ungleich-public/ungleich-learning-circle
6
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

Merge remote-tracking branch 'jinguk/master'

Browse source
This commit is contained in:
Nico Schottelius 2020-05-15 17:03:17 +02:00
commit 790a19f0a6
19 changed files with 209 additions and 41 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

31
kjg/cdist.org
View file

@ -1005,6 +1005,7 @@ VERBOSE: config: Total processing time for 1 host(s): 2.1842637062072754
* cdist3
* cdist4
** Create a new type *__my_nginx*
On the target host find out which directory nginx includes --> /etc/nginx/sites-enabled
@ -1061,3 +1062,33 @@ VERBOSE: config: Total processing time for 1 host(s): 0.6650142669677734
ERROR: cdist: Failed to configure the following hosts: mynginx2.tes
--> nginx is removed and "require" check nginx(__package/nginx)
* cdist5
** What is the difference between gencode-remote and the remote code?
remote code is running on cdist command(cdist config --remote-copy REMOTE_COPY)
gencode-remote is running on cdist type
remote_copy - use for remote copy with cdist command
remote_exec - use for remote execution with cdist command
** What is the difference between gencode-local and gencode-remote?
gencode-local is executed locall, otherwise gencode-remote is executed on the targethost
** Locate a type that comes with upstream cdist that uses gencode-local - which one is it? Why does it need gencode-local?
__ungleich_dhparam
For running a specific local package
ex) openssl dhparam -outform PEM -out ${destination}/${domain}_dhparam.pem $keysize
* cdist6
** __all_in_one
i used singleton, because it does not need specific host.
** __firewall

10
kjg/dot-cdist/manifest/firewall Normal file
View file

@ -0,0 +1,10 @@
case "$__target_host" in
# Everybody has this
localhost)
__package nftables
require="__package/nftables" __my_firewall --file basic
;;
*)
__my_nginx
__my_nginx_site $__target_host #test
esac

12
kjg/dot-cdist/manifest/init
View file

@ -1,11 +1,17 @@
#!/bin/sh
sh -e "$__manifest/firewall"
case "$__target_host" in
# Everybody has this
localhost)
#__my_computer
#__colourful_file test --colour test1 --colour test2
__my_dotfiles
#__my_dotfiles
__all_in_one --with-x --extra-packages git
;;
*)
#__my_nginx
__my_nginx_site $__target_host
__my_nginx
__my_nginx_site $__target_host #test
esac

38
kjg/dot-cdist/type/__all_in_one/manifest Normal file
View file

@ -0,0 +1,38 @@
#!/bin/sh
os=$(cat "$__global/explorer/os")
case "$os" in
alpine)
os_pkgs="netcat-openbsd and tshark"
;;
debian|devuan)
os_pkgs="netcat tshark"
;;
fedora)
os_pkgs="nmap-ncat wireshark-cli"
;;
*)
echo "OS $os currently not supported" >&2
exit 1
;;
esac
base_pkgs="socat sipcalc sudo"
if [! -f ${__object}/parameter/with-x ]; then
for bpkg in ${base_pkgs}; do
__package ${bpkg} --state present
done
for opkg in ${os_pkgs}; do
__package ${opkg} --state present
done
fi
if [ -f "$__object/parameter/extra-packages" ]; then
for epkg in $(cat $__object/parameter/extra-packages); do
__package $epkg --state present
done
fi

1
kjg/dot-cdist/type/__all_in_one/parameter/boolean Normal file
View file

@ -0,0 +1 @@
with-x

1
kjg/dot-cdist/type/__all_in_one/parameter/optional_multiple Normal file
View file

@ -0,0 +1 @@
extra-packages

1
kjg/dot-cdist/type/__all_in_one/parameter/optional_multiple~ Normal file
View file

@ -0,0 +1 @@
extra-packages

0
kjg/dot-cdist/type/__all_in_one/singleton Normal file
View file

3
kjg/dot-cdist/type/__my_firewall/explorer/exists Normal file
View file

@ -0,0 +1,3 @@
#!/bin/sh
nft -V | grpe v* || true

3
kjg/dot-cdist/type/__my_firewall/explorer/nfrule Normal file
View file

@ -0,0 +1,3 @@
nft list ruleset

1
kjg/dot-cdist/type/__my_firewall/files/basic Normal file
View file

@ -0,0 +1 @@
test

5
kjg/dot-cdist/type/__my_firewall/gencode-remote Normal file
View file

@ -0,0 +1,5 @@
#!/bin/sh -e
if [! -f echo "diff /etc/my-nftables /etc/readrule"]; then
echo "nft -f /etc/my-nftables"
fi

5
kjg/dot-cdist/type/__my_firewall/gencode-remote~ Normal file
View file

@ -0,0 +1,5 @@
#!/bin/sh -e
if [! -f echo "diff /etc/my-nftables /etc/readnfrule"]; then
echo "nft -f /etc/my-nftables"
fi

24
kjg/dot-cdist/type/__my_firewall/manifest Normal file
View file

@ -0,0 +1,24 @@
#!/bin/sh
os=$(cat "$__global/explorer/os")
nft_path="/etc/my-nftables"
if [ ! -f "$__global/explorer/exists" ];then
echo "crrently no nft" >&2
exit 1
fi
if ["-" -eq "$__object/parameter/file" ]; then
filename="$__object/stdin"
else
filename=($__object/parameter/file)
fi
__file ${nft_path} --mode 644 --source "$__type/files/${filename}"
if [ -f "$__global/explorer/nfrule" ]; then
echo "$__global/explorer//nfrule" > /etc/readrule
fi

40
kjg/dot-cdist/type/__my_firewall/manifest~ Normal file
View file

@ -0,0 +1,40 @@
#!/bin/sh
os=$(cat "$__global/explorer/os")
nft_path="/etc/my-nftables"
case "$os" in
alpine)
os_pkgs="netcat-openbsd and tshark"
;;
debian|devuan)
os_pkgs="netcat tshark"
;;
fedora)
os_pkgs="nmap-ncat wireshark-cli"
;;
*)
echo "OS $os currently not supported" >&2
exit 1
;;
esac
if [ ! -f "$__global/explorer/exists" ];then
echo "crrently no nft" >&2
exit 1
fi
if ["-" -eq "$__object/parameter/file" ]; then
filename="$__object/stdin"
else
filename=($__object/parameter/file)
fi
__file ${nft_path} --mode 644 --source "$__type/files/${filename}"
if [ -f "$__global/explorer/nfrule" ]; then
echo "$__global/explorer//nfrule" > /etc/readrule
fi

0
kjg/dot-cdist/type/__my_firewall/singleton Normal file
View file

20
kjg/dot-cdist/type/__my_nginx_site/gencode-remote Normal file
View file

@ -0,0 +1,20 @@
os=$(cat "$__global/explorer/os")
case "$os" in
devuan)
CONF_DIR=/etc/nginx/sites-enabled
;;
alpine)
CONF_DIR=/etc/nginx/conf.d
;;
*)
echo "OS $os currently not supported" >&2
exit 1
;;
esac
DOMAIN_NAME="$__object_id"
if grep -q "^__file${CONF_DIR}/${DOMAIN_NAME}" "$__messages_in"; then
echo 'service nginx reload'
fi

22
kjg/dot-cdist/type/__my_nginx_site/manifest
View file

@ -1,11 +1,23 @@
#!/bin/sh
os=$(cat "$__global/explorer/os")
case "$os" in
devuan)
CONF_DIR=/etc/nginx/sites-enabled
;;
alpine)
CONF_DIR=/etc/nginx/conf.d
;;
*)
echo "OS $os currently not supported" >&2
exit 1
;;
esac
DOMAIN_NAME="$__object_id"
CONF_DIR=/etc/nginx/sites-enabled
WEB_ROOT=/var/www/html/${DOMAIN_NAME}
__directory $WEB_ROOT --parents --mode 0644
require="__package/nginx" __file "${CONF_DIR}/${DOMAIN_NAME}.conf" \
@ -14,11 +26,11 @@ server {
listen *:80;
listen [::]:80;
server_name $name;
root $WEBROOT;
server_name $DOMAIN_NAME;
root $WEB_ROOT;
location /.well-known/acme-challenge/ {
root $WEBROOT;
root $WEB_ROOT;
}
# Everything else -> ssl

33
kjg/dot-cdist/type/__my_nginx_site/manifest~
View file

@ -1,33 +0,0 @@
#!/bin/sh
DOMAIN_NAME="$__object_id"
CONF_DIR=/etc/nginx/sites-enabled
WEB_ROOT=/var/www/html/${DOMAIN_NAME}
#__package nginx --state installed
#require="__package/nginx" __file "~/ungleich-learning/test.conf" \
require="__package/nginx" __file "${CONF_DIR}/${DOMAIN_NAME}.conf" \
--mode 0644 --source - << EOF
server {
listen *:80;
listen [::]:80;
server_name $name;
root $WEBROOT;
location /.well-known/acme-challenge/ {
root $WEBROOT;
}
# Everything else -> ssl
location / {
return 301 https://\$host\$request_uri;
}
}
EOF