master
before_script:
- eval $(ssh-agent -s)
- echo "$CD_SSH_PRIVATE_KEY" | tr -d '\r' | ssh-add - > /dev/null
- mkdir -p ~/.ssh
- echo "$CD_SSH_SERVER_HOSTKEYS" > ~/.ssh/known_hosts
- chmod 644 ~/.ssh/known_hosts
script:
- make html
- sftp fnux@staticwebhosting.ungleich.ch:public_html/cdist-contrib <<< "put -r docs/dist/html/*"
- ./scripts/run-manpage-checks.sh

4
CHANGELOG.md Normal file
View file

@ -0,0 +1,4 @@
# cdist-contrib changes
* 2020-06-03: New type: __unbound (Timothée Floure)
* 2020-04-28: New type: __find_exec (Ander Punnar)

70
Makefile
View file

@ -1,70 +0,0 @@
.PHONY: help
help:
@echo "Please use \`make <target>' where <target> is one of"
@echo "man build only man user documentation"
@echo "html build only html user documentation"
@echo "docs build both man and html user documentation"
@echo "check-manpages check for manpage in types"
@echo "lint run shellcheck on types"
@echo "check run both type manpage checks and linting"
@echo "clean clean"
DOCS_SRC_DIR=./docs/src
TYPEDIR=./type
SPHINXM=make -C $(DOCS_SRC_DIR) man
SPHINXH=make -C $(DOCS_SRC_DIR) html
SPHINXC=make -C $(DOCS_SRC_DIR) clean
################################################################################
# Manpages
#
MAN7DSTDIR=$(DOCS_SRC_DIR)/man7
# Use shell / ls to get complete list - $(TYPEDIR)/*/man.rst does not work
# Using ls does not work if no file with given pattern exist, so use wildcard
MANTYPESRC=$(wildcard $(TYPEDIR)/*/man.rst)
MANTYPEPREFIX=$(subst $(TYPEDIR)/,$(MAN7DSTDIR)/cdist-type,$(MANTYPESRC))
MANTYPES=$(subst /man.rst,.rst,$(MANTYPEPREFIX))
# Link manpage: do not create man.html but correct named file
$(MAN7DSTDIR)/cdist-type%.rst: $(TYPEDIR)/%/man.rst
mkdir -p $(MAN7DSTDIR)
ln -sf "../../../$^" $@
DOCSINDEX=$(MAN7DSTDIR)/index.rst
DOCSINDEXH=$(DOCS_SRC_DIR)/index.rst.sh
$(DOCSINDEX): $(DOCSINDEXH)
$(DOCSINDEXH)
# Manpages: .cdist Types
DOT_CDIST_PATH=${HOME}/.cdist
DOTMAN7DSTDIR=$(MAN7DSTDIR)
DOTTYPEDIR=$(DOT_CDIST_PATH)/type
# Link manpage: do not create man.html but correct named file
$(DOTMAN7DSTDIR)/cdist-type%.rst: $(DOTTYPEDIR)/%/man.rst
ln -sf "$^" $@
man: $(MANTYPES) $(DOCSINDEX)
$(SPHINXM)
html: $(MANTYPES) $(DOCSINDEX)
$(SPHINXH)
docs: man html
check-manpages:
./scripts/run-manpage-checks.sh
lint:
./scripts/run-shellcheck.sh
check: check-manpages lint
clean:
$(SPHINXC)
rm -f docs/src/index.rst
rm -rf docs/src/man7/
rm -rf docs/src/__pycache__/

18
README.md
View file

@ -5,9 +5,8 @@ tool with community-maitained types which are either too specific to fit/be
maintained in cdist itself or were not accepted in code cdist but could still
be useful.
This project does not have releases and is continously updated: see git history
for change log. You will find HTML documentation at
[contrib.cdi.st](https://contrib.cdi.st).
This project does not have releases and is continously updated: see
`CHANGELOG.md` for details.
## Using cdist-contrib
@ -33,11 +32,14 @@ And you would run [cdist][cdist] from the same directory as follows:
## Participating in the [cdist][cdist] community
Join us on [#cdist:ungleich.ch][cdistmatrix] on matrix!
Join us on [#cdist:ungleich.ch][cdistmatrix] on matrix or on
[#cdist over mattermost][cdistmattermost].
[cdist]: https://www.cdi.st/
[cdistconfig]: https://www.cdi.st/manual/latest/cdist-configuration.html
[cdistmatrix]: https://matrix.to/#/#cdist:ungleich.ch
[cdistmattermost]: https://chat.ungleich.ch/ungleich/channels/cdist
## Contributing
@ -51,11 +53,3 @@ Every type in cdist-contrib must:
* Have a `man.rst` documentation page.
* Pass [shellcheck](http://shellcheck.net/) without errors.
## Other resources
Some people/organizations are known to keep some cdist types that might be of
interest to others:
* [cdist-evilham](https://git.sr.ht/~evilham/cdist-evilham): Evilham's cdist-types
* [cdist-recycledcloud](https://code.recycled.cloud/e-Durable/cdist-recycledcloud): e-Durable SA / Recycled Cloud public types

235
docs/src/Makefile
View file

@ -1,235 +0,0 @@
# Makefile for Sphinx documentation
#
# You can set these variables from the command line.
SPHINXOPTS ?=
SPHINXBUILD ?= sphinx-build
PAPER ?=
BUILDDIR ?= ../dist
# for cache, etc.
_BUILDDIR = _build
# User-friendly check for sphinx-build
ifeq ($(shell which $(SPHINXBUILD) >/dev/null 2>&1; echo $$?), 1)
$(error The '$(SPHINXBUILD)' command was not found. Make sure you have Sphinx installed, then set the SPHINXBUILD environment variable to point to the full path of the '$(SPHINXBUILD)' executable. Alternatively you can add the directory with the executable to your PATH. If you don\'t have Sphinx installed, grab it from http://sphinx-doc.org/)
endif
# Internal variables.
PAPEROPT_a4 = -D latex_paper_size=a4
PAPEROPT_letter = -D latex_paper_size=letter
ALLSPHINXOPTS = -d $(_BUILDDIR)/doctrees $(PAPEROPT_$(PAPER)) $(SPHINXOPTS) .
# the i18n builder cannot share the environment and doctrees with the others
I18NSPHINXOPTS = $(PAPEROPT_$(PAPER)) $(SPHINXOPTS) .
.PHONY: help
help:
@echo "Please use \`make <target>' where <target> is one of"
@echo " html to make standalone HTML files"
@echo " dirhtml to make HTML files named index.html in directories"
@echo " singlehtml to make a single large HTML file"
@echo " pickle to make pickle files"
@echo " json to make JSON files"
@echo " htmlhelp to make HTML files and a HTML help project"
@echo " qthelp to make HTML files and a qthelp project"
@echo " applehelp to make an Apple Help Book"
@echo " devhelp to make HTML files and a Devhelp project"
@echo " epub to make an epub"
@echo " epub3 to make an epub3"
@echo " latex to make LaTeX files, you can set PAPER=a4 or PAPER=letter"
@echo " latexpdf to make LaTeX files and run them through pdflatex"
@echo " latexpdfja to make LaTeX files and run them through platex/dvipdfmx"
@echo " text to make text files"
@echo " man to make manual pages"
@echo " texinfo to make Texinfo files"
@echo " info to make Texinfo files and run them through makeinfo"
@echo " gettext to make PO message catalogs"
@echo " changes to make an overview of all changed/added/deprecated items"
@echo " xml to make Docutils-native XML files"
@echo " pseudoxml to make pseudoxml-XML files for display purposes"
@echo " linkcheck to check all external links for integrity"
@echo " doctest to run all doctests embedded in the documentation (if enabled)"
@echo " coverage to run coverage check of the documentation (if enabled)"
@echo " dummy to check syntax errors of document sources"
.PHONY: clean
clean:
rm -rf $(BUILDDIR)/*
rm -rf $(_BUILDDIR)/*
.PHONY: html
html:
$(SPHINXBUILD) -b html $(ALLSPHINXOPTS) $(BUILDDIR)/html
@echo
@echo "Build finished. The HTML pages are in $(BUILDDIR)/html."
.PHONY: dirhtml
dirhtml:
$(SPHINXBUILD) -b dirhtml $(ALLSPHINXOPTS) $(BUILDDIR)/dirhtml
@echo
@echo "Build finished. The HTML pages are in $(BUILDDIR)/dirhtml."
.PHONY: singlehtml
singlehtml:
$(SPHINXBUILD) -b singlehtml $(ALLSPHINXOPTS) $(BUILDDIR)/singlehtml
@echo
@echo "Build finished. The HTML page is in $(BUILDDIR)/singlehtml."
.PHONY: pickle
pickle:
$(SPHINXBUILD) -b pickle $(ALLSPHINXOPTS) $(BUILDDIR)/pickle
@echo
@echo "Build finished; now you can process the pickle files."
.PHONY: json
json:
$(SPHINXBUILD) -b json $(ALLSPHINXOPTS) $(BUILDDIR)/json
@echo
@echo "Build finished; now you can process the JSON files."
.PHONY: htmlhelp
htmlhelp:
$(SPHINXBUILD) -b htmlhelp $(ALLSPHINXOPTS) $(BUILDDIR)/htmlhelp
@echo
@echo "Build finished; now you can run HTML Help Workshop with the" \
".hhp project file in $(BUILDDIR)/htmlhelp."
.PHONY: qthelp
qthelp:
$(SPHINXBUILD) -b qthelp $(ALLSPHINXOPTS) $(BUILDDIR)/qthelp
@echo
@echo "Build finished; now you can run "qcollectiongenerator" with the" \
".qhcp project file in $(BUILDDIR)/qthelp, like this:"
@echo "# qcollectiongenerator $(BUILDDIR)/qthelp/cdist-docs.qhcp"
@echo "To view the help file:"
@echo "# assistant -collectionFile $(BUILDDIR)/qthelp/cdist-docs.qhc"
.PHONY: applehelp
applehelp:
$(SPHINXBUILD) -b applehelp $(ALLSPHINXOPTS) $(BUILDDIR)/applehelp
@echo
@echo "Build finished. The help book is in $(BUILDDIR)/applehelp."
@echo "N.B. You won't be able to view it unless you put it in" \
"~/Library/Documentation/Help or install it in your application" \
"bundle."
.PHONY: devhelp
devhelp:
$(SPHINXBUILD) -b devhelp $(ALLSPHINXOPTS) $(BUILDDIR)/devhelp
@echo
@echo "Build finished."
@echo "To view the help file:"
@echo "# mkdir -p $$HOME/.local/share/devhelp/cdist-docs"
@echo "# ln -s $(BUILDDIR)/devhelp $$HOME/.local/share/devhelp/cdist-docs"
@echo "# devhelp"
.PHONY: epub
epub:
$(SPHINXBUILD) -b epub $(ALLSPHINXOPTS) $(BUILDDIR)/epub
@echo
@echo "Build finished. The epub file is in $(BUILDDIR)/epub."
.PHONY: epub3
epub3:
$(SPHINXBUILD) -b epub3 $(ALLSPHINXOPTS) $(BUILDDIR)/epub3
@echo
@echo "Build finished. The epub3 file is in $(BUILDDIR)/epub3."
.PHONY: latex
latex:
$(SPHINXBUILD) -b latex $(ALLSPHINXOPTS) $(BUILDDIR)/latex
@echo
@echo "Build finished; the LaTeX files are in $(BUILDDIR)/latex."
@echo "Run \`make' in that directory to run these through (pdf)latex" \
"(use \`make latexpdf' here to do that automatically)."
.PHONY: latexpdf
latexpdf:
$(SPHINXBUILD) -b latex $(ALLSPHINXOPTS) $(BUILDDIR)/latex
@echo "Running LaTeX files through pdflatex..."
$(MAKE) -C $(BUILDDIR)/latex all-pdf
@echo "pdflatex finished; the PDF files are in $(BUILDDIR)/latex."
.PHONY: latexpdfja
latexpdfja:
$(SPHINXBUILD) -b latex $(ALLSPHINXOPTS) $(BUILDDIR)/latex
@echo "Running LaTeX files through platex and dvipdfmx..."
$(MAKE) -C $(BUILDDIR)/latex all-pdf-ja
@echo "pdflatex finished; the PDF files are in $(BUILDDIR)/latex."
.PHONY: text
text:
$(SPHINXBUILD) -b text $(ALLSPHINXOPTS) $(BUILDDIR)/text
@echo
@echo "Build finished. The text files are in $(BUILDDIR)/text."
.PHONY: man
man:
$(SPHINXBUILD) -b cman $(ALLSPHINXOPTS) $(BUILDDIR)/man
mkdir -p $(BUILDDIR)/man/man7
mv -f $(BUILDDIR)/man/*.7 $(BUILDDIR)/man/man7/
@echo
@echo "Build finished. The manual pages are in $(BUILDDIR)/man."
.PHONY: texinfo
texinfo:
$(SPHINXBUILD) -b texinfo $(ALLSPHINXOPTS) $(BUILDDIR)/texinfo
@echo
@echo "Build finished. The Texinfo files are in $(BUILDDIR)/texinfo."
@echo "Run \`make' in that directory to run these through makeinfo" \
"(use \`make info' here to do that automatically)."
.PHONY: info
info:
$(SPHINXBUILD) -b texinfo $(ALLSPHINXOPTS) $(BUILDDIR)/texinfo
@echo "Running Texinfo files through makeinfo..."
make -C $(BUILDDIR)/texinfo info
@echo "makeinfo finished; the Info files are in $(BUILDDIR)/texinfo."
.PHONY: gettext
gettext:
$(SPHINXBUILD) -b gettext $(I18NSPHINXOPTS) $(BUILDDIR)/locale
@echo
@echo "Build finished. The message catalogs are in $(BUILDDIR)/locale."
.PHONY: changes
changes:
$(SPHINXBUILD) -b changes $(ALLSPHINXOPTS) $(BUILDDIR)/changes
@echo
@echo "The overview file is in $(BUILDDIR)/changes."
.PHONY: linkcheck
linkcheck:
$(SPHINXBUILD) -b linkcheck $(ALLSPHINXOPTS) $(BUILDDIR)/linkcheck
@echo
@echo "Link check complete; look for any errors in the above output " \
"or in $(BUILDDIR)/linkcheck/output.txt."
.PHONY: doctest
doctest:
$(SPHINXBUILD) -b doctest $(ALLSPHINXOPTS) $(BUILDDIR)/doctest
@echo "Testing of doctests in the sources finished, look at the " \
"results in $(BUILDDIR)/doctest/output.txt."
.PHONY: coverage
coverage:
$(SPHINXBUILD) -b coverage $(ALLSPHINXOPTS) $(BUILDDIR)/coverage
@echo "Testing of coverage in the sources finished, look at the " \
"results in $(BUILDDIR)/coverage/python.txt."
.PHONY: xml
xml:
$(SPHINXBUILD) -b xml $(ALLSPHINXOPTS) $(BUILDDIR)/xml
@echo
@echo "Build finished. The XML files are in $(BUILDDIR)/xml."
.PHONY: pseudoxml
pseudoxml:
$(SPHINXBUILD) -b pseudoxml $(ALLSPHINXOPTS) $(BUILDDIR)/pseudoxml
@echo
@echo "Build finished. The pseudo-XML files are in $(BUILDDIR)/pseudoxml."
.PHONY: dummy
dummy:
$(SPHINXBUILD) -b dummy $(ALLSPHINXOPTS) $(BUILDDIR)/dummy
@echo
@echo "Build finished. Dummy builder generates no files."

101
docs/src/conf.py
View file

@ -1,101 +0,0 @@
#!/usr/bin/env python3
import sys
import os
import sphinx_rtd_theme
from datetime import date
# If extensions (or modules to document with autodoc) are in another directory,
# add these directories to sys.path here. If the directory is relative to the
# documentation root, use os.path.abspath to make it absolute, like shown here.
# sys.path.insert(0, os.path.abspath('.'))
sys.path.insert(0, os.path.abspath(os.path.join(
os.path.dirname(os.path.realpath(__file__)), "..", "..")))
# -- General configuration ------------------------------------------------
# If your documentation needs a minimal Sphinx version, state it here.
# needs_sphinx = '1.0'
# Add any Sphinx extension module names here, as strings. They can be
# extensions coming with Sphinx (named 'sphinx.ext.*') or your custom
# ones.
extensions = [
'docs.src.manpage',
'sphinx.ext.extlinks',
]
# The suffix(es) of source filenames.
# You can specify multiple suffix as a list of string:
source_suffix = ['.rst']
# The encoding of source files.
# source_encoding = 'utf-8-sig'
# The master toctree document.
master_doc = 'index'
# General information about the project.
project = 'cdist-contrib'
copyright = 'cdist-contrib contributors'
# The version info for the project you're documenting, acts as replacement for
# |version| and |release|, also used in various other places throughout the
# built documents.
version = str(date.today())
release = os.popen('git rev-parse HEAD').read()
# The language for content autogenerated by Sphinx. Refer to documentation
# for a list of supported languages.
#
# This is also used if you do content translation via gettext catalogs.
# Usually you set "language" from the command line for these cases.
language = None
# The name of the Pygments (syntax highlighting) style to use.
pygments_style = 'sphinx'
# If true, `todo` and `todoList` produce output, else they produce nothing.
todo_include_todos = False
# -- Options for HTML output ----------------------------------------------
# The theme to use for HTML and HTML Help pages. See the documentation for
# a list of builtin themes.
html_theme = 'sphinx_rtd_theme'
html_theme_path = [sphinx_rtd_theme.get_html_theme_path()]
# Output file base name for HTML help builder.
htmlhelp_basename = 'cdistcontribdoc'
# -- Options for manual page output ---------------------------------------
# One entry per manual page. List of tuples
# (source start file, name, description, authors, manual section).
root_mandir = os.path.dirname(os.path.realpath(__file__))
mandirs = []
for mansubdir in ('man7',):
mandirs.append((os.path.join(root_mandir, mansubdir), mansubdir[-1]))
man_pages = []
for mandir, section in mandirs:
for root, dirs, files in os.walk(mandir):
for fname in files:
froot, fext = os.path.splitext(fname)
if fext == '.rst':
man_page = (os.path.join('man' + str(section), froot),
froot, '', [], section)
man_pages.append(man_page)
# man_pages = [
# ('cdist-type', 'cdist-type', 'cdist-type documentation',
# [author], 1),
# ('man7/cdist-type__file', 'cdist-type__file',
# '', [], 1),
# ('cdist-type__directory', 'cdist-type__directory',
# 'cdist-type__directory documentation', [author], 1),
# ]
# If true, show URL addresses after external links.
# man_show_urls = False

40
docs/src/index.rst.sh
View file

@ -1,40 +0,0 @@
#!/bin/sh
__cdist_pwd="$(pwd -P)"
__cdist_mydir="${0%/*}";
__cdist_abs_mydir="$(cd "$__cdist_mydir" && pwd -P)"
__cdist_myname=${0##*/};
__cdist_abs_myname="$__cdist_abs_mydir/$__cdist_myname"
filename="${__cdist_myname%.sh}"
dest="$__cdist_abs_mydir/$filename"
if ! command -v pandoc > /dev/null; then
echo "Pandoc is required to generate HTML index from README." >&2
exit 1
fi
cd "$__cdist_abs_mydir"
exec > "$dest"
pandoc -f markdown -t rst ../../README.md
cat << EOF
.. toctree::
:hidden:
EOF
# If there is no such file then ls prints error to stderr,
# so redirect stderr to /dev/null.
for type in $(ls man7/cdist-type__*.rst 2>/dev/null | LC_ALL=C sort); do
no_dir="${type#man7/}";
no_type="${no_dir#cdist-type}";
name="${no_type%.rst}";
manref="${no_dir%.rst}"
man="${manref}(7)"
echo " $name" "<man7/${manref}>"
done

87
docs/src/manpage.py
View file

@ -1,87 +0,0 @@
import sphinx.builders.manpage
import sphinx.writers.manpage
from docutils.frontend import OptionParser
from sphinx.util.console import bold, darkgreen
from six import string_types
from docutils.io import FileOutput
from os import path
from sphinx.util.nodes import inline_all_toctrees
from sphinx import addnodes
from sphinx.util import logging
"""
Extension based on sphinx builtin manpage.
It does not write its own .SH NAME based on config,
but leaves everything to actual reStructuredText file content.
"""
logger = logging.getLogger(__name__)
class ManualPageTranslator(sphinx.writers.manpage.ManualPageTranslator):
def header(self):
tmpl = (".TH \"%(title_upper)s\" \"%(manual_section)s\""
" \"%(date)s\" \"%(version)s\" \"%(manual_group)s\"\n")
return tmpl % self._docinfo
class ManualPageWriter(sphinx.writers.manpage.ManualPageWriter):
def __init__(self, builder):
super().__init__(builder)
self.translator_class = (
self.builder.get_translator_class() or ManualPageTranslator)
class ManualPageBuilder(sphinx.builders.manpage.ManualPageBuilder):
name = 'cman'
default_translator_class = ManualPageTranslator
def write(self, *ignored):
docwriter = ManualPageWriter(self)
docsettings = OptionParser(
defaults=self.env.settings,
components=(docwriter,),
read_config_files=True).get_default_values()
logger.info(bold('writing... '), nonl=True)
for info in self.config.man_pages:
docname, name, description, authors, section = info
if isinstance(authors, string_types):
if authors:
authors = [authors]
else:
authors = []
targetname = '%s.%s' % (name, section)
logger.info(darkgreen(targetname) + ' { ', nonl=True)
destination = FileOutput(
destination_path=path.join(self.outdir, targetname),
encoding='utf-8')
tree = self.env.get_doctree(docname)
docnames = set()
largetree = inline_all_toctrees(self, docnames, docname, tree,
darkgreen, [docname])
logger.info('} ', nonl=True)
self.env.resolve_references(largetree, docname, self)
# remove pending_xref nodes
for pendingnode in largetree.traverse(addnodes.pending_xref):
pendingnode.replace_self(pendingnode.children)
largetree.settings = docsettings
largetree.settings.title = name
largetree.settings.subtitle = description
largetree.settings.authors = authors
largetree.settings.section = section
docwriter.write(largetree, destination)
logger.info("")
def setup(app):
app.add_builder(ManualPageBuilder)

7
scripts/ci-container/Dockerfile
View file

@ -1,7 +0,0 @@
# This image is used in the cdist-contrib CI for linting and generating the
# documentation.
FROM fedora:latest
MAINTAINER Timothée Floure <fnux@ungleich.ch>
RUN dnf install -y git findutils make python3-sphinx python3-sphinx_rtd_theme \
ShellCheck openssh-clients pandoc

26
scripts/run-shellcheck.sh
View file

@ -1,29 +1,21 @@
#!/bin/sh -eu
#!/bin/sh
SHELLCHECKCMD='shellcheck -s sh -f gcc -x'
SHELLCHECKCMD="shellcheck -s sh -f gcc -x"
# Skip SC2154 for variables starting with __ since such variables are cdist
# environment variables.
SHELLCHECK_SKIP=': __.*is referenced but not assigned.*\[SC2154\]'
SHELLCHECKTMP='.shellcheck.tmp'
SHELLCHECKTMP=".shellcheck.tmp"
# Move to top-level cdist-contrib directory.
cd "$(dirname $0)"/..
cd $(dirname $0)/..
check() {
find type/ -type f "$@" -exec ${SHELLCHECKCMD} {} + \
| grep -v "${SHELLCHECK_SKIP}" >>"${SHELLCHECKTMP}" || true
check () {
find type/ -type f $1 $2 -exec ${SHELLCHECKCMD} {} + | grep -v "${SHELLCHECK_SKIP}" > "${SHELLCHECKTMP}"
test ! -s "${SHELLCHECKTMP}" || { cat "${SHELLCHECKTMP}"; exit 1; }
}
rm -f "${SHELLCHECKTMP}"
check -path '*/explorer/*'
check -path '*/files/*' -name '*.sh'
check -path "*/explorer/*"
check -path "*/files/*"
check -name manifest
check -name gencode-local
check -name gencode-remote
if test -s "${SHELLCHECKTMP}"
then
cat "${SHELLCHECKTMP}" >&2
exit 1
fi

36
type/__borg_repo/gencode-remote
View file

@ -1,36 +0,0 @@
#!/bin/sh
passphrase=
appendonly=
case "$(cat "${__object:?}/parameter/encryption")" in
none)
enc=none
;;
repokey)
enc=repokey
if [ -f "${__object:?}/parameter/passphrase" ];
then
passphrase="$(cat "${__object:?}/parameter/passphrase")"
else
echo "__borg_repo cannot use repokey encryption with no passphrase. Aborting." >&2;
exit 1;
fi
;;
*)
echo "$enc is not a known encryption mode for __borg_repo. Aborting." >&2
exit 1;
esac
if [ -f "${__object:?}/parameter/append-only" ];
then
appendonly='--append-only'
fi
cat <<- EOF
if ! borg check --repository-only 1>&2 2>/dev/null "/${__object_id:?}";
then
BORG_NEW_PASSPHRASE=$passphrase borg init -e ${enc:?} $appendonly /${__object_id:?}
fi
EOF

43
type/__borg_repo/man.rst
View file

@ -1,43 +0,0 @@
cdist-type__borg_repo(7)
========================
NAME
----
cdist-type__borg_repo - Configure a borg repository on host
DESCRIPTION
-----------
Initializes a borg repository at the location specified in the
`${__object_id}`. Nothing is done if the repository already exists.
Currently, only `none` and `repokey` are supported as encryption modes;
`repokey` requires the `passphrase` argument to be given. The default is
`none`.
REQUIRED PARAMETERS
-------------------
encryption
The encryption to use.
OPTIONAL PARAMETERS
-------------------
passphrase
The passphrase to encrypt the keyfile with.
BOOLEAN PARAMETERS
------------------
append-only
If the repository is append-only
AUTHORS
-------
Joachim Desroches <joachim.desroches@epfl.ch>
COPYING
-------
Copyright \(C) 2020 Joachim Desroches. You can redistribute it
and/or modify it under the terms of the GNU General Public License as
published by the Free Software Foundation, either version 3 of the
License, or (at your option) any later version.

14
type/__borg_repo/manifest
View file

@ -1,14 +0,0 @@
#!/bin/sh
os="$(cat "${__global:?}"/explorer/os)"
case "$os" in
"alpine")
borg_package=borgbackup
;;
*)
echo "__borg_repo is not yet implemented for os $os. Aborting." >&2;
exit 1;
esac
__package "$borg_package"

1
type/__borg_repo/parameter/boolean
View file

@ -1 +0,0 @@
append-only

1
type/__borg_repo/parameter/default/encryption
View file

@ -1 +0,0 @@
none

1
type/__borg_repo/parameter/optional
View file

@ -1 +0,0 @@
passphrase

1
type/__borg_repo/parameter/required
View file

@ -1 +0,0 @@
encryption

49
type/__dma/explorer/auth_conf
View file

@ -1,49 +0,0 @@
#!/bin/sh -e
#
# 2020 Dennis Camera (dennis.camera at ssrq-sds-fds.ch)
#
# This file is part of cdist.
#
# cdist is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# cdist is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
#
# This explorer determines the path of dma's auth.conf file
# No dma.conf -> use default
test -f /etc/dma/dma.conf || {
echo /etc/dma/auth.conf
exit 0
}
test -r /etc/dma/dma.conf || {
echo 'Cannot read /etc/dma/dma.conf' >&2
exit 1
}
# Get AUTHPATH from dma.conf
awk -F'[ \t]' '
{
sub(/#.*$/, "", $0) # remove comments
if (!$0) next # ignore empty lines
}
$1 == "AUTHPATH" {
# Store authpath. In dma conf parsing last wins.
if ($2) authpath = substr($0, index($0, " ") + 1)
}
END {
if (authpath) {
print authpath
exit 0
} else exit 1
}
' /etc/dma/dma.conf \
|| echo /etc/dma/auth.conf # default

34
type/__dma/explorer/conf
View file

@ -1,34 +0,0 @@
#!/bin/sh -e
#
# 2020 Dennis Camera (dennis.camera at ssrq-sds-fds.ch)
#
# This file is part of cdist.
#
# cdist is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# cdist is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
#
# This explorer returns a sorted list of "active" (= non-commented) lines
# in the dma.conf file.
# "Trailing" line comments are stripped off.
#
# NOTE: This explorer assumes that the sort(1) utility supports the non-POXIX
# -s (stable sort) option.
CONF_PATH=/etc/dma # set in Makefile
dma_conf="${CONF_PATH:?}/dma.conf"
test -f "${dma_conf}" || exit 0
grep -v -e '^[ \t]*#\|^$' "${dma_conf}" \
| sed -e 's/[ \t]*#.*$//' \
| sort -s -k 1,1

178
type/__dma/files/update_dma_conf.awk
View file

@ -1,178 +0,0 @@
#!/usr/bin/awk -f
#
# 2020 Dennis Camera (dennis.camera at ssrq-sds-fds.ch)
#
# This file is part of cdist.
#
# cdist is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# cdist is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
function comment_line(line) {
# returns the position in line at which the comment's text starts
# (0 if the line is not a comment)
match(line, /^[ \t]*\#+[ \t]*/)
return RSTART ? (RLENGTH + 1) : 0
}
function empty_line(line) { return line ~ /^[ \t]*$/ }
function is_word(s) { return s ~ /^[A-Z_]+$/ } # "looks like a plausible word"
function first(line, sep_re) {
# returns the part of the line until sep is found
# (or the whole line if sep is not found)
if (!sep_re) sep_re = "[" SUBSEP "]"
match(line, sep_re)
return RSTART ? substr(line, 1, RSTART - 1) : line
}
function rest(line, sep_re) {
# returns the part of the line after the first occurrence of sep is found.
# (or nothing if sep is not found)
if (!sep_re) sep_re = "[" SUBSEP "]"
if (match(line, sep_re))
return substr(line, RSTART + RLENGTH)
}
function conf_pop(word, value) {
# returns the next value for the config `word` and delete it from the list.
# if value is set, this function will only return value if it is the first
# option in the list, otherwise it returns 0.
if (!(word in conf)) return 0
if (!value) {
if (index(conf[word], SUBSEP)) # more than one element?
value = substr(conf[word], 1, index(conf[word], SUBSEP) - 1)
else
value = conf[word]
}
if (index(conf[word], SUBSEP)) {
if (index(conf[word], value SUBSEP) != 1) return 0
conf[word] = substr(conf[word], length(value) + 2)
} else {
if (conf[word] != value) return 0
delete conf[word]
}
return value
}
function print_conf(word, value) {
# print a config line with the given parameters
printf "%s", word
if (value) printf " %s", value
printf "\n"
}
function print_confs(word, value) {
# print config lines for all values stored in conf[word].
if (!(word in conf)) return
if (conf[word]) {
while (value = conf_pop(word))
print_conf(word, value)
} else {
print_conf(word)
delete conf[word]
}
}
BEGIN {
FS = "\n"
EQS = "[ \t]" # copied from dma/conf.c
if (ARGV[2]) exit (e=1)
# Loop over file twice!
ARGV[2] = ARGV[1]
ARGC++
# read the "should" state into the `conf` array.
while (getline < "/dev/stdin") {
word = first($0, EQS)
if ((word in conf))
conf[word] = conf[word] SUBSEP rest($0, EQS)
else
conf[word] = rest($0, EQS)
}
}
# first pass, gather information about where which information is stored in the
# current config file. This information will be used in the second pass.
NR == FNR {
if (comment_line($0)) {
# comment line
word = first(substr($0, comment_line($0)), " ")
if (is_word(word)) last_occ["#" word] = FNR
} else {
word = first($0, EQS)
if (is_word(word)) last_occ[word] = FNR
}
}
# before second pass prepare hashes containing location information to be used
# in the second pass.
NR > FNR && FNR == 1 {
# First we drop the locations of commented-out options if a non-commented
# option is available. If a non-commented option is available, we will
# append new config options there to have them all at one place.
for (k in last_occ)
if (k ~ /^\#/ && (substr(k, 2) in last_occ))
delete last_occ[k]
# Reverse the option => line mapping. The line_map allows for easier lookups
# in the second pass.
for (k in last_occ) line_map[last_occ[k]] = k
}
# second pass, generate and output new config
NR > FNR {
if (comment_line($0) || empty_line($0)) {
# comment or empty line
print
if ((FNR in line_map)) {
if (line_map[FNR] ~ /^\#/) {
# This line contains a commented config option. If the conf hash
# contains options to be set, we output them here because this
# option is not used in the current config.
k = substr(line_map[FNR], 2)
if ((k in conf)) print_confs(k)
}
if (("INSECURE" in conf) && line_map[FNR] ~ /^\#?SECURE$/) {
# INSECURE goes where SECURE comment is.
print_confs("INSECURE")
}
}
} else {
word = first($0, EQS)
value = rest($0, EQS)
sub(/[ \t]*\#.*$/, "", value) # ignore comments in value
if ((word in conf) && value == first(conf[word])) {
# keep config options we want
conf_pop(word)
print
}
if ((FNR in line_map) && line_map[FNR] == word) {
# rest of config options should be here
print_confs(word)
}
}
}
END {
if (e) exit
# print rest of config options (
for (word in conf) print_confs(word)
}

177
type/__dma/gencode-remote
View file

@ -1,177 +0,0 @@
#!/bin/sh -e
#
# 2020 Dennis Camera (dennis.camera@ssrq-sds-fds.ch)
#
# This file is part of cdist.
#
# cdist is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# cdist is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
#
quote() { printf "'%s'" "$(printf '%s' "$*" | sed -e "s/'/'\\\\''/g")"; }
drop_awk_comments() { quote "$(sed '/^[[:blank:]]*#.*$/d;/^$/d' "$@")"; }
CONF_PATH=/etc/dma # set in Makefile
# Determine mailname
if test -f "${__object:?}/parameter/mailname"
then
mailname=$(cat "${__object:?}/parameter/mailname")
else
case $(cat "${__global:?}/explorer/os")
in
(debian|devuan|ubuntu)
# On Debian-like systems use /etc/mailname unless --mailname is used
mailname='/etc/mailname'
;;
(*)
mailname=${__target_fqdn:?}
;;
esac
fi
# Generate "should" values for config
conf_should=$(
if test -s "${__object:?}/parameter/smarthost"
then
printf 'SMARTHOST %s\n' "$(cat "${__object:?}/parameter/smarthost")"
fi
printf 'MAILNAME %s\n' "${mailname}"
if test -s "${__object:?}/explorer/auth_conf"
then
printf "AUTHPATH %s\n" "$(cat "${__object:?}/explorer/auth_conf")"
fi
case $(cat "${__object:?}/parameter/security")
in
(ssl|tls)
default_smtp_port=465
echo 'SECURETRANSFER'
;;
(starttls)
default_smtp_port=587
echo 'SECURETRANSFER'
echo 'STARTTLS'
;;
(opportunistic)
default_smtp_port=25
echo 'SECURETRANSFER'
echo 'STARTTLS'
echo 'OPPORTUNISTIC_TLS'
;;
(insecure)
default_smtp_port=25
echo 'INSECURE'
;;
esac
if test -s "${__object:?}/parameter/port"
then
printf 'PORT %u\n' "$(cat "${__object:?}/parameter/port")"
elif test "${default_smtp_port}" -ne 25 # DMA uses port 25 by default
then
printf 'PORT %u\n' "${default_smtp_port}"
fi
if test -f "${__object:?}/parameter/masquerade"
then
while read -r line
do
printf 'MASQUERADE %s\n' "${line}"
done <"${__object:?}/parameter/masquerade"
fi
if test -f "${__object:?}/parameter/defer"
then
echo 'DEFER'
fi
if test -f "${__object:?}/parameter/fullbounce"
then
echo 'FULLBOUNCE'
fi
if test -f "${__object:?}/parameter/nullclient"
then
test -s "${__object:?}/parameter/smarthost" || {
echo '--nullclient requires a --smarthost to be defined' >&2
exit 1
}
echo 'NULLCLIENT'
fi
)
# Sort conf_should to compare against "conf_is"
conf_should=$(echo "${conf_should}" | sort -s -k 1,1)
config_updated=false
if ! echo "${conf_should}" | cmp -s "${__object:?}/explorer/conf" -
then
# config needs to be updated
dma_conf="${CONF_PATH:?}/dma.conf"
# The following AWK script will output the new config file to be stored on
# disk. To do so it reads the current dma.conf file and the config options
# that should be set (from stdin).
# Note that the path to the current dma.conf is passed to AWK twice, because
# the new file cannot be generated in one pass.
# The logic tries to place options at a sensible location, that is:
# a) if the option is already used in the config file:
# group all similar options (e.g. MASQUERADE) at one place in the order
# they are listed in stdin.
# b) if it is a new option and a "default comment" (e.g. "#PORT 25") exists:
# place options grouped directly after the comment (the comment is left
# alone)
# c) otherwise:
# options are grouped by word (the first word in the line) and appended
# at the end of the file.
cat <<-CODE
awk $(drop_awk_comments "${__type:?}/files/update_dma_conf.awk") $(quote "${dma_conf}") <<'EOF' >$(quote "${dma_conf}.tmp") \
&& cat $(quote "${dma_conf}.tmp") >$(quote "${dma_conf}")
${conf_should}
EOF
rm $(quote "${dma_conf}.tmp")
CODE
config_updated=true
echo 'config updated' >>"${__messages_out:?}"
fi
# Send a test email if enabled and necessary (=configuration changed)
if test -f "${__object:?}/parameter/send-test-mail"
then
if grep -q '^__mail_alias/root:' "${__messages_in:?}" \
|| grep -q '^__dma_auth/' "${__messages_in:?}" \
|| ${config_updated}
then
cat <<-CODE
sendmail root <<'EOF'
Subject: [cdist] Test mail from '${__target_fqdn:?}'
Hi,
you can ignore this message.
Its sole purpose is to notify you that root mail on ${__target_fqdn:?}
will be redirected to you.
Enjoy!
EOF
CODE
fi
fi

112
type/__dma/man.rst
View file

@ -1,112 +0,0 @@
cdist-type__dma(7)
============================
NAME
----
cdist-type__dma - Setup the DragonFly Mail Agent as the MTA.
DESCRIPTION
-----------
This (singleton) type uses DMA, a small Mail Transport Agent (MTA), to accept
mails from locally installed Mail User Agents (MUA) and either deliver the mails
to a remote smart host for delivery or communicate with remote SMTP servers
directly.
REQUIRED PARAMETERS
-------------------
None.
BOOLEAN PARAMETERS
------------------
defer
If enabled, mail will not be sent immediately, but stored in a queue.
To flush the queue and send the mails, ```dma -q`` has to be run
periodically (e.g. using a cron job.)
This type does not manage such a cron job, but some operating systems ship
such a cron job with the package.
fullbounce
Enable if bounce messages should include the complete original message,
not just the headers.
nullclient
Enable to bypass aliases and local delivery, and instead forward all mails
to the defined ``--smarthost``.
send-test-mail
If set, this type will send a test email to root after setup, to check if
the configured settings work.
OPTIONAL PARAMETERS
-------------------
mailname
If present, this will be the hostname used to identify this host and the
remote part of the sender addresses.
If not defined, it defaults to ``/etc/mailname`` on Debian derivatives and
to ``__target_fqdn`` otherwise.
See `dma(8)` for more information.
Note: on Debian derivatives the ``/etc/mailname`` file should be updated
instead of using this parameter.
masquerade
Masquerade the envelope-from addresses with this address/hostname.
Use this setting if mails are not accepted by destination mail servers
because your sender domain is invalid.
This option can be used multiple times.
For more information see the `dma(8)` man page.
port
The port on which to deliver email.
If not provided, a sensible default port will be used based on the
``--security`` argument.
security
Configures whether and how DMA should use secure connections.
ssl/tls
Enable TLS/SSL secured transfer.
starttls
Use STARTTLS to establish a secure connection.
opportunistic (default)
Will try to establish a secure connection using STARTTLS, but allow
unencrypted transfer if STARTTLS fails.
Most useful when dma is used without a smarthost, delivering remote
messages directly to the outside mail exchangers.
insecure
allow plain text SMTP login over an insecure connection.
Should really *not* be used anymore!
smarthost
The mail server used to send email.
It must be configured to act as a relay for the host being configured by
this type so that mail can be sent to users non-local to the smarthost.
EXAMPLES
--------
.. code-block:: sh
# Install DMA and use the smarthost mx1.domain.tld to send mail.
__dma --smarthost mx1.domain.tld --send-test-mail
# Install DMA in a default configuration.
__dma
SEE ALSO
--------
- `DragonFly Mail Agent <https://github.com/corecode/dma>`_
- `DragonFly Handbook MTA <https://www.dragonflybsd.org/handbook/mta/>`_
AUTHORS
-------
Evilham <contact@evilham.com>
Dennis Camera <dennis.camera@ssrq-sds-fds.ch>
COPYING
-------
Copyright \(C) 2020 Evilham and Dennis Camera. You can redistribute it
and/or modify it under the terms of the GNU General Public License as
published by the Free Software Foundation, either version 3 of the
License, or (at your option) any later version.

66
type/__dma/manifest
View file

@ -1,66 +0,0 @@
#!/bin/sh -e
#
# 2020 Dennis Camera (dennis.camera@ssrq-sds-fds.ch)
#
# This file is part of cdist.
#
# cdist is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# cdist is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
#
os=$(cat "${__global:?}/explorer/os")
# Install DMA
case ${os}
in
(alpine)
__package dma --state present
export require='__package/dma'
;;
(debian|devuan|ubuntu)
__package dma --state present
export require='__package/dma'
;;
(freebsd)
# Stop sendmail if necessary
__process 'sendmail' --name 'sendmail.*' --state absent \
--stop '/etc/rc.d/sendmail onestop'
# ... and disable it
__key_value 'rcconf-sendmail-enable' --file '/etc/rc.conf' \
--key 'sendmail_enable' --delimiter '=' --value '"NONE"' \
--exact_delimiter
# Setup mailwrapper accordingly
__file '/etc/mail/mailer.conf' --mode 0644 --source - <<-'EOF'
#
# Execute the "real" sendmail program, named /usr/libexec/sendmail/sendmail
#
sendmail /usr/libexec/dma
send-mail /usr/libexec/dma
mailq /usr/libexec/dma
newaliases /usr/libexec/dma
rmail /usr/libexec/dma
EOF
;;
(*)
cat <<EOF >&2
Your OS (${os}) is not supported yet.
Maybe adding support is as simple as adapting the packages or allowing it,
we highly encourage you to open a PR with the necessary changes.
See: https://code.ungleich.ch/ungleich-public/cdist-contrib/
EOF
exit 1
;;
esac

4
type/__dma/parameter/boolean
View file

@ -1,4 +0,0 @@
defer
fullbounce
nullclient
send-test-mail

1
type/__dma/parameter/default/security
View file

@ -1 +0,0 @@
opportunistic

4
type/__dma/parameter/optional
View file

@ -1,4 +0,0 @@
mailname
port
security
smarthost

1
type/__dma/parameter/optional_multiple
View file

@ -1 +0,0 @@
masquerade

1
type/__dma_auth/explorer/auth_conf
View file

@ -1 +0,0 @@
../../__dma/explorer/auth_conf

91
type/__dma_auth/explorer/state
View file

@ -1,91 +0,0 @@
#!/bin/sh -e
#
# 2020 Dennis Camera (dennis.camera at ssrq-sds-fds.ch)
#
# This file is part of cdist.
#
# cdist is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# cdist is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
#
# This explorer looks for a line matching the server parameter
# in dma's auth.conf and reports:
# present: a line matching login + host + password exists
# absent: no line matching login + host exists
# different_login: a line exists but with a different login user
# different_password: a line exists but with a different password
# multiple: multiple lines matching host exist (should not happen)
auth_conf=$("${__type_explorer:?}/auth_conf")
test -r "${auth_conf}" || exit 0
awk -F'\n' '
function getvalue(path) {
# Reads the first line of the file located at path and returns it.
getline < path
close(path)
return $0
}
BEGIN {
DP = "[: \t]" # copied from dma/conf.c
parameter_dir = ENVIRON["__object"] "/parameter/"
# Read the parameters of this object
host_param = ENVIRON["__object_id"]
login_param = getvalue(parameter_dir "login")
passwd_param = getvalue(parameter_dir "password")
state = "absent"
}
/^#/ || /^$/ {
# skip comments and empty lines
next
}
{
# parse line
login = substr($0, 1, index($0, "|") - 1)
if (!login) { login = $0 } # if no "|" found
host = substr($0, length(login) + 2)
if (match(host, DP)) {
passwd = substr(host, RSTART + 1)
host = substr(host, 1, RSTART - 1)
} else {
passwd = ""
}
}
host == host_param {
# a match…
if (state == "absent") {
if (login != login_param)
state = "different_login"
else if (passwd != passwd_param)
state = "different_password"
else
state = "present"
} else {
# report "multiple" to that the type can remove the duplicates.
state = "multiple"
}
}
END {
print state
}
' "${auth_conf}"

93
type/__dma_auth/files/update_dma_auth.awk
View file

@ -1,93 +0,0 @@
#!/usr/bin/awk -f
#
# 2020 Dennis Camera (dennis.camera@ssrq-sds-fds.ch)
#
# This file is part of cdist.
#
# cdist is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# cdist is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
#
function getvalue(path) {
# Reads the first line of the file located at path and returns it.
getline < path
close(path)
return $0
}
function print_should() {
printf "%s|%s:%s\n", login_param, host_param, passwd_param
}
BEGIN {
FS = "\n"
DP = "[: \t]" # copied from dma/conf.c
parameter_dir = ENVIRON["__object"] "/parameter/"
mode = (getvalue(parameter_dir "state") != "absent")
host_param = ENVIRON["__object_id"]
login_param = getvalue(parameter_dir "login")
passwd_param = getvalue(parameter_dir "password")
}
# skip comments and empty lines
/^#/ || /^$/ {
print
next
}
{
# parse line (like dma/conf.c would)
login = substr($0, 1, index($0, "|") - 1)
if (!login) { login = $0 } # if no "|" found
host = substr($0, length(login) + 2)
if (match(host, DP)) {
passwd = substr(host, RSTART + 1)
host = substr(host, 1, RSTART - 1)
} else {
passwd = ""
}
}
host == host_param {
if (mode) {
# state_should == present
if (!written) {
# replace first line if host matches (but only if no line has
# been written already -> no duplicates)
print_should()
written = 1
}
next
} else {
# state_should == absent
next
}
}
# leave other lines alone
{
print
}
END {
if (mode && !written) {
# append line if no match to replace was found
print_should()
}
}

72
type/__dma_auth/gencode-remote
View file

@ -1,72 +0,0 @@
#!/bin/sh -e
#
# 2020 Dennis Camera (dennis.camera@ssrq-sds-fds.ch)
#
# This file is part of cdist.
#
# cdist is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# cdist is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
#
quote() { printf "'%s'" "$(printf '%s' "$*" | sed -e "s/'/'\\\\''/g")"; }
drop_awk_comments() { quote "$(sed '/^[[:blank:]]*#.*$/d;/^$/d' "$@")"; }
state_is=$(cat "${__object:?}/explorer/state")
state_should=$(cat "${__object:?}/parameter/state")
server=${__object_id:?}
login=$(cat "${__object:?}/parameter/login")
auth_conf=$(cat "${__object:?}/explorer/auth_conf")
test -n "${auth_conf}" || {
echo 'Cannot determine path of dma auth.conf' >&2
exit 1
}
if test "${state_is}" = "${state_should}"
then
# state is as it should
exit 0
fi
case ${state_should}
in
(present)
test -n "${login}" || { echo '--login must be non-empty' >&2; exit 1; }
if test "${state_is}" = 'absent'
then
printf 'add authuser %s on %s\n' "${login}" "${server}" >>"${__messages_out:?}"
else
printf 'set authuser %s on %s\n' "${login}" "${server}" >>"${__messages_out:?}"
fi
;;
(absent)
printf 'delete authuser %s on %s\n' "${login}" "${server}" >>"${__messages_out:?}"
;;
(*)
printf 'Invalid --state: %s.\n' "${state_should}" >&2
printf 'Acceptable values are: present, absent.\n' >&2
exit 1
;;
esac
cat <<EOF
test -f $(quote "${auth_conf}") || touch $(quote "${auth_conf}")
awk $(drop_awk_comments "${__type:?}/files/update_dma_auth.awk") <$(quote "${auth_conf}") >$(quote "${auth_conf}.tmp") \
&& cat $(quote "${auth_conf}.tmp") >$(quote "${auth_conf}")
rm -f $(quote "${auth_conf}.tmp")
EOF

66
type/__dma_auth/man.rst
View file

@ -1,66 +0,0 @@
cdist-type__dma_auth(7)
=======================
NAME
----
cdist-type__dma_auth - Configure SMTP logins for the DragonFly Mail Agent MTA.
DESCRIPTION
-----------
This cdist type allows you to set up credentials to log in to remote SMTP
servers.
NB: dma currently (v0.13) does not differentiate between users on a host.
It will use whatever user it finds in the ``auth.conf`` first.
Thus, this type will use the ``__object_id`` as the host specifier.
REQUIRED PARAMETERS
-------------------
login
The user's LOGIN name on the SMTP server.
password
The user's password (in plain text.)
OPTIONAL PARAMETERS
-------------------
state
Either ``present`` or ``absent``. Defaults to ``present``.
BOOLEAN PARAMETERS
------------------
None.
EXAMPLES
--------
.. code-block:: sh
# Set the password for smarthost
__dma_auth smarthost.example.com --login joe --password hunter2
# Set credentials for user at an external provider
__dma_auth mail.provider.com --login paul@example.com --password letmein
# Delete credentials for example.com (for all users)
__dma_auth example.com --login '' --password '' --state absent
SEE ALSO
--------
:strong:`cdist-type__dma`\ (7), :strong:`dma`\ (8)
AUTHORS
-------
Dennis Camera <dennis.camera@ssrq-sds-fds.ch>
COPYING
-------
Copyright \(C) 2020 Dennis Camera. You can redistribute it
and/or modify it under the terms of the GNU General Public License as
published by the Free Software Foundation, either version 3 of the
License, or (at your option) any later version.

1
type/__dma_auth/parameter/default/state
View file

@ -1 +0,0 @@
present

1
type/__dma_auth/parameter/optional
View file

@ -1 +0,0 @@
state

2
type/__dma_auth/parameter/required
View file

@ -1,2 +0,0 @@
login
password

73
type/__mail_alias/explorer/aliases
View file

@ -1,73 +0,0 @@
#!/bin/sh -e
#
# 2020 Dennis Camera (dennis.camera at ssrq-sds-fds.ch)
#
# This file is part of cdist.
#
# cdist is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# cdist is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
#
# Find aliases for a given user name and print the aliases (each one on a
# separate line)
aliases_file=$("${__type_explorer:?}/aliases_file")
test -r "${aliases_file}" || exit 0
: "${__object_id:?}" # assert __object_id is set, because it is used in AWK
awk -F ':[ \t]*' '
function print_aliases(aliases, matches) {
# prints comma-separated aliases (one per line)
split(aliases, matches, /,[ \t]*/)
for (i in matches) {
gsub(/^[ \t]*|[ \t]*$/, "", matches[i])
if (matches[i]) print matches[i]
}
}
/^#/ {
# comment line (ignore)
select = 0; cont = 0 # comments terminate alias lists and continuations
next
}
{
# is this line a continuation line?
# (the prev. line ended in a backslash or the line starts with whitespace)
is_cont = /^[ \t]/ || cont
# detect if the line is a line to be continued (ends with a backslash)
cont = /\\$/
# if it is, we drop the backslash from the line
if (cont) sub(/[ \t]*\\$/, "", $0)
}
is_cont {
# if in the alias list of the "target" user, we also print these aliases.
if (select) print_aliases($0)
next
}
$1 == ENVIRON["__object_id"] {
# "target" user -> print alias list
select = 1
print_aliases($2)
next
}
{
# other user
select = 0
}
' "${aliases_file}"

52
type/__mail_alias/explorer/aliases_file
View file

@ -1,52 +0,0 @@
#!/bin/sh -e
#
# 2020 Dennis Camera (dennis.camera at ssrq-sds-fds.ch)
#
# This file is part of cdist.
#
# cdist is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# cdist is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
#
# This explorer finds the aliases file to modify.
found() { echo "$*"; exit 0; }
check_file() {
if test -f "$1"
then
found "$1"
fi
}
case $("${__explorer:?}/os")
in
(freebsd|openbsd|solaris)
check_file /etc/mail/aliases
# default
found /etc/mail/aliases
;;
(alpine|debian|devuan|ubuntu)
check_file /etc/aliases
# default
found /etc/aliases
;;
(*)
check_file /etc/mail/aliases
check_file /etc/aliases
# default
found /etc/aliases
;;
esac

96
type/__mail_alias/files/update_aliases.awk
View file

@ -1,96 +0,0 @@
#!/usr/bin/awk -f
#
# 2020 Dennis Camera (dennis.camera@ssrq-sds-fds.ch)
#
# This file is part of cdist.
#
# cdist is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# cdist is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
#
function getvalue(path, line) {
# Reads the first line of the file located at path and returns it.
getline line < path
close(path)
return line
}
function sepafter(f, def, _) {
# finds the separator between field $f and $(f+1)
_ = substr($0, length($f)+1, index(substr($0, length($f)+1), $(f+1))-1)
return _ ? _ : def
}
function write_aliases( line) {
if (aliases_written) return
# print aliases line
printf "%s%s", ENVIRON["__object_id"], sepafter(1, ": ")
while ((getline line < aliases_should_file) > 0) {
if (aliases_written) printf ", "
printf "%s", line
aliases_written = 1
}
printf "\n"
close(aliases_should_file)
}
BEGIN {
FS = ":[ \t]*"
parameter_dir = ENVIRON["__object"] "/parameter/"
mode = (getvalue(parameter_dir "state") != "absent")
aliases_should_file = (parameter_dir "/alias")
}
/^[ \t]*\#/ {
# comment line (leave alone)
select = 0; cont = 0 # comments terminate alias lists and continuations
print
next
}
{
# is this line a continuation line?
# (the prev. line ended in a backslash or the line starts with whitespace)
is_cont = /^[ \t]/ || cont
# detect if the line is a line to be continued (ends with a backslash)
cont = /\\$/
}
is_cont {
# we only print the line if it has not been rewritten (select)
if (!select) print
next
}
$1 == ENVIRON["__object_id"] {
# "target" user -> rewrite aliases list
select = 1
if (mode) write_aliases()
next
}
{
# other user
select = 0
print
}
END {
# if the last line was an alias, the separator will be reused (looks better)
if (mode && !aliases_written)
write_aliases()
}

87
type/__mail_alias/gencode-remote
View file

@ -1,87 +0,0 @@
#!/bin/sh -e
#
# 2020 Dennis Camera (dennis.camera@ssrq-sds-fds.ch)
#
# This file is part of cdist.
#
# cdist is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# cdist is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
#
quote() { printf "'%s'" "$(printf '%s' "$*" | sed -e "s/'/'\\\\''/g")"; }
drop_awk_comments() { quote "$(sed '/^[[:blank:]]*#.*$/d;/^$/d' "$@")"; }
aliases_file=$(cat "${__object:?}/explorer/aliases_file")
test -n "${aliases_file}" || {
echo 'Could not determine aliases file path.' >&2
exit 1
}
state_should=$(cat "${__object:?}/parameter/state")
case ${state_should}
in
(present)
if cmp -s "${__object:?}/explorer/aliases" "${__object:?}/parameter/alias"
then
# all good!
exit 0
fi
test -s "${__object:?}/parameter/alias" || {
printf 'The --alias parameter is required if --state present.\n' >&2
printf 'Use --state absent to remove all aliases.\n' >&2
exit 1
}
if test -s "${__object:?}/explorer/aliases"
then
echo "update aliases" >>"${__messages_out:?}"
else
echo "add aliases" >>"${__messages_out:?}"
fi
;;
(absent)
# nothing to do if no aliases found.
test -s "${__object:?}/explorer/aliases" || exit 0
echo "delete aliases" >>"${__messages_out:?}"
;;
(*)
printf 'Invalid --state: %s.\n' "${state_should}" >&2
printf 'Acceptable values are: present, absent.\n' >&2
exit 1
esac
cat <<EOF
test -f $(quote "${aliases_file}") || touch $(quote "${aliases_file}")
awk $(drop_awk_comments "${__type:?}/files/update_aliases.awk") <$(quote "${aliases_file}") >$(quote "${aliases_file}.tmp") \
|| {
rm -f $(quote "${aliases_file}.tmp")
echo 'Generating new aliases file failed!' >&2
exit 1
}
if ! cmp -s $(quote "${aliases_file}") $(quote "${aliases_file}.tmp")
then
# aliases file was modified, replace:
cat $(quote "${aliases_file}.tmp") >$(quote "${aliases_file}")
# then, run newaliases if present ("missing" on Alpine Linux because of typo)
command -v newaliases >/dev/null 2>&1 && newaliases || true
fi
rm -f $(quote "${aliases_file}.tmp")
EOF

76
type/__mail_alias/man.rst
View file

@ -1,76 +0,0 @@
cdist-type__mail_alias(7)
=========================
NAME
----
cdist-type__mail_alias - Manage mail aliases.
DESCRIPTION
-----------
This cdist type allows you to configure mail aliases (/etc/aliases).
REQUIRED PARAMETERS
-------------------
None.
OPTIONAL PARAMETERS
-------------------
state
'present' or 'absent', defaults to 'present'
alias
an alias, i.e. a mail address where mail for the user should be redirected
to.
This parameter can be specified multiple times to redirect to multiple
recipients.
If ``--state`` is ``present`` this parameter is required.
See `aliases(5)` for the different forms this parameter can take.
BOOLEAN PARAMETERS
------------------
None.
EXAMPLES
--------
.. code-block:: sh
# Redirect root mail to a "real" email address
__mail_alias root --alias admin@example.com
# Disable redirection of mail for joe
__mail_alias joe --state absent
BUGS
----
- Quoted strings are not parsed by this type. As a result, aliases
containing ``,`` (commas) are treated incorrectly (they are treated as
separate aliases.)
Make sure that email addresses, file names, and pipe commands do not contain
commas.
- ``:include:`` directives in the aliases file are not evaluated by this type.
They are treated like a regular alias, the values of the included file are
not expanded.
SEE ALSO
--------
:strong:`aliases`\ (5)
AUTHORS
-------
Dennis Camera <dennis.camera@ssrq-sds-fds.ch>
COPYING
-------
Copyright \(C) 2020 Dennis Camera. You can redistribute it
and/or modify it under the terms of the GNU General Public License as
published by the Free Software Foundation, either version 3 of the
License, or (at your option) any later version.

1
type/__mail_alias/parameter/default/state
View file

@ -1 +0,0 @@
present

1
type/__mail_alias/parameter/optional
View file

@ -1 +0,0 @@
state

1
type/__mail_alias/parameter/optional_multiple
View file

@ -1 +0,0 @@
alias

90
type/__matrix_element/files/config.json.sh
View file

@ -1,90 +0,0 @@
#!/bin/sh
#
# Upstream configuration guide/documentation:
# https://github.com/vector-im/riot-web/blob/develop/docs/config.md
generate_embedded_pages () {
if [ "$EMBED_HOMEPAGE" != "" ]; then
cat << EOF
"embeddedPages": {
"homeUrl": "home.html"
},
EOF
fi
}
generate_jitsi_config () {
if [ "$JITSI_DOMAIN" != "" ]; then
cat << EOF
"jitsi": {
"preferredDomain": "$JITSI_DOMAIN"
},
EOF
fi
}
generate_branding () {
echo '"branding": {'
if [ "$BRANDING_AUTH_HEADER_LOGO_URL" != "" ]; then
cat << EOF
"authHeaderLogoUrl": "$BRANDING_AUTH_HEADER_LOGO_URL",
EOF
fi
if [ "$BRANDING_AUTH_FOOTER_LINKS" != "" ]; then
cat << EOF
"authFooterLinks": "$BRANDING_AUTH_FOOTER_LINKS",
EOF
fi
cat << EOF
"welcomeBackgroundUrl": "themes/element/img/backgrounds/lake.jpg"
EOF
echo '},'
}
cat << EOF
{
"default_server_config": {
"m.homeserver": {
"base_url": "$DEFAULT_SERVER_URL",
"server_name": "$DEFAULT_SERVER_NAME"
},
"m.identity_server": {
"base_url": "https://vector.im"
}
},
"brand": "$BRAND",
$(generate_branding)
"defaultCountryCode": "$DEFAULT_COUNTRY_CODE",
"integrations_ui_url": "https://scalar.vector.im/",
"integrations_rest_url": "https://scalar.vector.im/api",
"integrations_widgets_urls": [
"https://scalar.vector.im/_matrix/integrations/v1",
"https://scalar.vector.im/api",
"https://scalar-staging.vector.im/_matrix/integrations/v1",
"https://scalar-staging.vector.im/api",
"https://scalar-staging.riot.im/scalar/api"
],
"bug_report_endpoint_url": "https://riot.im/bugreports/submit",
"roomDirectory": {
"servers": [
$ROOM_DIRECTORY_SERVERS
]
},
"disable_custom_urls": "$DISABLE_CUSTOM_URLS",
$(generate_embedded_pages)
$(generate_jitsi_config)
"terms_and_conditions_links": [
{
"url": "$PRIVACY_POLICY_URL",
"text": "Privacy Policy"
},
{
"url": "$COOKIE_POLICY_URL",
"text": "Cookie Policy"
}
]
}
EOF

69
type/__matrix_element/gencode-remote
View file

@ -1,69 +0,0 @@
#!/bin/sh -e
#
# 2019 Timothée Floure (timothee.floure@ungleich.ch)
#
# This file is part of cdist.
#
# cdist is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# cdist is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
#
VERSION=$(cat "$__object/parameter/version")
INSTALL_DIR=$(cat "$__object/parameter/install_dir")
OWNER=$(cat "$__object/parameter/owner")
src="riot-v$VERSION"
archive="$src.tar.gz"
url="https://github.com/vector-im/riot-web/releases/download/v$VERSION/$archive"
# tar and curl are installed by the __matrix-riot manifest. mktemp is usually
# provided by coreutils and assumed installed.
cat << EOF
set -e
# Ensure that coreutils is installed.
if [ ! -x \$(which mktemp) ]; then
echo "mktemp is not available on the remote host." >&2
exit 1
fi
# Create temporary working directory.
tmpdir=\$(mktemp -d)
custom_files_dir="\$tmpdir/custom_files"
cd \$tmpdir
# Download and extract sources.
curl -L '$url' > $archive
tar xf $archive
# Backup files deployed by __matrix_element.
mkdir -p \$custom_files_dir
for file in $INSTALL_DIR/cdist/*; do
cp "\$file" "\$custom_files_dir"
done
# Deploy sources and restore configuration.
rm -r '$INSTALL_DIR'
mv '$src' '$INSTALL_DIR'
for file in \$custom_files_dir/*; do
cp "\$file" '$INSTALL_DIR'
done
# Chown deployed files to requested owner.
chown -R '$OWNER' '$INSTALL_DIR'
# Remove temporary working directory.
cd /
rm -r \$tmpdir
EOF

87
type/__matrix_element/man.rst
View file

@ -1,87 +0,0 @@
cdist-type__matrix_element(7)
=============================
NAME
----
cdist-type__matrix_element - Install and configure Element, a web Matrix client.
DESCRIPTION
-----------
This type install and configure the Element web client.
REQUIRED PARAMETERS
-------------------
install_dir
Root directory of Element's static files.
version
Release of Element to install.
OPTIONAL PARAMETERS
-------------------
default_server_name
Name of matrix homeserver to connect to, defaults to 'matrix.org'.
default_server_url
URL of matrix homeserver to connect to, defaults to 'https://matrix-client.matrix.org'.
owner
Owner of the deployed files, passed to `chown`. Defaults to 'root'.
brand
Web UI branding, defaults to 'Element'.
default_country_code
ISO 3166 alpha2 country code to use when showing country selectors, such as
phone number inputs. Defaults to GB.
privacy_policy_url
Defaults to 'https://element.io/privacy'.
cookie_policy_url
Defaults to 'https://matrix.org/docs/guides/element_im_cookie_policy'.
jitsi_domain
Domain name of preferred Jitsi instance (default is jitsi.element.im). This is
used whenever a user clicks on the voice/video call buttons.
homepage
Path to custom homepage, displayed once logged in.
welcomepage
Path to custom welcome (= login) page.
custom_asset
Serve a file a the top-level directory (e.g. /my-custom-logo.svg). Can be specified multiple times.
BOOLEAN PARAMETERS
-------------------
disable_custom_urls
Disallow the user to change the default homeserver when signing up or logging in.
EXAMPLES
--------
.. code-block:: sh
__matrix_element my-element --install_dir /var/www/element-web --version 1.5.6
SEE ALSO
--------
- `cdist-type__matrix_synapse(7) <cdist-type__matrix_synapse.html>`_
AUTHORS
-------
Timothée Floure <timothee.floure@ungleich.ch>
COPYING
-------
Copyright \(C) 2019 Timothée Floure. You can redistribute it
and/or modify it under the terms of the GNU General Public License as
published by the Free Software Foundation, either version 3 of the
License, or (at your option) any later version.

106
type/__matrix_element/manifest
View file

@ -1,106 +0,0 @@
#!/bin/sh -e
#
# 2019 Timothée Floure (timothee.floure@ungleich.ch)
#
# This file is part of cdist.
#
# cdist is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# cdist is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
# Ignore "Declare and assign separately to avoid masking return values. [SC2155]"
# => not relevant for the type arguments.
# shellcheck disable=SC2155
INSTALL_DIR=$(cat "$__object/parameter/install_dir")
export DEFAULT_SERVER_NAME=$(cat "$__object/parameter/default_server_name")
export DEFAULT_SERVER_URL=$(cat "$__object/parameter/default_server_url")
export BRAND=$(cat "$__object/parameter/brand")
export DEFAULT_COUNTRY_CODE=$(cat "$__object/parameter/default_country_code")
export ROOM_DIRECTORY_SERVERS=$(cat "$__object/parameter/room_directory_servers")
export PRIVACY_POLICY_URL=$(cat "$__object/parameter/privacy_policy_url")
export COOKIE_POLICY_URL=$(cat "$__object/parameter/cookie_policy_url")
if [ -f "$__object/parameter/jitsi_domain" ]; then
export JITSI_DOMAIN=$(cat "$__object/parameter/jitsi_domain")
fi
if [ -f "$__object/parameter/branding_auth_header_logo_url" ]; then
export BRANDING_AUTH_HEADER_LOGO_URL=$(cat "$__object/parameter/branding_auth_header_logo_url")
fi
if [ -f "$__object/parameter/branding_auth_footer_links" ]; then
export BRANDING_AUTH_FOOTER_LINKS=$(cat "$__object/parameter/branding_auth_footer_links")
fi
if [ -f "$__object/parameter/homepage" ]; then
export EMBED_HOMEPAGE=1
homepage=$(cat "$__object/parameter/homepage")
fi
if [ -f "$__object/parameter/welcomepage" ]; then
export EMBED_WELCOMEPAGE=1
welcomepage=$(cat "$__object/parameter/welcomepage")
fi
if [ -f "$__object/parameter/custom_asset" ]; then
"$__object/parameter/custom_asset" | while IFS= read -r file; do
require="__directory/$INSTALL_DIR/cdist" __file "$INSTALL_DIR/cdist/$(basename "$file")" \
--source "$file" \
--mode 0664 \
--state present
done
fi
if [ -f "$__object/parameter/disable_custom_urls" ]; then
export DISABLE_CUSTOM_URLS='true'
else
export DISABLE_CUSTOM_URLS='false'
fi
# Owner of the uploaded files.
owner=$(cat "$__object/parameter/owner")
# Ensure that curl and tar are installed, as they will be required by the
# gencode-remote script.
__package curl --state present
__package tar --state present
# Generate and deploy configuration file.
mkdir -p "$__object/files"
"$__type/files/config.json.sh" > "$__object/files/config.json"
# Install the config.json configuration file. The application's sources are
# downloaded and deployed by gencode-remote.
__directory "$INSTALL_DIR/cdist" \
--owner "$owner" --mode 0755 --parents \
--state present
require="__directory/$INSTALL_DIR/cdist" __file "$INSTALL_DIR/cdist/config.json" \
--source "$__object/files/config.json" \
--mode 0664 \
--state present
if [ $EMBED_HOMEPAGE ]; then
require="__directory/$INSTALL_DIR/cdist" __file "$INSTALL_DIR/cdist/home.html" \
--source "$homepage" \
--mode 0664 \
--state present
fi
if [ $EMBED_WELCOMEPAGE ]; then
require="__directory/$INSTALL_DIR/cdist" __file "$INSTALL_DIR/cdist/welcome.html" \
--source "$welcomepage" \
--mode 0664 \
--state present
fi

1
type/__matrix_element/parameter/boolean
View file

@ -1 +0,0 @@
disable_custom_urls

1
type/__matrix_element/parameter/default/brand
View file

@ -1 +0,0 @@
Element

1
type/__matrix_element/parameter/default/cookie_policy_url
View file

@ -1 +0,0 @@
https://matrix.org/docs/guides/riot_im_cookie_policy

1
type/__matrix_element/parameter/default/default_country_code
View file

@ -1 +0,0 @@
GB

1
type/__matrix_element/parameter/default/default_server_name
View file

@ -1 +0,0 @@
matrix.org

1
type/__matrix_element/parameter/default/default_server_url
View file

@ -1 +0,0 @@
https://matrix-client.matrix.org

1
type/__matrix_element/parameter/default/owner
View file

@ -1 +0,0 @@
root

1
type/__matrix_element/parameter/default/privacy_policy_url
View file

@ -1 +0,0 @@
https://element.io/privacy

1
type/__matrix_element/parameter/default/room_directory_servers
View file

@ -1 +0,0 @@
"matrix.org"

13
type/__matrix_element/parameter/optional
View file

@ -1,13 +0,0 @@
default_server_url
default_server_name
brand
default_country_code
privacy_policy_url
cookie_policy_url
room_directory_servers
owner
homepage
welcomepage
jitsi_domain
branding_auth_header_logo_url
branding_auth_footer_links

1
type/__matrix_element/parameter/optional_multiple
View file

@ -1 +0,0 @@
custom_asset

2
type/__matrix_element/parameter/required
View file

@ -1,2 +0,0 @@
version
install_dir

6
type/__matrix_synapse/files/environment.sh Normal file
View file

@ -0,0 +1,6 @@
#!/bin/sh
cat << EOF
# Specify environment variables used when running Synapse
SYNAPSE_CACHE_FACTOR=$CACHE_FACTOR
EOF

1785
type/__matrix_synapse/files/homeserver.yaml.sh Executable file
View file

File diff suppressed because it is too large Load diff

60
type/__matrix_synapse/files/log.config.sh Executable file
View file

@ -0,0 +1,60 @@
#!/bin/sh
cat << EOF
version: 1
formatters:
precise:
format: '%(asctime)s - %(name)s - %(lineno)d - %(levelname)s - %(request)s- %(message)s'
journal_fmt:
format: '%(name)s: [%(request)s] %(message)s'
filters:
context:
(): synapse.util.logcontext.LoggingContextFilter
request: ""
handlers:
file:
class: logging.handlers.WatchedFileHandler
formatter: precise
filename: $LOG_DIR/homeserver.log
filters: [context]
level: DEBUG
encoding: utf8
console:
class: logging.StreamHandler
formatter: precise
level: WARN
journal:
class: systemd.journal.JournalHandler
formatter: journal_fmt
filters: [context]
SYSLOG_IDENTIFIER: synapse
loggers:
twisted:
level: WARN
synapse:
level: INFO
# the following levels are more verbose than most users want
# set them to INFO if you need more logging
synapse.metrics:
level: WARN
synapse.http.federation.well_known_resolver:
level: WARN
synapse.storage.TIME:
level: WARN
synapse.http.matrixfederationclient:
level: WARN
root:
level: INFO
handlers: [file, journal]
EOF

180
type/__matrix_synapse/man.rst Normal file
View file

@ -0,0 +1,180 @@
cdist-type__matrix_synapse(7)
======================
NAME
----
cdist-type__matrix_synapse - Install and configure Synapse, a Matrix homeserver
DESCRIPTION
-----------
This type install and configure the Synapse Matrix homeserver. This is a
signleton type.
REQUIRED PARAMETERS
-------------------
server_name
Name of your homeserver (e.g. ungleich.ch) used as part of your MXIDs. This
value cannot be changed without meddling with the database once the server is
being used.
base_url
Public URL of your homeserver (e.g. http://matrix.ungleich.ch).
database_engine
'sqlite3' or 'postgresql'
database_name
Path to the database if SQLite3 is used or database name if PostgresSQL is
used.
OPTIONAL PARAMETERS
-------------------
database_host
Database node address, only used with PostgresSQL.
database_user
Database user, only used with PostgresSQL.
database_password
Database password, only used with PostgresSQL.
ldap_uri
Address of your LDAP server.
ldap_base_dn
Base DN of your LDAP tree.
ldap_uid_attribute
LDAP attriute mapping to Synapse's uid field, default to uid.
ldap_mail_attribute
LDAP attriute mapping to Synapse's mail field, default to mail.
ldap_name_attribute
LDAP attriute mapping to Synapse's name field, default to givenName.
ldap_bind_dn
User used to authenticate against your LDAP server in 'search' mode.
ldap_bind_password
Password used to authenticate against your LDAP server in 'search' mode.
ldap_filter
LDAP user filter, defaulting to `(objectClass=posixAccount)`.
turn_uri
URI to TURN server, can be provided multiple times if there is more than one
server.
turn_shared_secret
Shared secret used to access the TURN REST API.
turn_user_lifetime
Lifetime of TURN credentials. Defaults to 1h.
max_upload_size
Maximum size for user-uploaded files. Defaults to 10M.
rc_message_per_second
Message rate-limiting (per second). Defaults to 0.17.
rc_message_burst
Message rate-limiting (burst). Defaults to 3.
rc_login_per_second
Login rate-limiting (per-second). Defaults to 0.17.
rc_login_burst
Login rate-limiting (burst). Defaults to 3.
branding_auth_header_logo_url
A logo that is shown in the header during authentication flows.
branding_auth_footer_links
A list of links to show in the authentication page footer: `[{"text": "Link text", "url": "https://link.target"}, {"text": "Other link", ...}]`
registration_allows_email_pattern
Only allow email addresses matching specified filter. Can be specified multiple times. A pattern must look like `.*@vector\.im`.
auto_join_room
Room where newly-registered users are automatically added. Can be specified multiple times.
app_service_config_file
Path (on remote) of an application service configuration file to load. Can be specified multiple times.
extra_setting
Arbitrary string to be added to the configuration file. Can be specified multiple times.
BOOLEAN PARAMETERS
------------------
allow_registration
Enables user registration on the homeserver.
enable_ldap_auth
Enables ldap-backed authentication.
ldap_search_mode
Enables 'search' mode for LDAP auth backend.
report_stats
Whether or not to report anonymized homeserver usage statistics.
expose_metrics
Expose metrics endpoint for Prometheus.
disable_federation
Disable federation to the broader matrix network.
registration_require_email
Make email a required field on registration.
allow_public_rooms_over_federation
Allow other homeservers to fetch this server's public room directory.
allow_public_rooms_without_auth
If set to 'false', requires authentication to access the server's public rooms directory through the client API.
enable_server_notices
Enable the server notices room.
global_cache_factor
Controls the global cache factor, which is the default cache factor
for all caches if a specific factor for that cache is not otherwise
set. Defaults to 0.5.
event_cache_size
Number of events to cache in memory. Defaults to 10K.
allow_guest_access
Allows users to register as guests without a password/email/etc, and
participate in rooms hosted on this server which have been made accessible to
anonymous users.
EXAMPLES
--------
.. code-block:: sh
__matrix_synapse --server_name ungleich.ch \
--base_url https://matrix.ungleich.ch \
--database_engine sqlite3 \
--database_name /var/lib/matrix-syanpse/homeserver.db
SEE ALSO
--------
- `cdist-type__matrix_riot(7) <cdist-type__matrix_riot.html>`_
AUTHORS
-------
Timothée Floure <timothee.floure@ungleich.ch>
COPYING
-------
Copyright \(C) 2019 Timothée Floure. You can redistribute it
and/or modify it under the terms of the GNU General Public License as
published by the Free Software Foundation, either version 3 of the
License, or (at your option) any later version.

320
type/__matrix_synapse/manifest Executable file
View file

@ -0,0 +1,320 @@
#!/bin/sh -e
#
# 2019 Timothée Floure (timothee.floure@ungleich.ch)
#
# This file is part of cdist.
#
# cdist is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# cdist is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
#
# OS-specific configuration.
os=$(cat "$__global/explorer/os")
distribution=$(cat "$__global/explorer/lsb_codename")
case "$os" in
debian)
synapse_user=matrix-synapse
synapse_pkg=matrix-synapse
synapse_service=matrix-synapse
ldap_auth_provider_pkg=matrix-synapse-ldap3
psycopg2_pkg=python3-psycopg2
synapse_conf_dir='/etc/matrix-synapse'
synapse_data_dir='/var/lib/matrix-synapse'
if [ ! -f "$__global/explorer/lsb_codename" ]; then
ls "$__global/explorer" >&2
echo "Could not determine Debian release, ensure that lsb-release is installed on the target." >&2
exit 1
fi
;;
fedora)
synapse_user=synapse
synapse_pkg=matrix-synapse
synapse_service=synapse
ldap_auth_provider_pkg=python-matrix-synapse-ldap3
synapse_conf_dir='/etc/synapse'
synapse_data_dir='/var/lib/synapse'
;;
freebsd)
synapse_user=synapse
synapse_pkg=py36-matrix-synapse
synapse_service=synapse
ldap_auth_provider_pkg=py36-matrix-synapse-ldap3
synapse_conf_dir='/usr/local/etc/matrix-synapse'
synapse_data_dir='/var/matrix-synapse'
;;
alpine)
echo "As of 2019-12-19 matrix-synapse is not in alpine stable. Exiting."
exit 1
;;
*)
printf "Your operating system (%s) is currently not supported by this type (%s)\n" "$os" "${__type##*/}" >&2
printf "Please contribute an implementation for it if you can.\n" >&2
exit 1
;;
esac
# Required parameters:
SERVER_NAME=$(cat "$__object/parameter/server_name")
export SERVER_NAME
BASE_URL=$(cat "$__object/parameter/base_url")
export BASE_URL
export DATA_DIR=$synapse_data_dir
export LOG_DIR='/var/log/matrix-synapse'
export PIDFILE='/var/run/matrix/homeserver.pid'
export LOG_CONFIG_PATH="$synapse_conf_dir/log.yaml"
export SIGNING_KEY_PATH="$synapse_conf_dir/signin.key"
DATABASE_ENGINE=$(cat "$__object/parameter/database_engine")
export DATABASE_ENGINE
DATABASE_NAME=$(cat "$__object/parameter/database_name")
export DATABASE_NAME
# Optional parameters:
DATABASE_HOST=$(cat "$__object/parameter/database_host")
export DATABASE_HOST
DATABASE_USER=$(cat "$__object/parameter/database_user")
export DATABASE_USER
DATABASE_PASSWORD=$(cat "$__object/parameter/database_password")
export DATABASE_PASSWORD
GLOBAL_CACHE_FACTOR=$(cat "$__object/parameter/global_cache_factor")
export GLOBAL_CACHE_FACTOR
EVENT_CACHE_SIZE=$(cat "$__object/parameter/event_cache_size")
export EVENT_CACHE_SIZE
LDAP_FILTER=$(cat "$__object/parameter/ldap_filter")
export LDAP_FILTER
LDAP_UID_ATTRIBUTE=$(cat "$__object/parameter/ldap_uid_attribute")
export LDAP_UID_ATTRIBUTE
LDAP_MAIL_ATTRIBUTE=$(cat "$__object/parameter/ldap_mail_attribute")
export LDAP_MAIL_ATTRIBUTE
LDAP_NAME_ATTRIBUTE=$(cat "$__object/parameter/ldap_name_attribute")
export LDAP_NAME_ATTRIBUTE
LDAP_URI=$(cat "$__object/parameter/ldap_uri")
export LDAP_URI
LDAP_BASE_DN=$(cat "$__object/parameter/ldap_base_dn")
export LDAP_BASE_DN
LDAP_BIND_DN=$(cat "$__object/parameter/ldap_bind_dn")
export LDAP_BIND_DN
LDAP_BIND_PASSWORD=$(cat "$__object/parameter/ldap_bind_password")
export LDAP_BIND_PASSWORD
TURN_USER_LIFETIME=$(cat "$__object/parameter/turn_user_lifetime")
export TURN_USER_LIFETIME
if [ -f "$__object/parameter/turn_shared_secret" ]; then
TURN_SHARED_SECRET=$(cat "$__object/parameter/turn_shared_secret")
export TURN_SHARED_SECRET
fi
if [ -f "$__object/parameter/turn_uri" ]; then
uris=$(tr "\n" "," < "$__object/parameter/turn_uri" | sed 's/,$//')
export TURN_URIS="[$uris]"
fi
if [ -f "$__object/parameter/registration_allows_email_pattern" ]; then
RESGISTRATION_ALLOWS_EMAIL_PATTERN=$(cat "$__object/parameter/registration_allows_email_pattern")
export RESGISTRATION_ALLOWS_EMAIL_PATTERN
fi
if [ -f "$__object/parameter/auto_join_room" ]; then
AUTO_JOIN_ROOMS="$(cat "$__object/parameter/auto_join_room")"
export AUTO_JOIN_ROOMS
fi
if [ -f "$__object/parameter/app_service_config_file" ]; then
APP_SERVICE_CONFIG_FILES=$(cat "$__object/parameter/app_service_config_file")
export APP_SERVICE_CONFIG_FILES
fi
MAX_UPLOAD_SIZE=$(cat "$__object/parameter/max_upload_size")
export MAX_UPLOAD_SIZE
RIOT_BASE_URL=$(cat "$__object/parameter/riot_base_url")
export RIOT_BASE_URL
SMTP_HOST=$(cat "$__object/parameter/smtp_host")
export SMTP_HOST
SMTP_PORT=$(cat "$__object/parameter/smtp_port")
export SMTP_PORT
SMTP_USER=$(cat "$__object/parameter/smtp_user")
export SMTP_USER
SMTP_PASS=$(cat "$__object/parameter/smtp_pass")
export SMTP_PASS
RC_MESSAGE_PER_SECOND=$(cat "$__object/parameter/rc_message_per_second")
export RC_MESSAGE_PER_SECOND
RC_MESSAGE_BURST=$(cat "$__object/parameter/rc_message_burst")
export RC_MESSAGE_BURST
RC_LOGIN_PER_SECOND=$(cat "$__object/parameter/rc_login_per_second")
export RC_LOGIN_PER_SECOND
RC_LOGIN_BURST=$(cat "$__object/parameter/rc_login_burst")
export RC_LOGIN_BURST
if [ -f "$__object/parameter/extra_setting" ]; then
EXTRA_SETTINGS=$(cat "$__object/parameter/extra_setting")
export EXTRA_SETTINGS
fi
# Boolean parameters:
if [ -f "$__object/parameter/report_stats" ]; then
export REPORT_STATS='true'
else
export REPORT_STATS='false'
fi
if [ -f "$__object/parameter/allow_registration" ]; then
export ALLOW_REGISTRATION='true'
else
export ALLOW_REGISTRATION='false'
fi
if [ -f "$__object/parameter/enable_ldap_auth" ]; then
export ENABLE_LDAP_AUTH='true'
else
export ENABLE_LDAP_AUTH='false'
fi
if [ -f "$__object/parameter/ldap_search_mode" ]; then
export LDAP_SEARCH_MODE=1
fi
if [ -f "$__object/parameter/expose_metrics" ]; then
export EXPOSE_METRICS='true'
else
export EXPOSE_METRICS='false'
fi
if [ -f "$__object/parameter/enable_notifications" ]; then
export ENABLE_NOTIFICATIONS='true'
else
export ENABLE_NOTIFICATIONS='false'
fi
if [ -f "$__object/parameter/enable_notifications_by_default" ]; then
export ENABLE_NOTIFICATIONS_BY_DEFAULT='true'
else
export ENABLE_NOTIFICATIONS_BY_DEFAULT='false'
fi
if [ -f "$__object/parameter/smtp_requires_tls" ]; then
export SMTP_TLS='true'
else
export SMTP_TLS='false'
fi
if [ -f "$__object/parameter/disable_federation" ]; then
export DISABLE_FEDERATION='true'
else
export DISABLE_FEDERATION='false'
fi
if [ -f "$__object/parameter/allow_guest_access" ]; then
export ALLOW_GUEST_ACCESS='true'
else
export ALLOW_GUEST_ACCESS='false'
fi
if [ -f "$__object/parameter/registration_requires_email" ]; then
export REGISTRATION_REQUIRES_EMAIL=1
fi
if [ -f "$__object/parameter/allow_public_rooms_over_federation" ]; then
export ALLOW_PUBLIC_ROOMS_OVER_FEDERATION='true'
else
export ALLOW_PUBLIC_ROOMS_OVER_FEDERATION='false'
fi
if [ -f "$__object/parameter/allow_public_rooms_without_auth" ]; then
export ALLOW_PUBLIC_ROOMS_WITHOUT_AUTH='true'
else
export ALLOW_PUBLIC_ROOMS_WITHOUT_AUTH='false'
fi
if [ -f "$__object/parameter/enable_server_notices" ]; then
export ENABLE_SERVER_NOTICES=1
fi
# Specific case for debian-buster, boilerplate but there's not much I can do
# about it.
installation_reqs=""
if [ "$os" = "debian" ] && [ "$distribution" = "buster" ]; then
# Enable debian-backports for debian Buster, as the 'stable'
# matrix-synapse package is ways too old (< 1.0).
__apt_source debian-backports \
--uri http://deb.debian.org/debian/ \
--distribution "$distribution-backports" \
--component main
require="__apt_source/debian-backports" __apt_update_index
# Install base matrix-synapse package.
require="__apt_update_index" __package_apt $synapse_pkg \
--state present \
--target-release "$distribution-backports"
# Install LdapAuthProvider module if LDAP auth is enabled.
if [ "$ENABLE_LDAP_AUTH" = "true" ]; then
require="__package_apt/$synapse_pkg" __package_apt $ldap_auth_provider_pkg \
--state present \
--target-release "$distribution-backports"
installation_reqs="$installation_reqs __package_apt/$ldap_auth_provider_pkg"
fi
# For some reason, psycopg2 is not considered a dependency of
# matrix-synapse in matrix.org's APT repository.
if [ "$DATABASE_ENGINE" = "psycopg2" ]; then
require="__package_apt/$synapse_pkg" __package_apt $psycopg2_pkg \
--state present
installation_reqs="$installation_reqs __package_apt/$psycopg2_pkg"
fi
# Used for dependency order resolution.
installation_reqs="$installation_reqs __package_apt/$synapse_pkg"
else
# Install base matrix-synapse package.
__package $synapse_pkg --state present
# Install LdapAuthProvider module if LDAP auth is enabled.
if [ "$ENABLE_LDAP_AUTH" = "true" ]; then
require="__package/$synapse_pkg" __package $ldap_auth_provider_pkg \
--state present
fi
# Used for dependency order resolution.
installation_reqs="__package/$synapse_pkg"
fi
# Generate and deploy configuration files.
mkdir -p "$__object/files"
"$__type/files/homeserver.yaml.sh" > "$__object/files/homeserver.yaml"
"$__type/files/log.config.sh" > "$__object/files/log.config"
require="$installation_reqs" __file "$synapse_conf_dir/homeserver.yaml" \
--state present \
--owner $synapse_user \
--mode 600 \
--source "$__object/files/homeserver.yaml"
require="$installation_reqs" __file "$LOG_CONFIG_PATH" \
--state present \
--owner $synapse_user \
--mode 600 \
--source "$__object/files/log.config"
require="$installation_reqs" __directory $DATA_DIR --state present --owner $synapse_user
require="$installation_reqs" __directory $LOG_DIR --state present --owner $synapse_user
# Work around dpkg-reconfigure for Debian package.
RESTART_REQUIRES="__file/$synapse_conf_dir/homeserver.yaml"
if [ "$os" = "debian" ]; then
require="$installation_reqs" __file "$synapse_conf_dir/conf.d/server_name.yaml" \
--state present --owner $synapse_user --source - << EOF
server_name: "$SERVER_NAME"
EOF
require="$installation_reqs" __file "$synapse_conf_dir/conf.d/report_stats.yaml" \
--state present --owner $synapse_user --source - << EOF
report_stats: $REPORT_STATS
EOF
RESTART_REQUIRES="$RESTART_REQUIRES __file/$synapse_conf_dir/conf.d/server_name.yaml \
__file/$synapse_conf_dir/conf.d/report_stats.yaml"
fi
# Restart synapse homeserver to reload configuration.
require="$RESTART_REQUIRES" __service $synapse_service --action restart

14
type/__matrix_synapse/parameter/boolean Normal file
View file

@ -0,0 +1,14 @@
allow_registration
enable_ldap_auth
ldap_search_mode
report_stats
expose_metrics
enable_notifications
enable_notifications_by_default
smtp_requires_tls
disable_federation
registration_requires_email
allow_public_rooms_over_federation
enable_server_notices
allow_guest_access
allow_public_rooms_without_auth

0
type/__dma/singleton → type/__matrix_synapse/parameter/default/database_host
View file

0
type/__dma_auth/nonparallel → type/__matrix_synapse/parameter/default/database_password
View file

0
type/__mail_alias/nonparallel → type/__matrix_synapse/parameter/default/database_user
View file

1
type/__matrix_synapse/parameter/default/event_cache_size Normal file
View file

@ -0,0 +1 @@
10K

1
type/__matrix_synapse/parameter/default/global_cache_factor Normal file
View file

@ -0,0 +1 @@
0.5

0
type/__matterbridge/singleton → type/__matrix_synapse/parameter/default/ldap_base_dn
View file

0
type/__netbox/singleton → type/__matrix_synapse/parameter/default/ldap_bind_dn
View file

0
type/__netbox_gunicorn/singleton → type/__matrix_synapse/parameter/default/ldap_bind_password
View file

1
type/__matrix_synapse/parameter/default/ldap_filter Normal file
View file

@ -0,0 +1 @@
(objectClass=posixAccount)

1
type/__matrix_synapse/parameter/default/ldap_mail_attribute Normal file
View file

@ -0,0 +1 @@
mail

1
type/__matrix_synapse/parameter/default/ldap_name_attribute Normal file
View file

@ -0,0 +1 @@
givenName

1
type/__matrix_synapse/parameter/default/ldap_uid_attribute Normal file
View file

@ -0,0 +1 @@
uid

0
type/__netbox_uwsgi/singleton → type/__matrix_synapse/parameter/default/ldap_uri
View file

1
type/__matrix_synapse/parameter/default/max_upload_size Normal file
View file

@ -0,0 +1 @@
10M

1
type/__matrix_synapse/parameter/default/rc_login_burst Normal file
View file

@ -0,0 +1 @@
3

1
type/__matrix_synapse/parameter/default/rc_login_per_second Normal file
View file

@ -0,0 +1 @@
0.17

1
type/__matrix_synapse/parameter/default/rc_message_burst Normal file
View file

@ -0,0 +1 @@
3

1
type/__matrix_synapse/parameter/default/rc_message_per_second Normal file
View file

@ -0,0 +1 @@
0.17

0
type/__netbox/parameter/default/database-host → type/__matrix_synapse/parameter/default/smtp_host
View file

0
type/__unbound_exporter/singleton → type/__matrix_synapse/parameter/default/smtp_pass
View file

0
type/__netbox/parameter/default/smtp-port → type/__matrix_synapse/parameter/default/smtp_port
View file

0
type/__wikijs/singleton → type/__matrix_synapse/parameter/default/smtp_user
View file

1
type/__matrix_synapse/parameter/default/turn_user_lifetime Normal file
View file

@ -0,0 +1 @@
1h

25
type/__matrix_synapse/parameter/optional Normal file
View file

@ -0,0 +1,25 @@
database_host
database_user
database_password
ldap_uri
ldap_base_dn
ldap_uid_attribute
ldap_mail_attribute
ldap_name_attribute
ldap_bind_dn
ldap_bind_password
ldap_filter
turn_shared_secret
turn_user_lifetime
max_upload_size
smtp_host
smtp_port
smtp_user
smtp_pass
riot_base_url
rc_message_per_second
rc_message_burst
rc_login_per_second
rc_login_burst
global_cache_factor
event_cache_size

5
type/__matrix_synapse/parameter/optional_multiple Normal file
View file

@ -0,0 +1,5 @@
turn_uri
registration_allows_email_pattern
auto_join_room
app_service_config_file
extra_setting

4
type/__matrix_synapse/parameter/required Normal file
View file

@ -0,0 +1,4 @@
server_name
base_url
database_engine
database_name

0
type/__matrix_synapse/singleton Normal file
View file

18
type/__matterbridge/files/matterbridge.service.sh
View file

@ -1,18 +0,0 @@
#!/bin/sh
cat <<EOF
[Unit]
Description=IM bridging daemon
Wants=network-online.target
After=network-online.target
[Service]
User=$USER
Group=$GROUP
Type=simple
Restart=on-failure
ExecStart=$BINARY_PATH -conf=/etc/matterbridge/matterbridge.toml
[Install]
WantedBy=multi-user.target
EOF

56
type/__matterbridge/man.rst
View file

@ -1,56 +0,0 @@
cdist-type__matterbridge(7)
===========================
NAME
----
cdist-type__matterbridge - Install matterbridge from upstream binary
DESCRIPTION
-----------
This singleton type install a matterbridge service from binary.
REQUIRED PARAMETERS
-------------------
version
Release (git tag) to fetch from the project github's page.
config
Matterbridge configuration (TOML).
OPTIONAL PARAMETERS
-------------------
None.
BOOLEAN PARAMETERS
------------------
None.
EXAMPLES
--------
.. code-block:: sh
__matterbridge --version 1.16.3 --config - <<- EOF
[...]
EOF
SEE ALSO
--------
- `Matterbridge github repository <https://github.com/42wim/matterbridge>`_
AUTHORS
-------
Timothée Floure <timothee.floure@ungleich.ch>
COPYING
-------
Copyright \(C) 2020 Timothée Floure. You can redistribute it
and/or modify it under the terms of the GNU General Public License as
published by the Free Software Foundation, either version 3 of the
License, or (at your option) any later version.

98
type/__matterbridge/manifest
View file

@ -1,98 +0,0 @@
#!/bin/sh -e
#
# 2020 Timothée Floure (timothee.floure@ungleich.ch)
#
# This file is part of cdist.
#
# cdist is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# cdist is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
#
os=$(cat "$__global/explorer/os")
case "$os" in
debian)
# This type assume systemd for service installation.
;;
*)
printf "Your operating system (%s) is currently not supported by this type (%s)\n" "$os" "${__type##*/}" >&2
printf "Please contribute an implementation for it if you can.\n" >&2
exit 1
;;
esac
# Required parameters.
VERSION=$(cat "$__object/parameter/version")
if [ -f "$__object/parameter/config" ]; then
CONFIG="$(cat "$__object/parameter/config")"
if [ "$CONFIG" = "-" ]; then
CONFIG=$(cat "$__object/stdin")
fi
fi
# Hardcoded values used in templates.
export BINARY_PATH=/usr/local/bin/matterbridge
export CONFIG_PATH=/etc/matterbridge/matterbridge.toml
export USER=matterbridge
export GROUP=$USER
# Internal variables.
artefact="matterbridge-$VERSION-linux-64bit"
checksum_file="checksums.txt"
release_download_url=https://github.com/42wim/matterbridge/releases/download
binary_url="$release_download_url/v$VERSION/$artefact"
checksum_file_url="$release_download_url/v$VERSION/$checksum_file"
config_dir=$(dirname $CONFIG_PATH)
systemd_unit_path='/etc/systemd/system/matterbridge.service'
# Check if curl is available.
if ! command -v curl; then
echo "curl is required for this type, but could not be found. Exiting." >&2
exit 1
fi
# Initialize working directory.
mkdir -p "$__object/files"
# Download and check matterbridge binary.
curl -L "$binary_url" -o "$__object/files/$artefact"
curl -Ls "$checksum_file_url" | grep "$artefact" > "$__object/files/$checksum_file"
if ! (cd "$__object/files"; sha256sum --check $checksum_file); then
echo "Matterbridge binary checksum failed." >&2
exit 1
fi
# Create service user.
__user $USER --home "/var/lib/$USER"
# Deploy matterbridge binary.
require="__user/$USER" __file "$BINARY_PATH" \
--source "$__object/files/$artefact" \
--owner "$USER" --mode 755
# Generate and deploy configuration file.
"$__type/files/matterbridge.service.sh" > "$__object/files/matterbridge.service"
require="__user/$USER" __directory "$config_dir" \
--owner "$USER" --mode 0755 --parents \
require="__directory/$config_dir" __file "$CONFIG_PATH" \
--owner "$USER" \
--mode 0640 \
--source "$CONFIG"
__file "$systemd_unit_path" \
--source "$__object/files/matterbridge.service"
# Deal with init system.
require="__file/$systemd_unit_path" __start_on_boot matterbridge
require="__file/$BINARY_PATH __file/$CONFIG_PATH __file/$systemd_unit_path" __service matterbridge --action restart

2
type/__matterbridge/parameter/required
View file

@ -1,2 +0,0 @@
version
config

8
type/__netbox/explorer/secretkey
View file

@ -1,8 +0,0 @@
#!/bin/sh -e
# Explorer will output the key if he exists.
secretkey="/opt/netbox/cdist/secretkey"
if [ -f "$secretkey" ]; then
cat "$secretkey"
fi

5
type/__netbox/explorer/version
View file

@ -1,5 +0,0 @@
#!/bin/sh -e
# output version if exist
version_path="/opt/netbox/cdist/version"
if [ -f "$version_path" ]; then cat "$version_path"; fi

319
type/__netbox/files/configuration.py.sh
View file

@ -1,319 +0,0 @@
#!/bin/sh
cat << EOF
#########################
# #
# Required settings #
# #
#########################
# This is a list of valid fully-qualified domain names (FQDNs) for the NetBox server. NetBox will not permit write
# access to the server via any other hostnames. The first FQDN in the list will be treated as the preferred name.
#
# Example: ALLOWED_HOSTS = ['netbox.example.com', 'netbox.internal.local']
ALLOWED_HOSTS = [$ALLOWED_HOSTS ]
# PostgreSQL database configuration. See the Django documentation for a complete list of available parameters:
# https://docs.djangoproject.com/en/stable/ref/settings/#databases
DATABASE = {
'NAME': '$DATABASE_NAME', # Database name
'USER': '$DATABASE_USER', # PostgreSQL username
'PASSWORD': '$DATABASE_PASSWORD', # PostgreSQL password
'HOST': '$DATABASE_HOST', # Database server
'PORT': '$DATABASE_PORT', # Database port (leave blank for default)
'CONN_MAX_AGE': 300, # Max database connection age
}
# Redis database settings. Redis is used for caching and for queuing background tasks such as webhook events. A separate
# configuration exists for each. Full connection details are required in both sections, and it is strongly recommended
# to use two separate database IDs.
REDIS = {
'tasks': {
'HOST': '$REDIS_HOST',
'PORT': $REDIS_PORT,
# Comment out \`HOST\` and \`PORT\` lines and uncomment the following if using Redis Sentinel
# 'SENTINELS': [('mysentinel.redis.example.com', 6379)],
# 'SENTINEL_SERVICE': 'netbox',
'PASSWORD': '$REDIS_PASSWORD',
'DATABASE': $((REDIS_DBID_OFFSET + 0)),
'SSL': $REDIS_SSL,
},
'caching': {
'HOST': '$REDIS_HOST',
'PORT': $REDIS_PORT,
# Comment out \`HOST\` and \`PORT\` lines and uncomment the following if using Redis Sentinel
# 'SENTINELS': [('mysentinel.redis.example.com', 6379)],
# 'SENTINEL_SERVICE': 'netbox',
'PASSWORD': '$REDIS_PASSWORD',
'DATABASE': $((REDIS_DBID_OFFSET + 1)),
'SSL': $REDIS_SSL,
}
}
RQ_DEFAULT_TIMEOUT = 300
# This key is used for secure generation of random numbers and strings. It must never be exposed outside of this file.
# For optimal security, SECRET_KEY should be at least 50 characters in length and contain a mix of letters, numbers, and
# symbols. NetBox will not run without this defined. For more information, see
# https://docs.djangoproject.com/en/stable/ref/settings/#std:setting-SECRET_KEY
SECRET_KEY = '$SECRET_KEY'
#########################
# #
# Optional settings #
# #
#########################
# Specify one or more name and email address tuples representing NetBox administrators. These people will be notified of
# application errors (assuming correct email settings are provided).
ADMINS = [
# ['John Doe', 'jdoe@example.com'],
]
# URL schemes that are allowed within links in NetBox
ALLOWED_URL_SCHEMES = (
'file', 'ftp', 'ftps', 'http', 'https', 'irc', 'mailto', 'sftp', 'ssh', 'tel', 'telnet', 'tftp', 'vnc', 'xmpp',
)
# Optionally display a persistent banner at the top and/or bottom of every page. HTML is allowed. To display the same
# content in both banners, define BANNER_TOP and set BANNER_BOTTOM = BANNER_TOP.
BANNER_TOP = ''
BANNER_BOTTOM = ''
# Text to include on the login page above the login form. HTML is allowed.
BANNER_LOGIN = ''
# Base URL path if accessing NetBox within a directory. For example, if installed at http://example.com/netbox/, set:
# BASE_PATH = 'netbox/'
BASE_PATH = '$BASEPATH'
# Cache timeout in seconds. Set to 0 to dissable caching. Defaults to 900 (15 minutes)
CACHE_TIMEOUT = 900
# Maximum number of days to retain logged changes. Set to 0 to retain changes indefinitely. (Default: 90)
CHANGELOG_RETENTION = 90
# API Cross-Origin Resource Sharing (CORS) settings. If CORS_ORIGIN_ALLOW_ALL is set to True, all origins will be
# allowed. Otherwise, define a list of allowed origins using either CORS_ORIGIN_WHITELIST or
# CORS_ORIGIN_REGEX_WHITELIST. For more information, see https://github.com/ottoyiu/django-cors-headers
CORS_ORIGIN_ALLOW_ALL = False
CORS_ORIGIN_WHITELIST = [
# 'https://hostname.example.com',
]
CORS_ORIGIN_REGEX_WHITELIST = [
# r'^(https?://)?(\w+\.)?example\.com$',
]
# Set to True to enable server debugging. WARNING: Debugging introduces a substantial performance penalty and may reveal
# sensitive information about your installation. Only enable debugging while performing testing. Never enable debugging
# on a production system.
DEBUG = False
# Email settings
EMAIL = {
'SERVER': '$SMTP_HOST',
'PORT': $SMTP_PORT,
'USERNAME': '$SMTP_USER',
'PASSWORD': '$SMTP_PASSWORD',
'USE_SSL': $SMTP_USE_SSL,
'USE_TLS': $SMTP_USE_TLS,
'TIMEOUT': 10, # seconds
'FROM_EMAIL': '$SMTP_FROM_EMAIL',
}
# Enforcement of unique IP space can be toggled on a per-VRF basis. To enforce unique IP space within the global table
# (all prefixes and IP addresses not assigned to a VRF), set ENFORCE_GLOBAL_UNIQUE to True.
ENFORCE_GLOBAL_UNIQUE = False
# Exempt certain models from the enforcement of view permissions. Models listed here will be viewable by all users and
# by anonymous users. List models in the form \`<app>.<model>\`. Add '*' to this list to exempt all models.
EXEMPT_VIEW_PERMISSIONS = [
# 'dcim.site',
# 'dcim.region',
# 'ipam.prefix',
]
EOF
if [ "$HTTP_PROXY" != "" ] || [ "$HTTPS_PROXY" != "" ]; then
cat << EOF
# HTTP proxies NetBox should use when sending outbound HTTP requests (e.g. for webhooks).
HTTP_PROXIES = {
EOF
if [ "$HTTP_PROXY" != "" ]; then
cat << EOF
'http': '$HTTP_PROXY',
EOF
fi
if [ "$HTTPS_PROXY" != "" ]; then
cat << EOF
'https': '$HTTPS_PROXY',
EOF
fi
cat << EOF
}
EOF
fi
cat << EOF
# IP addresses recognized as internal to the system. The debugging toolbar will be available only to clients accessing
# NetBox from an internal IP.
INTERNAL_IPS = ('127.0.0.1', '::1')
# Enable custom logging. Please see the Django documentation for detailed guidance on configuring custom logs:
# https://docs.djangoproject.com/en/stable/topics/logging/
LOGGING = {}
# Setting this to True will permit only authenticated users to access any part of NetBox. By default, anonymous users
# are permitted to access most data in NetBox (excluding secrets) but not make any changes.
LOGIN_REQUIRED = $LOGIN_REQUIRED
# The length of time (in seconds) for which a user will remain logged into the web UI before being prompted to
# re-authenticate. (Default: 1209600 [14 days])
LOGIN_TIMEOUT = None
# Setting this to True will display a "maintenance mode" banner at the top of every page.
MAINTENANCE_MODE = False
# An API consumer can request an arbitrary number of objects =by appending the "limit" parameter to the URL (e.g.
# "?limit=1000"). This setting defines the maximum limit. Setting it to 0 or None will allow an API consumer to request
# all objects by specifying "?limit=0".
MAX_PAGE_SIZE = 1000
EOF
if [ "$MEDIA_ROOT" != "" ]; then
cat << EOF
# The file path where uploaded media such as image attachments are stored. A trailing slash is not needed. Note that
# the default value of this setting is derived from the installed location.
MEDIA_ROOT = '$MEDIA_ROOT'
EOF
fi
cat << EOF
# By default uploaded media is stored on the local filesystem. Using Django-storages is also supported. Provide the
# class path of the storage driver in STORAGE_BACKEND and any configuration options in STORAGE_CONFIG. For example:
# STORAGE_BACKEND = 'storages.backends.s3boto3.S3Boto3Storage'
# STORAGE_CONFIG = {
# 'AWS_ACCESS_KEY_ID': 'Key ID',
# 'AWS_SECRET_ACCESS_KEY': 'Secret',
# 'AWS_STORAGE_BUCKET_NAME': 'netbox',
# 'AWS_S3_REGION_NAME': 'eu-west-1',
# }
# Expose Prometheus monitoring metrics at the HTTP endpoint '/metrics'
METRICS_ENABLED = False
# Credentials that NetBox will uses to authenticate to devices when connecting via NAPALM.
NAPALM_USERNAME = ''
NAPALM_PASSWORD = ''
# NAPALM timeout (in seconds). (Default: 30)
NAPALM_TIMEOUT = 30
# NAPALM optional arguments (see http://napalm.readthedocs.io/en/latest/support/#optional-arguments). Arguments must
# be provided as a dictionary.
NAPALM_ARGS = {}
# Determine how many objects to display per page within a list. (Default: 50)
PAGINATE_COUNT = 50
# Enable installed plugins. Add the name of each plugin to the list.
PLUGINS = []
# Plugins configuration settings. These settings are used by various plugins that the user may have installed.
# Each key in the dictionary is the name of an installed plugin and its value is a dictionary of settings.
# PLUGINS_CONFIG = {
# 'my_plugin': {
# 'foo': 'bar',
# 'buzz': 'bazz'
# }
# }
# When determining the primary IP address for a device, IPv6 is preferred over IPv4 by default. Set this to True to
# prefer IPv4 instead.
PREFER_IPV4 = False
# Rack elevation size defaults, in pixels. For best results, the ratio of width to height should be roughly 10:1.
RACK_ELEVATION_DEFAULT_UNIT_HEIGHT = 22
RACK_ELEVATION_DEFAULT_UNIT_WIDTH = 220
EOF
if [ "$USE_LDAP" ]; then
cat << EOF
# Remote authentication support with ldap
REMOTE_AUTH_ENABLED = True
REMOTE_AUTH_BACKEND = 'netbox.authentication.LDAPBackend'
EOF
else
cat << EOF
# Remote authentication support
REMOTE_AUTH_ENABLED = False
REMOTE_AUTH_BACKEND = 'netbox.authentication.RemoteUserBackend'
EOF
fi
cat << EOF
REMOTE_AUTH_HEADER = 'HTTP_REMOTE_USER'
REMOTE_AUTH_AUTO_CREATE_USER = True
REMOTE_AUTH_DEFAULT_GROUPS = []
REMOTE_AUTH_DEFAULT_PERMISSIONS = {}
# This determines how often the GitHub API is called to check the latest release of NetBox. Must be at least 1 hour.
RELEASE_CHECK_TIMEOUT = 24 * 3600
# This repository is used to check whether there is a new release of NetBox available. Set to None to disable the
# version check or use the URL below to check for release in the official NetBox repository.
EOF
if [ "$UPDATE_CHECK" != "" ]; then
cat << EOF
RELEASE_CHECK_URL = 'https://api.github.com/repos/netbox-community/netbox/releases'
EOF
else
cat << EOF
RELEASE_CHECK_URL = None
EOF
fi
if [ "$REPORTS_ROOT" != "" ]; then
cat << EOF
# The file path where custom reports will be stored. A trailing slash is not needed. Note that the default value of
# this setting is derived from the installed location.
REPORTS_ROOT = '$REPORTS_ROOT'
EOF
fi
if [ "$SCRIPTS_ROOT" != "" ]; then
cat << EOF
# The file path where custom scripts will be stored. A trailing slash is not needed. Note that the default value of
# this setting is derived from the installed location.
SCRIPTS_ROOT = '$SCRIPTS_ROOT'
EOF
fi
cat << EOF
# By default, NetBox will store session data in the database. Alternatively, a file path can be specified here to use
# local file storage instead. (This can be useful for enabling authentication on a standby instance with read-only
# database access.) Note that the user as which NetBox runs must have read and write permissions to this path.
SESSION_FILE_PATH = None
# Time zone (default: UTC)
TIME_ZONE = 'UTC'
# Date/time formatting. See the following link for supported formats:
# https://docs.djangoproject.com/en/stable/ref/templates/builtins/#date
DATE_FORMAT = 'N j, Y'
SHORT_DATE_FORMAT = 'Y-m-d'
TIME_FORMAT = 'g:i a'
SHORT_TIME_FORMAT = 'H:i:s'
DATETIME_FORMAT = 'N j, Y g:i a'
SHORT_DATETIME_FORMAT = 'Y-m-d H:i'
EOF

82
type/__netbox/files/ldap_config.py.sh
View file

@ -1,82 +0,0 @@
#!/bin/sh
# no configuration if there are no ldap parameters
if [ -z "$USE_LDAP" ]; then
# skip
cat << EOF
##############################
# LDAP-backed authentication #
##############################
# no options set
EOF
exit 0
fi
cat << EOF
##############################
# LDAP-backed authentication #
##############################
import ldap
from django_auth_ldap.config import LDAPSearch, PosixGroupType
# Server URI
AUTH_LDAP_SERVER_URI = "$LDAP_SERVER"
# Set the DN and password for the NetBox service account.
AUTH_LDAP_BIND_DN = "$LDAP_BIND_DN"
AUTH_LDAP_BIND_PASSWORD = "$LDAP_BIND_PASSWORD"
# Search for user entry.
AUTH_LDAP_USER_SEARCH = LDAPSearch("$LDAP_USER_BASE",
ldap.SCOPE_SUBTREE,
"(uid=%(user)s)")
# You can map user attributes to Django attributes as so.
AUTH_LDAP_USER_ATTR_MAP = {
"first_name": "givenName",
"last_name": "sn",
"email": "mail"
}
EOF
if [ "$LDAP_GROUP_BASE" != "" ]; then
cat << EOF
# This search ought to return all groups to which the user belongs. django_auth_ldap uses this to determine group
# hierarchy.
AUTH_LDAP_GROUP_SEARCH = LDAPSearch("$LDAP_GROUP_BASE", ldap.SCOPE_SUBTREE,
"(objectClass=posixGroup)")
AUTH_LDAP_GROUP_TYPE = PosixGroupType()
# Mirror LDAP group assignments.
AUTH_LDAP_MIRROR_GROUPS = True
# For more granular permissions, map LDAP groups to Django groups.
AUTH_LDAP_FIND_GROUP_PERMS = True
EOF
if [ "$LDAP_REQUIRE_GROUP" != "" ]; then
cat << EOF
# Define a group required to login.
AUTH_LDAP_REQUIRE_GROUP = "$LDAP_REQUIRE_GROUP"
EOF
fi
cat << EOF
# Define special user types using groups. Exercise great caution when assigning superuser status.
AUTH_LDAP_USER_FLAGS_BY_GROUP = {
EOF
# superuser
if [ "$LDAP_SUPERUSER_GROUP" != "" ]; then
echo " \"is_superuser\": \"$LDAP_SUPERUSER_GROUP\","
fi
# staff user
if [ "$LDAP_STAFF_GROUP" != "" ]; then
echo " \"is_staff\": \"$LDAP_STAFF_GROUP\","
fi
echo "}"
fi

Some files were not shown because too many files have changed in this diff Show more