aa80c09c80
[__letsencrypt_cert] Move hook contents generation out of manifest
...
While there address some minor issues in the comments in the hook contents.
2021-02-10 10:10:21 +01:00
b832af5e3b
[__letsencrypt_cert] Don't mess with user script indentation
...
This could break in odd ways if they passed sth like:
cat <<eof
bla bla
eof
2021-02-09 20:53:58 +01:00
e49da474c4
[__letsencrypt_cert] Remove problematic trailing slash in sed.
...
Happy fingers are happy and like adding slashes places.
2021-02-09 20:29:17 +01:00
bc145bbc27
[__letsencrypt_cert] Fix various issues with hooks.
...
Closes #853 , see issue for full description / discussion.
Short summary:
- There was about 6.53% chances of `--renewal-hook` not being applied
- Using --automatic-renewal in one cert and not in another was an error.
- It was not possible to use different hooks for different certificates.
- FreeBSD support was utterly broken.
2021-02-09 19:58:47 +01:00
Darko Poljak
65a6a2ed52
++changelog
2021-02-08 08:28:31 +01:00
c8141d28c3
Merge branch 'fix/explorer/memory' into 'master'
...
explorer/memory: fix to return result in kiB for all systems and add support for Solaris
See merge request ungleich-public/cdist!967
2021-02-08 08:27:07 +01:00
cda17be38a
[explorer/memory] Clean up, return kiB for all systems, add SunOS
...
BSDs were MiB before.
2021-02-08 08:27:03 +01:00
73a03d75d7
__package_pip: fix shellcheck
2021-02-04 19:18:02 +01:00
8eccacec59
__package_pip: add optional dependencies
...
This is a poor implementation of optional dependencies for pip packages.
It ensures to install them if the package will be installed, but does
not take into account if they must be added/removed after the package is
already installed. Also, it will not be autoremoved, as all dependencies
will not be removed.
2021-02-04 19:09:26 +01:00
Dennis Camera
35cde3e666
[type/__postgres_role] Fix state explorer when stored password is empty
2021-01-18 13:09:29 +01:00
Darko Poljak
92a50da487
Fix pycodestyle issues
2021-01-18 06:28:09 +01:00
Darko Poljak
6e9b13d949
++changelog
2021-01-18 06:22:32 +01:00
878a65a8b7
Merge branch 'fix/type/__sshd_config/error-on-invalid' into 'master'
...
sshd config: Produce error if invalid config is generated, fix processing of AuthenticationMethods and AuthorizedKeysFile, document explorer bug
See merge request ungleich-public/cdist!968
2021-01-18 06:22:02 +01:00
cce470b556
Merge branch 'bugfix/preos-debug' into 'master'
...
Fix debug parameter
Closes #849
See merge request ungleich-public/cdist!970
2021-01-18 06:17:36 +01:00
Dennis Camera
2954347771
[type/__postgres_role] Add note regarding empty passwords
2021-01-14 13:46:40 +01:00
Nico Schottelius
f0e1b3b849
Merge branch 'master' of code.ungleich.ch:ungleich-public/cdist
2021-01-11 22:20:50 +01:00
Darko Poljak
c819548343
Fix debug parameter
...
-d was removed from cdist in favor of mulitple -v and -l parameters, but
-d was not removed from preos.
Resolve #849 .
2021-01-11 09:51:52 +01:00
Dennis Camera
bd8ab8f26f
[type/__sshd_config] Document "bug" in state explorer
2021-01-05 17:02:42 +01:00
Dennis Camera
8753b7eedf
[type/__sshd_config] Make AuthenticationMethods and AuthorizedKeysFile singleton options
...
They were incorrectly treated as non-singleton options before.
cf. https://github.com/openssh/openssh-portable/blob/V_8_4/servconf.c#L2273
and https://github.com/openssh/openssh-portable/blob/V_8_4/servconf.c#L1899 resp.
2021-01-05 16:59:04 +01:00
Dennis Camera
766198912d
[type/__sshd_config] Produce error if invalid config file is generated
...
Previously, cdist would silently swallow the error (no invalid config file was
generated).
Reason: `set -e` does not exit if a command in a sub-command group fails,
it merely returns with a non-zero exit status.
e.g. the following snippet does not abort the script if sshd -t returns with a
non-zero exit status:
set -e
cmp -s old new || {
# check config file and update it
sshd -t -f new \
&& cat new >old
}
or compressed:
set -e
false || { false && true; }
echo $?
# prints 1
2021-01-05 15:50:21 +01:00
Darko Poljak
7cf85c4659
Release 6.9.4
2020-12-21 19:21:51 +01:00
Nico Schottelius
a10d43bc69
Merge branch 'master' of code.ungleich.ch:ungleich-public/cdist
2020-12-20 11:42:44 +01:00
Darko Poljak
4bae2863db
++changelog
2020-12-18 12:54:33 +01:00
3566901e1c
Merge branch '__dot_file-dirmode' into 'master'
...
Added optional dirmode parameter to set the mode of (optional) the directory.
See merge request ungleich-public/cdist!966
2020-12-18 12:50:30 +01:00
Mark Verboom
8dc2c4207c
Added optional dirmode parameter to set the mode of (optional) the directory.
2020-12-18 11:16:28 +01:00
Dennis Camera
99d82fd0d5
[type/__postgres_role] Always set psql -q
2020-12-17 17:05:58 +01:00
Dennis Camera
1180f13ed6
[type/__postgres_role] Fix setting password
...
We need to make sure that the password does not end up in ~/.psql_history.
2020-12-17 17:03:58 +01:00
Dennis Camera
4859c27900
[type/__postgres_role] Refactor gencode-remote
2020-12-17 16:57:43 +01:00
Dennis Camera
7b7ca4d385
[type/__postgres_role] Handle password changes
2020-12-16 19:07:05 +01:00
Dennis Camera
c36df82882
[type/__postgres_role] ALTER ROLE when parameters change
2020-12-15 21:11:48 +01:00
Dennis Camera
932e2496ed
[type/__postgres_role] Lint
2020-12-15 18:40:39 +01:00
Darko Poljak
71f2283117
++changelog
2020-12-13 16:03:39 +01:00
f87da8150c
Merge branch 'type/__debian_backports' into 'master'
...
__apt_backports type
See merge request ungleich-public/cdist!964
2020-12-13 16:03:31 +01:00
ae747ac021
Merge branch 'os_version-freebsd' into 'master'
...
[explorer/os_version] Improve FreeBSD support.
See merge request ungleich-public/cdist!965
2020-12-13 16:00:45 +01:00
27aca06fb8
__apt_backports: undo __apt_update_index call
...
Becuase it is already done by __apt_source.
2020-12-12 17:34:51 +01:00
fca35fc858
__apt_backports: fix explorer call
...
s/-/_/ because the explorers are following an other convention :-)
2020-12-12 17:29:58 +01:00
645734c629
[explorer/os_version] Improve FreeBSD support.
...
It looks like uname -r is not the most reliable way to get the target patch
level for the target system.
For more information see:
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=251743
2020-12-12 12:15:17 +01:00
fafa3d9ea5
__apt_backports: update index if required
...
This type now automatically calls the type __apt_update_index to update
the package index if something changed.
2020-12-12 10:00:23 +01:00
49aec0b5e4
__apt_backports: list supported OSes
...
The manpage now lists all OSes where this type supports backports.
2020-12-12 09:40:47 +01:00
c4d19a2319
__debian_backports -> __apt_backports; add wider os support
...
As discussed in the chat, this type now supports a broader list of OSes
which it supports backports for. Because of this, it was renamed to
something more generic. "apt" should fit in.
2020-12-12 09:36:17 +01:00
Nico Schottelius
69b8bc9af0
Merge branch 'master' of code.ungleich.ch:ungleich-public/cdist
2020-12-11 19:38:03 +01:00
Nico Schottelius
bc2948a8a5
++scan stuff
2020-12-11 19:37:53 +01:00
0d96b31b56
__debian_backports: pass shellcheck for sourced file
...
Because the sourced explorer can't be detected by shellcheck, it will be
completely disabled. Changing the path to /etc/os-release isn't
deterministic either.
The shellcheck wiki page suggests to use `source=/dev/null` instead of
`disable=SC1090`, but it was choosen to completely avoid that check ..
2020-12-11 18:13:44 +01:00
a5169ad858
new type __debian_backports
...
This new type will setup the backports distribution for the current
Debian release.
2020-12-10 21:24:26 +01:00
Darko Poljak
a58f5ffa7f
++changelog
2020-12-08 19:36:44 +01:00
0546d6e476
Merge branch 'fix/__block/escape' into 'master'
...
__block: fix escaping in here-doc
Closes #838
See merge request ungleich-public/cdist!962
2020-12-08 19:36:45 +01:00
Darko Poljak
14c81d6c7e
++changelog
2020-12-08 07:16:26 +01:00
a1987fe410
Merge branch 'feature/__iptables_rule/ipv6' into 'master'
...
__iptables*: add IPv6 support
See merge request ungleich-public/cdist!959
2020-12-08 07:10:29 +01:00
c5ca4cd2e1
__block: securly quote via the quote function
...
Because the function already exists, it will be used for the file to be
changed, too. Therefor, no quotes are required for that value.
The prefix and suffix match was also improved: There is no regex check
any more (the regex did checked the whole line); instead it will do it
simple.
2020-12-07 19:59:05 +01:00
Darko Poljak
2966296173
++changelog
2020-12-07 19:47:52 +01:00