diff --git a/.swp b/.swp new file mode 100644 index 0000000..a4af6a9 Binary files /dev/null and b/.swp differ diff --git a/certbot.cf b/certbot.cf index ca1dc6f..68186e7 100644 --- a/certbot.cf +++ b/certbot.cf @@ -15,7 +15,7 @@ vars: debian:: "certbot_dir" string => "/etc/letsencrypt"; "exe" string => "/usr/bin/certbot"; - "pkgs" slist => {"certbot"}; + "pkgs" slist => {"certbot","cron"}; centos:: "certbot_dir" string => "/etc/letsencrypt"; "exe" string => "/usr/bin/certbot"; @@ -25,28 +25,25 @@ vars: "exe" string => "/usr/bin/certbot"; "pkgs" slist => {"certbot"}; - defaults: "wr" string => "standalone"; "rn" string => ""; reports: - } bundle agent install_certbot { - methods: "any" usebundle => wmde_install_packages( @(certbot.pkgs),"certbot"), handle => "certbot_installed"; files: - freebsd:: + freebsd|debian:: "/etc/cron.d/certbot" create => "true", copy_from => local_dcp("$(sys.workdir)/inputs/$(def.wmde_libdir)/templates/certbot-cron.mustache"); - -# content => '# + +# content => '# # Managed by CFEngine # #SHELL=/bin/sh @@ -59,31 +56,27 @@ files: bundle agent certbot_cert(site,webroot) { - vars: - - "domain" string => "$(site[domain])"; "keytype" string => "rsa"; - + "ds" slist => {"$(site[domain])"}; "domains" slist => sort(mergedata(@(ds),getvalues(@(site[aliases])))); "domains_txt" string => string_mustache("{{#-top-}}{{.}} {{/-top-}}",@(domains)); - "site_json" string => storejson(@(site)); "args" string => string_mustache( "--key-type $(keytype) --cert-name {{domain}} -d {{domain}} {{#aliases}} -d {{.}} {{/aliases}}", @(site) ); - "webroot_arg" string => ifelse( strcmp("$(webroot)","standalone"), + "webroot_arg" string => ifelse( strcmp("$(webroot)","standalone"), "--standalone", - "--webroot -w $(webroot)"); + "--webroot -w $(webroot)"); "cert_test_cmd" string => "$(def.wmde_lib)/scripts/get-domains-from-cert.sh $(certbot.certbot_dir)/live/$(site[domain])/cert.pem"; - + "current_domains_txt" string => execresult("/bin/sh $(cert_test_cmd)","useshell"), if => isvariable ("site[domain]"); @@ -101,7 +94,7 @@ classes: # "run_certbot" # or => {no_cert_file, certbot_repaired}; - "run_certbot" + "run_certbot" expression => not (strcmp("$(current_domains_txt) ","$(domains_txt)")); defaults: @@ -125,5 +118,3 @@ commands: reports: } - - diff --git a/cron.cf b/cron.cf new file mode 100644 index 0000000..9eafb81 --- /dev/null +++ b/cron.cf @@ -0,0 +1,6 @@ + +bundle agent cron +{ +vars: + "cron_d" string => "/etc/cron.d"; +} diff --git a/git.cf b/git.cf index 0e485e9..0a86dbf 100644 --- a/git.cf +++ b/git.cf @@ -18,3 +18,39 @@ bundle agent install_git methods: "any" usebundle => wmde_install_packages(@(git.pkgs),"git"); } + + +body contain gitcmd(execuser,execgroup) +{ + exec_owner => "$(execuser)"; + exec_group => "$(execgroup)"; +} + + +bundle agent git_repo(repo) +{ +classes: + "repo_exists" expression => fileexists("$(repo[path])/.git"); + +files: + "$(repo[path])/." + create=>"true", + perms=>mog("$(repo[perm])","$(repo[user])","$(repo[group])"), + handle=>"git_repo_$(repo[path])_created"; + +commands: + !repo_exists:: + "$(git.exe)" + args=>"clone --branch $(repo[branch]) $(repo[source]) $(repo[path])", + depends_on => {"git_repo_$(repo[path])_created"}, + contain => gitcmd("$(repo[user])","$(repo[group])"); +reports: +# "PATH $(repo[path])/.git"; +# repo_exists:: +# "REPO EXISTS"; +# !repo_exists:: +# "REPO iDOES NOT EXISTS"; + +} + + diff --git a/kvm-host.cf b/kvm-host.cf new file mode 100644 index 0000000..2177eb6 --- /dev/null +++ b/kvm-host.cf @@ -0,0 +1,13 @@ +bundle agent kvm_host(cfg){ + vars: + methods: + reports: + files: +} + +bundle agent kvm(cfg){ + vars: + methods: + reports: + files: +} diff --git a/lego.cf b/lego.cf new file mode 100644 index 0000000..e346635 --- /dev/null +++ b/lego.cf @@ -0,0 +1,105 @@ +# +#Lego +# + +bundle agent lego +{ +vars: + "pkgs" slist => { + "lego" + }; + "exe" string => "/usr/bin/lego"; + "data_dir" string => "/etc/lego"; +debian:: + "exe" string => "/usr/bin/lego"; + "data_dir" string => "/etc/lego"; + "pkgs" slist => { + "lego","cron" + }; + +freebsd:: + "exe" string => "/usr/local/bin/lego"; + "data_dir" string => "/usr/local/etc/lego"; + +} + +bundle agent install_lego +{ +methods: + "any" usebundle => wmde_install_packages( @(lego.pkgs),"lego"); +files: + "$(lego.data_dir)/." + create => "true", + perms => m("750"), + depends_on => {"lego_pkgs_installed"}, + handle => "lego_installed"; + +} + + +bundle agent lego_dns_cert(site) +{ +vars: + # command to read all domains a certificate contains + "cert_test_cmd" string => "$(def.wmde_lib)/scripts/get-domains-from-cert.sh $(lego.data_dir)/certificates/$(site[domain]).crt"; + + "ds" slist => {"$(site[domain])"}; + "domains" slist => sort(mergedata(@(ds),getvalues(@(site[aliases])))); + "domains_txt" string => string_mustache("{{#-top-}}{{.}} {{/-top-}}",@(domains)); + "args" string => string_mustache( + "-d {{domain}} {{#aliases}} -d {{.}} {{/aliases}}", + @(site) + ); + + + "current_domains_txt" string => execresult("/bin/sh $(cert_test_cmd)","useshell"), + if => isvariable ("site[domain]"), + handle=>"lego_current_domains_ready"; + +classes: + "run_lego" + expression => not (strcmp("$(current_domains_txt) ","$(domains_txt)")), + depends_on => {"lego_current_domains_ready"}; + +files: + "/etc/cron.d/lego-$(site[domain])" + create => "true", + content => "0 0 * * * root $(site[dnsapi][key]) $(lego.exe) --path $(lego.data_dir) --email $(site[email]) --dns $(site[dnsapi][provider]) $(args) $(site[lego_renew_raw]) renew $(site[lego_renew_raw2])", + depends_on => {"lego_installed"}; + + +commands: + run_lego:: + "$(site[dnsapi][key]) $(lego.exe) --path $(lego.data_dir) --accept-tos $(site[lego_raw]) --email $(site[email]) --dns $(site[dnsapi][provider]) $(args) run" + contain => wmde_cmd_useshell, + depends_on => {"lego_installed"}; + +# "$(certbot.exe)" +# depends_on => {"certbot_installed","certbot_dry_run_ok"}, +# args => "certonly --agree-tos -n $(webroot_arg) --expand --email $(site[email]) $(args)"; + + + +reports: + + + +# "COMMAND: $(cert_test_cmd)"; +# "CMP: $(current_domains_txt) $(domains_txt)"; + +# "LEG IS INSTALLED" depends_on => {"lego_installed"}; + + +# run_lego:: +# "$(lego.exe)"; +# "--path $(lego.data_dir) --accept-tos --email $(site[email]) --dns $(site[dnsapi][provider]) $(args) run"; + #depends_on => {"lego_installed"}, + + + + +# run_lego:: +# "MUST RUN LEGO"; +# !run_lego:: +# "MUST NOT RUN LEGO"; +} diff --git a/lib.cf b/lib.cf index 6dc12f1..c0d9db6 100644 --- a/lib.cf +++ b/lib.cf @@ -234,8 +234,7 @@ bundle agent install_apt_repo(name,repo_src,key_src,key_name) classes: debian|ubuntu:: "do_install" expression => not(fileexists("/etc/apt/sources.list.d/$(name).list")); - - + vars: do_install:: "pkgs" slist => { @@ -254,7 +253,7 @@ methods: commands: do_install:: "/bin/sh" - args => "$(sys.workdir)/inputs/$(def.wmde_libdir)/scripts/install-php-repo.sh $(name) $(repo_src) $(key_src) $(key_name)", + args => "$(sys.workdir)/inputs/$(def.wmde_libdir)/scripts/install-apt-repo.sh $(name) $(repo_src) $(key_src) $(key_name)", depends_on => { "wget_pkgs_installed", "apt_repo_pkgs_installed" @@ -328,7 +327,12 @@ methods: reports: } - +# Args: +# method string Either `wget` or anything else (not implemented?) +# src string Source URL of the file to download +# dst string ? +# cls string Prefix for classes used in the bundle +# prms_arg data JSON for { m(string): mode, o(string): uid, g(string): gid } bundle agent download_file(method,src,dst,cls,prms_arg) { vars: diff --git a/lxc-host.cf b/lxc-host.cf new file mode 100644 index 0000000..1b2bf1c --- /dev/null +++ b/lxc-host.cf @@ -0,0 +1,391 @@ +# example lxc_host.cfg +# cfg data => ' +# { +# "bridge": "lxcbr0", +# "netmask": "255.255.255.0", +# "network": "10.0.1.0/24", +# "addr": "10.0.1.1", +# "dhcp_range": "10.0.1.200,10.0.1.254" +# "dhcp_max": 253, +# }'; + +bundle agent lxc_host( cfg ) +{ + vars: + # var ip wird in mergedata verwendet, und mergedata mag keine flachen Variablen, + # sondern braucht Arrays auf die eine oder andere Weise + 'ip[thirdoctet]' string => format( "%02x", nth( splitstring( $(cfg[addr]), '\.', 4 ), 2 ) ); + "cfg_ip" data => mergedata( cfg, ip ); + + debian|ubuntu:: + 'lxc_path' string => '/etc/lxc'; + 'lxc_net_path' string => '/etc/default/lxc-net'; + 'lxc_net_tmpl' string => 'debian.lxc-net.mustache'; + 'lxc_default_path' string => '$(lxc_path)/default.conf'; + 'lxc_default_tmpl' string => 'default.conf.mustache'; + 'lxc_hosts_d' string => '$(lxc_path)/hosts.d'; + debian:: + 'pkg_list' slist => { 'lxc','lxc-templates','debian-archive-keyring' }; + ubuntu:: + 'pkg_list' slist => { 'lxc','lxc-templates','ubuntu-archive-keyring' }; + fedora|centos|redhat:: + 'lxc_net_path' string => '/etc/lxc-net'; + + methods: + 'Ensure the packages required for LXC are installed' + usebundle => wmde_install_packages(@(pkg_list),'lxc'), + comment => "The packages to install are defined in var `pkg_list`.", + handle => "lxc_installed"; + + reports: + "The agent $(default:def.agent_name) has been prepared as a host for lx containers."; + "The host provides the network on $(cfg[bridge]) with address $(cfg[addr])."; + "It will configure LXC via DHCP in the range $(cfg[dhcp_range])."; + "Static mappings are in /etc/lxc/hosts.d."; + "This is the third octet: $(ip[thirdoctet])."; + + files: + "$(lxc_path)/." + acl => lxc_dnsmasq, + depends_on => { "lxc_installed" }; + "$(lxc_path)/dnsmasq.conf" + perms => mog('644','root','root'), + content => "dhcp-hostsdir=$(lxc_hosts_d)", + depends_on => { "lxc_installed" }; + "$(lxc_hosts_d)/." + create => "true", + perms => mog('755','root','root'), + handle => "lxchostsdir", + depends_on => { "lxc_installed" }; + "/usr/local/bin/lxc-hooks" + perms => mog('700','root','root'), + copy_from => local_cp("$(sys.workdir)/inputs/wmdelib/scripts/lxc-hooks.sh"), + depends_on => { "lxc_installed" }, + handle => "lxchookscript"; + + debian|ubuntu:: + "$(lxc_net_path)" + perms => mog('644','root', 'root'), + template_data => @(cfg_ip), + template_method => 'mustache', + edit_template => "$(sys.workdir)/inputs/$(def.wmde_libdir)/templates/lxc_host/$(lxc_net_tmpl)", + depends_on => { "lxc_installed" }; + "$(lxc_default_path)" + perms => mog('644','root', 'root'), + template_data => @(cfg_ip), + template_method => 'mustache', + edit_template => "$(sys.workdir)/inputs/$(def.wmde_libdir)/templates/lxc_host/$(lxc_default_tmpl)", + depends_on => { "lxc_installed" }; +} + +body acl lxc_dnsmasq +{ + acl_method => "append"; + acl_type => "posix"; + aces => { + "user:dnsmasq:rx:allow" + }; +} + +# example lxc.cfg +# cfg data => ' +# { +# "name": "proxy", +# "dist": "debian", +# "release": "bookworm", +# "arch": "amd64", +# "bridge": "lxcbr0", +# "ip": "10.0.11.80", +# "group": "", +# "autostart": true, +# "policy": "absent|present", +# "state": "stopped|running", +# }'; +# name +# lxc.container.conf: +# # Parameters passed to the template: --dist $(cfg[dist]) --arch $(cfg[arch]) --release $(cfg[release]) +bundle agent lxc( cfg ) +{ + classes: + "cfg_array" expression => strcmp( type( "cfg", "true" ), "data array" ); + vars: + cfg_array:: + "index" slist => getindices( @(cfg) ); + + methods: + cfg_array:: + "Iterate over config array: $(index)" + usebundle => _lxc( @(cfg[$(index)]) ); + !cfg_array:: + "Forward config to" + usebundle => _lxc( @(cfg) ); + files: + + reports: + cfg_array:: + "Iterated over cfg array."; +} + +# Although all attributes are passed in one data object there are +# qualitative differences. All need the name element. +# lxc-create needs dist, arch and release. +# lxc config file needs autostart and group +# dnsmasq needs the ip +bundle agent _lxc( cfg ) +{ + classes: + "lxc_exists" expression => returnszero( "/usr/bin/lxc-info $(cfg[name]) 2> /dev/null", "noshell" ), scope => "bundle"; + "lxc_host_file_exists" expression => fileexists( "$(lxc_host_file)" ), scope => "bundle"; + "lxc_policy_exists" expression => isvariable( "cfg[policy]" ); + "lxc_state_exists" expression => isvariable( "cfg[state]" ); + lxc_policy_exists:: + "lxc_policy_valid" expression => regcmp( "(absent|present)", "$(cfg[policy])" ); + lxc_policy_valid:: + 'present' expression => strcmp( "present", "$(cfg[policy])" ); + !lxc_policy_exists:: + 'present'; + lxc_state_exists:: + "lxc_state_valid" expression => regcmp( "(stopped|running)", "$(cfg[state])" ); + lxc_state_valid:: + 'running' expression => strcmp( "running", "$(cfg[state])" ); + !lxc_state_exists:: + 'running'; + lxc_exists:: + "lxc_correct_distribution" expression => regline( '^# Parameters passed to the template: --dist $(cfg[dist]) --arch $(cfg[arch]) --release $(cfg[release])$', "$(lxc_dir)/config" ), scope => "bundle"; + + vars: + "lxc_host_file" string => "$(lxc_host.lxc_hosts_d)/$(cfg[name])"; + "lxc_dir" string => "/var/lib/lxc/$(cfg[name])"; + "lxc_rootfs" string => "$(lxc_dir)/rootfs"; + 'autostart' string => $(cfg[autostart]); + 'group' string => $(cfg[group]); + + files: + !lxc_exists & present:: + "/var/lib/lxc/$(cfg[name])/config" + edit_line => lxc_config( "$(autostart)", "$(group)" ), + depends_on => { "lxc_$(cfg[name])_created" }, + handle => "$(cfg[name])_config_created"; + methods: + !lxc_exists & present:: + "Ensure existence of container ($(cfg[name]))" + usebundle => lxc_create( @(cfg) ), + handle => "lxc_$(cfg[name])_created"; + "Ensure static mapping in dnsmasq" + usebundle => lxc_add_static_mapping( @(cfg) ), + depends_on => { "lxc_$(cfg[name])_created" }, + handle => "lxc_$(cfg[name])_mapped_statically"; + lxc_exists & !present:: + "Ensure absence of container ($cfg[name])" + usebundle => lxc_destroy( @(cfg) ), + handle => "lxc_$(cfg[name])_destroyed"; + "Ensure absence of static mapping" + usebundle => lxc_remove_static_mapping( @(cfg) ), + depends_on => { "lxc_$(cfg[name])_destroyed" }, + handle => "lxc_$(cfg[name])_unmapped_statically"; + "Ensure dnsmasq picks up current lxc host configs" + usebundle => reload_dnsmasq, + depends_on => { "lxc_$(cfg[name])_unmapped_statically" }, + handle => "reloaded_dnsmasq_for_$(cfg[name])"; + present & running:: + "Ensure running state of container ($(cfg[name]))" + usebundle => lxc_start( @(cfg[name]) ), + handle => "lxc_$(cfg[name])_started"; + present & !running:: + "Ensure stopped state of container ($(cfg[name]))" + usebundle => lxc_stop( @(cfg[name]) ), + handle => "lxc_$(cfg[name])_stopped"; + reports: + lxc_exists & lxc_correct_distribution:: + "LX Container $(cfg[name]) already configured, nothing to do"; + !lxc_exists & present:: + "LXC $(cfg[name]) did not exist and should have been created."; + lxc_exists & !present:: + "LXC $(cfg[name]) did exist and should have been destroyed."; + present & running:: + "LXC $(cfg[name]) should now be in state RUNNING."; + present & !running:: + "LXC $(cfg[name]) should now be in state STOPPED."; +} + +bundle edit_line lxc_config( autostart, group ) +{ + classes: + "autostart_true" + expression => some( $(autostart_lc), true_statements ), + depends_on => { "$(autostart)_lowercased" }; + "group_provided" + expression => isgreaterthan( $(group_length), 0 ); + vars: + "autostart_lc" + string => string_downcase( $(autostart) ), + handle => "$(autostart)_lowercased"; + "group_length" + int => string_length( $(group) ); + "true_statements" + slist => { "yes", "true", "on", "1" }, + handle => "truth"; + insert_lines: + "# This file is managed by CFEngine. Manual changes will be overwritten." + location => first_line; + autostart_true:: + "lxc.start.auto = 1"; + !autostart_true:: + "lxc.start.auto = 0"; + group_provided:: + "lxc.group = $(group)"; + reports: + "autostart ist $(autostart)"; + "group ist $(group)"; +} + +body location first_line +{ + before_after => "before"; + first_last => "first"; + select_line_matching => ".*"; +} + +bundle agent lxc_add_static_mapping( cfg ) +{ + files: + "$(lxc_host.lxc_hosts_d)/$(cfg[name])" + perms => mog( '644', 'root', 'root' ), + content => "$(cfg[name]),$(cfg[ip])", + handle => "mapped_$(cfg[name])"; + + reports: + "mapped $(cfg[name]) to $(cfg[ip])" + depends_on => { "mapped_$(cfg[name])" }; +} + +bundle agent lxc_remove_static_mapping( cfg ) +{ + files: + "$(lxc_host.lxc_hosts_d)/$(cfg[name])" + delete => tidy, + classes => if_repaired(dnsmasq_reload); + + reports: + dnsmasq_reload:: + "mapped $(cfg[name]) to $(cfg[ip])"; +} + +# When files for static mappings are added dnsmasq automatically loads +# them. But dnsmasq doesn't remove them automatically again when the +# file gets removed. +bundle agent reload_dnsmasq +{ + processes: + dnsmasq_reload:: + "dnsmasq" + signals => { "hup" }; +} + +# DOWNLOAD_KEYSERVER="keyserver.ubuntu.com" lxc-create -n manual -t download -- -d debian -a amd64 -r bookworm +bundle agent lxc_create( cfg ) +{ + classes: + "lxc_dir_btrfs" expression => strcmp( execresult( "/usr/bin/stat -f -c %T /var/lib/lxc" , "noshell", "stdout" ), "btrfs" ); + vars: + !lxc_dir_btrfs:: + "create_args" slist => { + "-n", + $(cfg[name]), + "-t", + "download", + "--", + "-d", + $(cfg[dist]), + "-a", + $(cfg[arch]), + "-r", + $(cfg[release]), + }; + lxc_dir_btrfs:: + "create_args" slist => { + "-n", + $(cfg[name]), + "-t", + "download", + "-B", + "btrfs", + "--", + "-d", + $(cfg[dist]), + "-a", + $(cfg[arch]), + "-r", + $(cfg[release]), + }; + commands: + "/usr/bin/lxc-create" + arglist => { @(create_args) }, + contain => lxc_commands, + handle => "lxc_$(cfg[name])_created"; + reports: + "LXC $(cfg[name]) has been created" + depends_on => { "lxc_$(cfg[name])_created" }; +} + +bundle agent lxc_destroy( cfg ) +{ + methods: + "Ensure LXC is stopped" + usebundle => lxc_stop( $(cfg[name]) ), + handle => "stopped_$(cfg[name])"; + commands: + "/usr/bin/lxc-destroy" + arglist => { + "-n", + $(cfg[name]) + }, + depends_on => { "stopped_$(cfg[name])" }, + handle => "destroyed_$(cfg[name])"; +} + +bundle agent lxc_start( name ) +{ + classes: + "lxc_running" + expression => strcmp( execresult( "/usr/bin/lxc-info -n $(name) -s -H", "noshell", "stdout" ), "RUNNING" ), + scope => "bundle"; + commands: + !lxc_running:: + "/usr/bin/lxc-start" + arglist => { + "-n", + $(name) + }, + handle => "lxc_$(name)_started"; + reports: + !lxc_running:: + "$(name) has been started" + depends_on => { "lxc_$(name)_started" }; +} + +bundle agent lxc_stop( name ) +{ + classes: + "lxc_running" + expression => strcmp( execresult( "/usr/bin/lxc-info -n $(name) -s -H", "noshell", "stdout" ), "RUNNING" ), + scope => "bundle"; + commands: + lxc_running:: + "/usr/bin/lxc-stop" + arglist => { + "-n", + $(name) + }, + handle => "lxc_$(name)_stopped"; + reports: + lxc_running:: + "$(name) has been stopped" + depends_on => { "lxc_$(name)_stopped" }; +} + +body contain lxc_commands +{ + useshell => "noshell"; + no_output => "true"; +} diff --git a/mailserver.cf b/mailserver.cf index 8d51fba..f3f2ace 100644 --- a/mailserver.cf +++ b/mailserver.cf @@ -29,6 +29,7 @@ vars: "pop3":false, "sieve":false, "ssl":false, + "sympa":false, "opendkim":false, "myhostname":"$(sys.host)", "mynetworks":"", @@ -59,10 +60,18 @@ vars: "vimb_src_tgz":"$(sys.workdir)/data/public/vimbadmin-3.4.1.tar.gz", "php_handler":"$(apache.default_php_handler)", "postmaster_mail":"postmaster@$(sys.host)", - "webmaster_mail":"webmaster@$(sys.host)" + "webmaster_mail":"webmaster@$(sys.host)", + + "sympa_listmaster":"tobias.herre@wikimedia.de", + "sympa_dir":"/var/mail/sympa" + + }'; +# "sympa_arc_dir": "$(sympa_dir)/arc"; +# "sympa_home_dir": "$(sympa_dir)/list_data"; +# "sympa_bounce_dir": "$(sympa_dir)/bounce"; "cfg" data => mergedata(@(default_cfg),@(param_cfg)); @@ -423,7 +432,7 @@ virtual_mailbox_domains = mysql:$(postfix_vimbadmin_sql.virtual_domains_maps) virtual_mailbox_maps = mysql:$(postfix_vimbadmin_sql.virtual_mailbox_maps) inet_protocols = ipv4 smtp_tls_security_level = may - +message_size_limit = 26214400 " , "master_raw":"" @@ -433,6 +442,88 @@ smtp_tls_security_level = may + "sympa_cfg" data => '{ + "version":"6.2.72", + "backup_dir":"$(wmde_mail.backup_dir)/sympa", + "db_settings":$(sympa_db_json), + + "settings": { + + "domain":"$(sympa_domain)", + "wwsympa_url":"$(wwsympa_url)", + "listmaster":"$(sympa_listmaster)", + "sendmail_aliases":"$(sympa.conf_dir)/sympa_transport", + "aliases_program":"/usr/sbin/postmap", + "db_type":"$(sympa_db[db_type])", + "db_name":"$(sympa_db[db_name])", + "db_host":"$(sympa_db[db_host])", + "db_passwd":"$(sympa_db[db_pass])", + "db_user":"$(sympa_db[db_user])", + "home":"$(sympa_home_dir)", + "bounce_path":"$(sympa_bounce_dir)", + "arc_path":"$(sympa_arc_dir)", + "etc":"/mnt/mail-vol/sympa/etc" + } + , + "domains":{ + "dewp.org": { + "settings":{ + "wwsympa_url":"https://$(sympa_domain)/dewp.org", + "http_host":"$(sympa_domain)", + "domain":"dewp.org", + "title":"Diese Domain ist zu Testzwecken hier" + } + } + , + "wikipedia.de": { + "settings":{ + "wwsympa_url":"https://$(sympa_domain)/wikipedia.de", + "http_host":"$(sympa_domain)" + } + } + , + "wikimedia.de": { + "settings":{ + "wwsympa_url":"https://$(sympa_domain)/wikimedia.de", + "http_host":"$(sympa_domain)" + } + } + , + "wikimail.info": { + "settings":{ + "wwsympa_url":"https://$(sympa_domain)/wikimail.info", + "http_host":"$(sympa_domain)" + } + } + } + + , + "domains_old":[ + { + "domain":"dewp.org", + "wwsympa_url":"https://$(sympa_domain)/dewp.org", + "http_host":"$(sympa_domain)" + } + , + { + "domain":"wikimedia.de", + "wwsympa_url":"https://$(sympa_domain)/wmde", + "http_host":"$(sympa_domain)" + } + , + { + "domain":"wikipedia.de", + "wwsympa_url":"https://lists.dewp.org/wikipedia.de", + "http_host":"list.dewp.org" + } + ] + + }', + handle => "wmde_mail_sympa_cfg_ready"; + + + + reports: users: diff --git a/mediawiki.cf b/mediawiki.cf new file mode 100644 index 0000000..7869ed0 --- /dev/null +++ b/mediawiki.cf @@ -0,0 +1,46 @@ +# +# +# +bundle agent mediawiki(cfg) +{ +vars: + "major_version" string => "1.39"; + "minor_version" string => "5"; + "dlsite" string => "https://releases.wikimedia.org/mediawiki/$(major_version)"; + "dlbasename" string => "mediawiki-$(major_version).$(minor_version)"; + "dlfile" string => "$(dlbasename).tar.gz"; + +classes: + "run_wget" expression => not (fileexists("$(sys.workdir)/data/agent/mediawiki/$(dlfile)")); + "run_tar" expression => not (fileexists("$(cfg[install_dir])/$(dlbasename)")); + +files: + "$(sys.workdir)/data/agent/mediawiki/." + create => "true", + handle => "mediawiki_workdir_created"; + +commands: + run_wget:: + "wget" + args => "$(dlsite)/$(dlfile) -q -O $(sys.workdir)/data/agent/mediawiki/$(dlfile)", + contain => wmde_cmd_useshell, + depends_on => {"mediawiki_workdir_created"}, + handle => "mediawiki_tar_downloaded"; + !run_wget:: + "/bin/true" + inform => "false", + handle => "mediawiki_tar_downloaded"; + run_tar:: + "tar" + args => "-xzf $(sys.workdir)/data/agent/mediawiki/$(dlfile) -C $(cfg[install_dir]) && chown -R $(apache.www_user):$(apache.www_group) $(cfg[install_dir])/$(dlbasename)", + contain => wmde_cmd_useshell, + depends_on => {"mediawiki_tar_downloaded"}, + handle => "mediawiki_untarred"; + !run_tar:: + "/bin/true" + inform => "false", + handle => "mediawiki_untarred"; + +reports: + "$(cfg[install_dir])/$(dlbasename)"; +} diff --git a/mysql.cf b/mysql.cf index 829247e..44ef509 100644 --- a/mysql.cf +++ b/mysql.cf @@ -5,7 +5,6 @@ bundle agent mysql(cfg_param) { vars: - "default_cfg" data => '{ "bind_address":"127.0.0.1", "user":"mysql", @@ -21,11 +20,9 @@ vars: "server_pkgs" slist => {"mysql80-server"}; "client_pkgs" slist => {"mysql80-client"}; "type" string => "mysql8"; - "server_pkgs" slist => {"mariadb106-server"}, if => strcmp("$(cfg[mariadb])","true"); "client_pkgs" slist => {"mariadb106-client"}, if => strcmp("$(cfg[mariadb])","true"); "type" string => "mariadb",if => strcmp("$(cfg[mariadb])","true"); - "service_name" string => "mysql-server"; "cfg_dir" string => "/usr/local/etc/mysql"; "cfg_file" string => "/usr/local/etc/mysql/my.cnf"; @@ -43,7 +40,6 @@ vars: "bin_dir" string => "/usr/bin"; "default_datadir" string => "/var/lib/mysql"; "mysqld_cmd" string => "/usr/sbin/mysqld"; - fedora|centos:: "user" string => "mysql"; "server_pkgs" slist => {"mariadb-server"}; @@ -57,35 +53,29 @@ vars: "bin_dir" string => "/usr/bin"; "default_datadir" string => "/var/lib/mysql"; "mysqld_cmd" string => "/usr/sbin/mysqld"; - any:: "mysql_cmd" string => "$(bin_dir)/mysql"; "mysqldump_cmd" string => "$(bin_dir)/mysqldump"; - files: freebsd:: "/etc/rc.conf.d/mysql" - create => "true", - content => "mysql_enable=YES"; - - + create => "true", + content => "mysql_enable=YES"; any:: - "$(cfg_dir)/." - create => "true", - perms => m("0755"), - handle => "mysql_cfg_dir_created"; - - - "$(cfg_file)" - #create => "true", - perms => m("644"), - copy_from => seed_cp("$(sys.workdir)/inputs/$(def.wmde_libdir)/templates/my.cnf.mustache"), -# edit_template => "$(sys.workdir)/inputs/$(def.wmde_libdir)/templates/my.cnf.mustache", -# template_method => "mustache", - handle => "mysql_cfg_created", - depends_on => {"mysql_cfg_dir_created"}, - classes => if_repaired("mysql_repaired"); + "$(cfg_dir)/." + create => "true", + perms => m("0755"), + handle => "mysql_cfg_dir_created"; + "$(cfg_file)" + #create => "true", + perms => m("644"), + copy_from => seed_cp("$(sys.workdir)/inputs/$(def.wmde_libdir)/templates/my.cnf.mustache"), +# edit_template => "$(sys.workdir)/inputs/$(def.wmde_libdir)/templates/my.cnf.mustache", +# template_method => "mustache", + handle => "mysql_cfg_created", + depends_on => {"mysql_cfg_dir_created"}, + classes => if_repaired("mysql_repaired"); services: @@ -96,8 +86,8 @@ services: mysql_repaired:: "$(service_name)" - service_policy => "restart", - depends_on => {"mysql_running","mysql_cfg_created"}; + service_policy => "restart", + depends_on => {"mysql_running","mysql_cfg_created"}; reports: } @@ -108,106 +98,92 @@ classes: "type_$(mysql.type)" ; vars: - "mysqld_idx" slist => getindices(@(cfg[settings][mysqld])); "settings[mysqld][$(mysqld_idx)]" string => "$(cfg[settings][mysqld][$(mysqld_idx)])"; - - - "datadir" string => ifelse(isvariable("cfg[settings][mysqld][datadir]"), - "$(cfg[settings][mysqld][datadir])", - "$(mysql.default_datadir)"); - + "datadir" string => ifelse( + isvariable("cfg[settings][mysqld][datadir]"), + "$(cfg[settings][mysqld][datadir])", + "$(mysql.default_datadir)" + ); type_mariadb:: - "install_db_exe" string => ifelse(fileexists("$(mysql.bin_dir)/mysql_install_db"), - "$(mysql.bin_dir)/mysql_install_db", - "$(mysql.bin_dir)/mariadb-install-db"); - + "install_db_exe" string => ifelse( + fileexists("$(mysql.bin_dir)/mysql_install_db"), + "$(mysql.bin_dir)/mysql_install_db", + "$(mysql.bin_dir)/mariadb-install-db" + ); "install_db_cmd" string => "if [ ! -d $(datadir)/mysql ]; then $(install_db_exe) --user=$(mysql.user)>/dev/null ; fi"; type_mysql8:: "install_db_cmd" string => "if [ ! -d $(datadir)/mysql ]; then $(mysql.mysqld_cmd) --initialize-insecure --user=$(mysql.user); fi"; - - - - "j" string => storejson(@(cfg)); + methods: "any" usebundle => mysql(@(cfg)); "any" usebundle => wmde_install_packages(@(mysql.server_pkgs),"mysql_server"); files: "$(mysql.cfg_file)" - copy_from => seed_cp("$(sys.workdir)/inputs/$(def.wmde_libdir)/templates/my.cnf.mustache"), - handle => "myslq_server_cfg_created", - depends_on => {"mysql_server_pkgs_installed"}; + copy_from => seed_cp("$(sys.workdir)/inputs/$(def.wmde_libdir)/templates/my.cnf.mustache"), + handle => "myslq_server_cfg_created", + depends_on => {"mysql_server_pkgs_installed"}; "$(mysql.cfg_file)" - create => "true", - perms => m("644"), - edit_line => set_variable_values_inix("$(this.bundle).settings","mysqld"), - depends_on => {"myslq_server_cfg_created"}, - handle => "myslq_server_cfg_edited", - classes => if_repaired("mysql_server_repaired"); - - - + create => "true", + perms => m("644"), + edit_line => set_variable_values_inix("$(this.bundle).settings","mysqld"), + depends_on => {"myslq_server_cfg_created"}, + handle => "myslq_server_cfg_edited", + classes => if_repaired("mysql_server_repaired"); commands: "$(install_db_cmd)" - handle=>"mysql_datadir_initialized", - contain => wmde_cmd_useshell, - inform => "false", - depends_on => {"myslq_server_cfg_edited"}; + handle=>"mysql_datadir_initialized", + contain => wmde_cmd_useshell, + inform => "false", + depends_on => {"myslq_server_cfg_edited"}; methods: "any" usebundle => wmde_service("$(mysql.service_name)","mysql_server_kept","mysql_server_repaired"), depends_on => {"mysql_datadir_initialized"}; reports: - } - - bundle edit_line set_variable_values_inix(tab, sectionName) { - vars: - "index" slist => getindices("$(tab)[$(sectionName)]"); +vars: + "index" slist => getindices("$(tab)[$(sectionName)]"); +# Be careful if the index string contains funny chars + "cindex[$(index)]" string => canonify("$(index)"); - # Be careful if the index string contains funny chars - "cindex[$(index)]" string => canonify("$(index)"); +classes: + "edit_$(cindex[$(index)])" not => strcmp("$($(tab)[$(sectionName)][$(index)])","dontchange"), + comment => "Create conditions to make changes"; - classes: - "edit_$(cindex[$(index)])" not => strcmp("$($(tab)[$(sectionName)][$(index)])","dontchange"), - comment => "Create conditions to make changes"; +field_edits: +# If the line is there, but commented out, first uncomment it +# "#+\s*$(index)\s*=.*" +# select_region => INI_section(escape("$(sectionName)")), +# edit_field => col("\s*=\s*","1","$(index)","set"), +# if => "edit_$(cindex[$(index)])"; +# match a line starting like the key something + "\s*$(index)\s*=.*" + edit_field => col("\s*=\s*","2","$($(tab)[$(sectionName)][$(index)])","set"), + select_region => INI_section(escape("$(sectionName)")), + classes => results("bundle", "set_variable_values_ini_not_$(cindex[$(index)])"), + if => "edit_$(cindex[$(index)])"; - field_edits: +delete_lines: + "!include.*"; - # If the line is there, but commented out, first uncomment it -# "#+\s*$(index)\s*=.*" -# select_region => INI_section(escape("$(sectionName)")), - # edit_field => col("\s*=\s*","1","$(index)","set"), - # if => "edit_$(cindex[$(index)])"; - - # match a line starting like the key something - "\s*$(index)\s*=.*" - edit_field => col("\s*=\s*","2","$($(tab)[$(sectionName)][$(index)])","set"), - select_region => INI_section(escape("$(sectionName)")), - classes => results("bundle", "set_variable_values_ini_not_$(cindex[$(index)])"), - if => "edit_$(cindex[$(index)])"; - - delete_lines: - "!include.*"; - - insert_lines: - "[$(sectionName)]" - location => start, - comment => "Insert lines"; - - "$(index)=$($(tab)[$(sectionName)][$(index)])" - select_region => INI_section(escape("$(sectionName)")), - if => "!(set_variable_values_ini_not_$(cindex[$(index)])_kept|set_variable_values_ini_not_$(cindex[$(index)])_repaired).edit_$(cindex[$(index)])"; +insert_lines: + "[$(sectionName)]" + location => start, + comment => "Insert lines"; + "$(index)=$($(tab)[$(sectionName)][$(index)])" + select_region => INI_section(escape("$(sectionName)")), + if => "!(set_variable_values_ini_not_$(cindex[$(index)])_kept|set_variable_values_ini_not_$(cindex[$(index)])_repaired).edit_$(cindex[$(index)])"; } bundle agent install_mysql_client @@ -225,23 +201,25 @@ body contain mysql_cmd bundle agent mysql_table_exists(dbdef,table_name) { vars: - "pass_arg" string => ifelse ( isvariable("dbdef[db_pass]"), - "-p$(dbdef[db_pass])","" - ); - "host_arg" string => ifelse ( isvariable("dbdef[db_host]"), - "-h$(dbdef[db_host])","" - ); - "user_arg" string => ifelse ( isvariable("dbdef[db_user]"), - "-u$(dbdef[db_user])","" - ); - + "pass_arg" string => ifelse ( + isvariable("dbdef[db_pass]"), + "-p$(dbdef[db_pass])", + "" + ); + "host_arg" string => ifelse ( + isvariable("dbdef[db_host]"), + "-h$(dbdef[db_host])", + "" + ); + "user_arg" string => ifelse ( + isvariable("dbdef[db_user]"), + "-u$(dbdef[db_user])", + "" + ); "xargs" string => "$(pass_arg) $(host_arg) $(user_arg)"; - - "classname" string => "mysql_$(dbdef[db_name])_$(table_name)_exists"; - "cmd" string => 'mysql $(xargs) -e "show tables LIKE \'$(table_name)\'" $(dbdef[db_name]) > /tmp/$(dbdef[db_name]).check && if grep -q \'$(table_name)\' /tmp/$(dbdef[db_name]).check ; then echo "+$(classname)"; else echo "-$(classname)"; fi'; - + commands: "$(cmd)" contain => mysql_cmd, @@ -253,7 +231,6 @@ reports: bundle agent mysql_backup_all(cfg) { - vars: "cmd" string => '$(mysql.mysql_cmd) -N -e \'show databases\' | while read dbname; do $(mysql.mysqldump_cmd) --default-character-set=utf8mb4 --complete-insert --routines --triggers --single-transaction --max_allowed_packet=512M "$dbname" > $(cfg[backup_dir])/"$dbname".sql; done'; @@ -262,7 +239,6 @@ reports: } - bundle agent mysql_backup_db(cfg,file) { classes: @@ -271,8 +247,6 @@ classes: vars: "table_exists_cmd" string => '$(mysql.mysql_cmd) -e "show tables LIKE \'$(table_name)\'" $(cdfg[db_name]) | grep -q $(table_name)'; "cmd" string => "$(mysql.mysqldump_cmd) --default-character-set=utf8mb4 --no-tablespaces --complete-insert --routines --triggers --single-transaction --max_allowed_packet=512M -h$(cfg[db_host]) -u$(cfg[db_user]) -p$(cfg[db_pass]) $(cfg[db_name]) >$(file)"; - - } # @@ -288,26 +262,22 @@ classes: "type_$(mysql.type)" ; "create_cron" expression => strcmp("$(run)","true"); vars: - "table_exists_cmd" string => '$(mysql.mysql_cmd) -h$(cfg[db_host]) -u$(cfg[db_user]) -p$(cfg[db_pass]) $(cfg[db_name]) -e "show tables LIKE \'$(table_name)\'" | grep -q $(table_name)'; - type_mariadb:: - "backup_cmd" string => "$(mysql.mysqldump_cmd) --default-character-set=utf8mb4 --complete-insert --routines --triggers --single-transaction --max_allowed_packet=512M -h$(cfg[db_host]) -u$(cfg[db_user]) -p$(cfg[db_pass]) $(cfg[db_name]) >$(file)"; - + "backup_cmd" string => "$(mysql.mysqldump_cmd) --default-character-set=utf8mb4 --complete-insert --routines --triggers --single-transaction --max_allowed_packet=512M -h$(cfg[db_host]) -u$(cfg[db_user]) -p$(cfg[db_pass]) $(cfg[db_name]) >$(file)"; type_mysql8:: - "backup_cmd" string => "$(mysql.mysqldump_cmd) --set-gtid-purged=OFF --no-tablespaces --complete-insert --routines --triggers --single-transaction --max_allowed_packet=512M -h$(cfg[db_host]) -u$(cfg[db_user]) -p$(cfg[db_pass]) $(cfg[db_name]) >$(file)"; - + "backup_cmd" string => "$(mysql.mysqldump_cmd) --set-gtid-purged=OFF --no-tablespaces --complete-insert --routines --triggers --single-transaction --max_allowed_packet=512M -h$(cfg[db_host]) -u$(cfg[db_user]) -p$(cfg[db_pass]) $(cfg[db_name]) >$(file)"; files: !create_cron:: "/etc/cron.d/dump-mysql-db-$(cfg[db_name])" - delete=>tidy; + delete => tidy; create_cron:: "/etc/cron.d/dump-mysql-db-$(cfg[db_name])" - perms => m("644"), - create => "true", - content => " + perms => m("644"), + create => "true", + content => " # # /etc/cron.d/roundcube # @@ -316,12 +286,8 @@ PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin 0 * * * * root $(table_exists_cmd) && $(backup_cmd) "; - - } - - # # Create cronjob # @param cfg definition for database, db_user, db_host, db_pass, db_name @@ -334,8 +300,11 @@ classes: "type_$(mysql.type)" ; "create_cron" expression => strcmp("$(run)","true"); vars: - "cron" string => ifelse(isvariable("cfg[db_cron]"), - "$(cfg[db_cron])","0 1 * * * "); + "cron" string => ifelse( + isvariable("cfg[db_cron]"), + "$(cfg[db_cron])", + "0 1 * * * " + ); "table_exists_cmd" string => '$(mysql.mysql_cmd) -h$(cfg[db_host]) -u$(cfg[db_user]) -p$(cfg[db_pass]) $(cfg[db_name]) -e "show tables LIKE \'$(cfg[db_check_table])\'" | grep -q $(cfg[db_check_table])'; @@ -353,9 +322,9 @@ files: create_cron:: "/etc/cron.d/mysqldump-$(cfg[db_name])" - perms => m("644"), - create => "true", - content => " + perms => m("644"), + create => "true", + content => " # # /etc/cron.d/mysqldump-$(cfg[db_name]) # @@ -364,40 +333,25 @@ PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin $(cron) root $(table_exists_cmd) && $(backup_cmd) "; - - } - - - - - - - - bundle agent create_mysql_db(cfg) { classes: - "type_$(mysql.type)" ; # "do_restore" expression => isvariable("cfg[restore]"); "do_restore" expression => strcmp("$(cfg[db_restore])","true"); "do_backup" expression => strcmp("$(cfg[db_backup])","true"); vars: - "db_name" string => "$(cfg[db_name])"; - "db_user" string => "$(cfg[db_user])"; - "host" string => "$(cfg[db_user_host])"; - "db_pass" string => "$(cfg[db_pass])"; - - + "db_name" string => "$(cfg[db_name])"; + "db_user" string => "$(cfg[db_user])"; + "host" string => "$(cfg[db_user_host])"; + "db_pass" string => "$(cfg[db_pass])"; "args" string => "pnunf"; - type_mariadb:: - "args" string => "-e \"CREATE DATABASE IF NOT EXISTS $(db_name); GRANT ALL PRIVILEGES ON $(db_name).* TO '$(db_user)'@'$(host)' IDENTIFIED BY '$(db_pass)'; \" "; - + "args" string => "-e \"CREATE DATABASE IF NOT EXISTS $(db_name); GRANT ALL PRIVILEGES ON $(db_name).* TO '$(db_user)'@'$(host)' IDENTIFIED BY '$(db_pass)'; \" "; type_mysql8:: - "args" string => "-e \"CREATE DATABASE IF NOT EXISTS $(db_name); CREATE USER IF NOT EXISTS '$(db_user)'@'$(host)'; ALTER USER '$(db_user)'@'$(host)' IDENTIFIED BY '$(db_pass)'; GRANT RELOAD ON *.* to '$(db_user)'@'$(host)'; GRANT ALL PRIVILEGES ON $(db_name).* TO '$(db_user)'@'$(host)';\" "; + "args" string => "-e \"CREATE DATABASE IF NOT EXISTS $(db_name); CREATE USER IF NOT EXISTS '$(db_user)'@'$(host)'; ALTER USER '$(db_user)'@'$(host)' IDENTIFIED BY '$(db_pass)'; GRANT RELOAD ON *.* to '$(db_user)'@'$(host)'; GRANT ALL PRIVILEGES ON $(db_name).* TO '$(db_user)'@'$(host)';\" "; methods: do_restore:: @@ -408,19 +362,15 @@ methods: !do_backup:: "any" usebundle => create_mysqldump_cron(@(cfg),"$(mysql.cfg[backup_dir])/$(cfg[db_name])-dmp.sql","false"); - commands: - - "$(mysql.mysql_cmd)" - args => "$(args)", - handle => "mysql_$(cfg[db_name])_created", - inform => "false"; + "$(mysql.mysql_cmd)" + args => "$(args)", + handle => "mysql_$(cfg[db_name])_created", + inform => "false"; reports: } - - bundle agent restore_mysql_db(cfg,file) { commands: @@ -429,7 +379,6 @@ commands: contain => wmde_cmd_useshell; } - bundle agent restore_mysql_db_conditional(cfg,file) { classes: @@ -439,7 +388,6 @@ vars: methods: "any" usebundle => mysql_table_exists(@(cfg),"$(cfg[db_check_table])"), handle=>"$(table_exists)_checked"; - "!$(table_exists)&backup_exists":: "any" usebundle => restore_mysql_db(@(cfg),"$(file)"), depends_on=>{"$(table_exists)_checked"}; @@ -448,6 +396,4 @@ reports: # "DB DOES NOT EXISTS"; #"$(table_exists)&backup_exists":: # "DB DOES EXISTS"; - } - diff --git a/nano.cf b/nano.cf new file mode 100644 index 0000000..7522b6c --- /dev/null +++ b/nano.cf @@ -0,0 +1,51 @@ +# +# Installs nano +# + +bundle agent install_nano +{ +vars: + freebsd:: + "nanorc" string => "/usr/local/etc/nanorc"; + "nano_conf_d" string => "/usr/local/share/nano"; + "pkg" string => "nano"; + debian:: + "nanorc" string => "/etc/nanorc"; + "nano_conf_d" string => "/usr/share/nano"; + "pkg" string => "nano"; + centos|fedora:: + "nanorc" string => "/etc/nanorc"; + "nano_conf_d" string => "/usr/share/nano"; + "pkg" string => "nano"; + +packages: + freebsd:: + "$(pkg)" + policy => "present", + package_module => pkg; + debian:: + "$(pkg)" + policy => "present", + package_module => apt_get; + fedora|centos:: + "$(pkg)" + policy => "present", + package_module => yum; + +files: + "$(nanorc)" + create => "true", + edit_template => "$(sys.workdir)/inputs/$(def.wmde_libdir)/templates/nanorc.mustache", + template_method => "mustache", + template_data => parsejson(' +{ + "nano_conf_d": "$(nano_conf_d)" +} +'); + +reports: + + +} + + diff --git a/nginx.cf b/nginx.cf index 2b9b65b..4e142f7 100644 --- a/nginx.cf +++ b/nginx.cf @@ -5,7 +5,7 @@ bundle agent nginx vars: "pkgs" slist => { "nginx", - }; + }; centos:: "www_dir" string => "/usr/share/nginx",unless => isvariable( $(this.promiser) ) ; "www_user" string => "nginx"; @@ -26,19 +26,15 @@ freebsd:: "restart_cmd" string => "/usr/sbin/service $(service_name) restart"; any:: "service_deps" slist => { - "nginx_pkgs_installed", - "nginx_www_dir_created", + "nginx_pkgs_installed", + "nginx_www_dir_created", }; - - any:: "default_html_dir" string => "$(www_dir)/html"; - + } - - bundle agent install_nginx { methods: @@ -46,16 +42,16 @@ methods: files: "$(nginx.www_dir)/." - create=>"true", - perms => m("755"), - depends_on => { "nginx_pkgs_installed" }, - handle => "nginx_www_dir_created"; + create=>"true", + perms => m("755"), + depends_on => { "nginx_pkgs_installed" }, + handle => "nginx_www_dir_created"; "$(nginx.default_html_dir)/." - create=>"true", - perms => uperm("$(nginx.www_user)","$(nginx.www_group)","755"), - depends_on => {"nginx_www_dir_created"}, - handle=>"nginx_default_html_dir_created"; + create=>"true", + perms => uperm("$(nginx.www_user)","$(nginx.www_group)","755"), + depends_on => {"nginx_www_dir_created"}, + handle=>"nginx_default_html_dir_created"; files: @@ -64,7 +60,6 @@ files: handle => "nginx_work_dir_created"; methods: - "any" usebundle => wmde_enable_service("nginx"); "any" usebundle => wmde_service("$(nginx.service_name)","nginx_kept","nginx_repaired"), depends_on => @(nginx.service_deps) ; @@ -73,31 +68,23 @@ methods: commands: "/bin/sh" - args => "$(sys.workdir)/inputs/$(def.wmde_libdir)/scripts/del-files-not-in-list.sh $(nginx.vhost_cfg_dir) $(sys.workdir)/data/agent/nginx/domains.txt && echo dummy.conf > $(sys.workdir)/data/agent/nginx/domains.txt", - inform => "false", - handle => "nginx_vhost_dir_cleaned", -# depends_on => {"nginx_dummy_conf_created"}, - contain => wmde_cmd_useshell; - - - + args => "$(sys.workdir)/inputs/$(def.wmde_libdir)/scripts/del-files-not-in-list.sh $(nginx.vhost_cfg_dir) $(sys.workdir)/data/agent/nginx/domains.txt && echo dummy.conf > $(sys.workdir)/data/agent/nginx/domains.txt", + inform => "false", + handle => "nginx_vhost_dir_cleaned", +# depends_on => {"nginx_dummy_conf_created"}, + contain => wmde_cmd_useshell; } - -bundle agent nginx_vhost -(site_param) +bundle agent nginx_vhost(site_param) { - - classes: "delete" expression => $(site[disable]); "use_ssl" expression => $(site[ssl]); "use_certbot" expression => strcmp("certbot","$(site[ssl_cert])"); + "use_lego" expression => strcmp("lego","$(site[ssl_cert])"); "do_logrotate" expression => $(site[logrotate]); vars: - # "email":$(nginx.admin_email), - "site_defaults" data => ' { "aliases":[], @@ -107,34 +94,39 @@ vars: "logging80":true, "logging443":true, "logrotate":false, + "listen":"*:80", + "sslraw":"" } '; - "site" data => mergedata(site_defaults,site_param); - - "cert_file" string => "$(certbot.certbot_dir)/live/$(site[domain])"; - "template_file" - string => - "$(sys.workdir)/inputs/$(def.wmde_libdir)/templates/nginx-vhost.conf.mustache"; + "template_file" string => "$(sys.workdir)/inputs/$(def.wmde_libdir)/templates/nginx-vhost.conf.mustache"; "domain_file" string => "$(nginx.vhost_cfg_dir)/$(site[domain]).conf"; "domain_dir" string => "$(nginx.www_dir)/$(site[domain])"; - "ssl_cert" string => ifelse( use_certbot, - "$(certbot.certbot_dir)/live/$(site[domain])/fullchain.pem", + "ssl_cert" string => ifelse( use_certbot, + "$(certbot.certbot_dir)/live/$(site[domain])/fullchain.pem", "$(site[ssl_cert])"); - "ssl_key" string => ifelse( use_certbot, - "$(certbot.certbot_dir)/live/$(site[domain])/privkey.pem", + "ssl_key" string => ifelse( use_certbot, + "$(certbot.certbot_dir)/live/$(site[domain])/privkey.pem", "$(site[ssl_key])"); - use_ssl&(use_certbot):: + use_lego:: + "ssl_cert" string => "$(lego.data_dir)/certificates/$(site[domain]).crt"; + "ssl_key" string => "$(lego.data_dir)/certificates/$(site[domain]).key"; + + + + use_ssl&(use_certbot|use_lego):: "vhostdeps" slist => { "nginx_ssl_created$(site[domain])", "nginx_vhost_dir_cleaned" }; - (!use_ssl)|(!use_certbot):: + + + (!use_ssl)|(!use_certbot)|(!use_lego):: "vhostdeps" slist => { "nginx_vhost_dir_cleaned" }; @@ -142,18 +134,18 @@ vars: delete:: "$(domain_file)" - delete => tidy, - classes => if_repaired(nginx_restart); - + delete => tidy, + classes => if_repaired(nginx_restart); + !delete:: "$(domain_file)" - perms => uperm("$(nginx.www_user)","$(nginx.www_group)","644"), - create => "true", - edit_template => "$(template_file)", - template_method => "mustache", - handle => "vhost_cfg_done$(site[domain])", - depends_on => @(vhostdeps), - classes => if_repaired("nginx_vhost_restart"); + perms => uperm("$(nginx.www_user)","$(nginx.www_group)","644"), + create => "true", + edit_template => "$(template_file)", + template_method => "mustache", + handle => "vhost_cfg_done$(site[domain])", + depends_on => @(vhostdeps), + classes => results("bundle","domain_config"); "$(domain_dir)/." create => "true", @@ -164,19 +156,30 @@ methods: "any" usebundle => certbot_cert(@(site),"$(nginx.default_html_dir)"), #,"$(site[domain])"), handle => "nginx_ssl_created$(site[domain])"; - "nginx_vhost_restart":: - "any" usebundle => wmde_restart_service("$(nginx.service_name)","$(site[domain])"), - depends_on => { - "vhost_cfg_done$(site[domain])", - "nginx_ssl_created$(site[domain])" }; - + "any" usebundle => nginx_restart_service("$(nginx.service_name)","$(site[domain])"), + if => "domain_config_repaired", + depends_on => { + "vhost_cfg_done$(site[domain])", + "nginx_ssl_created$(site[domain])" + }; - (!use_ssl)|(!use_certbot):: - "nginx_vhost_restart":: - "any" usebundle => wmde_restart_service("$(nginx.service_name)","$(site[domain])"), - depends_on => {"vhost_cfg_done$(site[domain])" }; + use_ssl&use_lego:: + "any" usebundle => lego_dns_cert(@(site)), #,"$(site[domain])"), + handle => "nginx_ssl_created$(site[domain])"; -# "any" usebundle => install_logrot; + "any" usebundle => nginx_restart_service("$(nginx.service_name)","$(site[domain])"), + if => "domain_config_repaired", + depends_on => { + "vhost_cfg_done$(site[domain])", + "nginx_ssl_created$(site[domain])" + }; + + + + ((!use_ssl)|(!use_certbot)):: + "any" usebundle => nginx_restart_service("$(nginx.service_name)","$(site[domain])"), + if => "domain_config_repaired", + depends_on => {"vhost_cfg_done$(site[domain])" }; files: # do_logrotate:: @@ -187,17 +190,16 @@ files: # template_method => "mustache"; commands: - - "echo" - args => "$(site[domain]).conf >> $(sys.workdir)/data/agent/nginx/domains.txt", - inform => "false", - depends_on => {"vhost_cfg_done$(site[domain])"}, - contain => wmde_cmd_useshell; + args => "$(site[domain]).conf >> $(sys.workdir)/data/agent/nginx/domains.txt", + inform => "false", + depends_on => {"vhost_cfg_done$(site[domain])"}, + contain => wmde_cmd_useshell; reports: + # "SITE: $(site[domain]): $(site[logrotate])"; # "SF: @(site)"; # "DF $(domain_file)"; @@ -211,23 +213,37 @@ reports: # "LOGOROOTATE FOR $(site[domain]): FALSE"; # do_logrotate:: # "LOGOROOTATE FOR $(site[domain]): TRUE"; - - } +bundle agent nginx_restart_service(service_name,domain) +{ +classes: + "nginx_must_restart" scope=> "namespace"; +commands: + "/usr/sbin/nginx -t" handle => "nginx_syntax_ok_$(domain)"; + +methods: + !nginx_do_not_restart:: + "any" usebundle => wmde_restart_service($(service_name),$(domain)), + depends_on => {"nginx_syntax_ok_$(domain)"}; + +reports: +# "RESTART NGINX" depends_on => {"nginx_syntax_ok_$(domain)"}; +# nginx_do_not_restart:: +# "RESTART IS DISABLED"; + +} + + bundle agent nginx_vhosts(sites) { vars: "idx" slist => getindices(@(sites)); methods: - "any" usebundle => nginx_vhost(@(sites[$(idx)])); + "$(idx)" usebundle => nginx_vhost(@(sites[$(idx)])); reports: - } - - - diff --git a/php.cf b/php.cf index 7c3b6f4..97f0e44 100644 --- a/php.cf +++ b/php.cf @@ -11,9 +11,7 @@ vars: "version" string => "$(php.version)"; centos:: "version" string => ""; - - freebsd:: freebsd:: "pkgs" slist => { diff --git a/postfix.cf b/postfix.cf index 226b6fe..53d3195 100644 --- a/postfix.cf +++ b/postfix.cf @@ -145,7 +145,7 @@ files: perms => m("644"), classes => if_repaired(postfix_repaired), # content => "$(master_cf_content)"; - content => regex_replace("$(master_cf_content)", "\\\\dollar", "$", "g"); + content => regex_replace("$(master_cf_content)", "\\\\dollar", "$$", "g"); # "$(postfix.master_cf)" # create => "true", diff --git a/python.cf b/python.cf new file mode 100644 index 0000000..d2c147a --- /dev/null +++ b/python.cf @@ -0,0 +1,62 @@ +# + +bundle agent python39 +{ +vars: + debian:: + "exe" string => "/usr/local/bin/python3.9"; + + centos:: + "pkgs" slist => {"python3.9"}; + "exe" string => "/usr/bin/python3.9"; + +} + + +bundle agent install_python39 +{ +methods: +# "any" usebundle => wmde_install_packages($(python39.pkgs),"python39"); +} + + +bundle agent pip3 +{ +vars: + debian:: + "pkgs" slist => { +# "python3-pip", +# "python3-venv" + }; + "exe" string => "/usr/local/bin/pip3.9"; + + freebsd:: + "pkgs" slist => { + "py39-pip" + }; + "exe" string => "/usr/local/bin/pip3"; + +} + +bundle agent install_pip3 +{ +methods: + "any" usebundle => wmde_install_packages(@(pip3.pkgs),"pip3"), + handle=>"pip3_installed"; + +} + +bundle agent python_venv(name,user) +{ +classes: + "venv_exists" expression => fileexists("$(name)"); +methods: + "any" usebundle => install_pip3; + +commands: + !venv_exists:: + "su $(user) -c '$(python39.exe) -m venv $(name)'" + contain => wmde_cmd_useshell, + depends_on => {"pip3_installed"}; + +} diff --git a/roundcube.cf b/roundcube.cf index 579dfee..9aa985f 100644 --- a/roundcube.cf +++ b/roundcube.cf @@ -14,7 +14,7 @@ classes: "roundcube_untar" expression => not(fileexists("$(install_sub_dir)/index.php")); "config_exists" expression => fileexists("$(install_sub_dir)/config/config.inc.php"); "backup_config_exists" expression => fileexists("$(cfg[backup_dir])/config.inc.php"); - + "run_backups" expression => isvariable("cfg[backup_dir]"); @@ -59,9 +59,9 @@ methods: # classes => if_repaired ("roundcube_untar"); - # "$(dlfile)" - # copy_from => remote_dcp("$(def.hub_public_dir)/$(cfg[src_tgz])","$(sys.policy_hub)"), - # perms => m(644); +# "$(dlfile)" +# copy_from => remote_dcp("$(def.hub_public_dir)/$(cfg[src_tgz])","$(sys.policy_hub)"), +# perms => m(644); files: "$(cfg[install_dir])/public" @@ -151,17 +151,17 @@ methods: bundle edit_line roundcube_values(tab, sectionName) { - vars: - "index" slist => getindices("$(tab)[$(sectionName)]"); + vars: + "index" slist => getindices("$(tab)[$(sectionName)]"); - # Be careful if the index string contains funny chars - "cindex[$(index)]" string => canonify("$(index)"); + # Be careful if the index string contains funny chars + "cindex[$(index)]" string => canonify("$(index)"); - classes: - "edit_$(cindex[$(index)])" not => strcmp("$($(tab)[$(sectionName)][$(index)])","dontchange"), - comment => "Create conditions to make changes"; + classes: + "edit_$(cindex[$(index)])" not => strcmp("$($(tab)[$(sectionName)][$(index)])","dontchange"), + comment => "Create conditions to make changes"; - field_edits: + field_edits: # If the line is there, but commented out, first uncomment it # "#+\s*$(index)\s*=.*" @@ -170,23 +170,23 @@ bundle edit_line roundcube_values(tab, sectionName) # if => "edit_$(cindex[$(index)])"; # match a line starting like the key something - "\s*$(index)\s*=.*" - edit_field => col("\s*=\s*","2","$($(tab)[$(sectionName)][$(index)])","set"), - select_region => INI_section(escape("$(sectionName)")), - classes => results("bundle", "set_variable_values_ini_not_$(cindex[$(index)])"), - if => "edit_$(cindex[$(index)])"; + "\s*$(index)\s*=.*" + edit_field => col("\s*=\s*","2","$($(tab)[$(sectionName)][$(index)])","set"), + select_region => INI_section(escape("$(sectionName)")), + classes => results("bundle", "set_variable_values_ini_not_$(cindex[$(index)])"), + if => "edit_$(cindex[$(index)])"; delete_lines: "!include.*"; - insert_lines: - "[$(sectionName)]" - location => start, - comment => "Insert lines"; + insert_lines: + "[$(sectionName)]" + location => start, + comment => "Insert lines"; - "$(index)=$($(tab)[$(sectionName)][$(index)])" - select_region => INI_section(escape("$(sectionName)")), - if => "!(set_variable_values_ini_not_$(cindex[$(index)])_kept|set_variable_values_ini_not_$(cindex[$(index)])_repaired).edit_$(cindex[$(index)])"; + "$(index)=$($(tab)[$(sectionName)][$(index)])" + select_region => INI_section(escape("$(sectionName)")), + if => "!(set_variable_values_ini_not_$(cindex[$(index)])_kept|set_variable_values_ini_not_$(cindex[$(index)])_repaired).edit_$(cindex[$(index)])"; } @@ -194,10 +194,10 @@ bundle edit_line roundcube_values(tab, sectionName) bundle edit_line rc_line_based(v) { vars: - "i" slist => getindices("$(v)"); + "i" slist => getindices("$(v)"); - # Escape the value (had a problem with special characters and regex's) - "ev[$(i)]" string => escape("$($(v)[$(i)])"); + # Escape the value (had a problem with special characters and regex's) + "ev[$(i)]" string => escape("$($(v)[$(i)])"); vars: "exx" string => "^\s*\$config\s*\['$(i)'\s*]\s*=\s*(?!33).*$"; @@ -207,33 +207,33 @@ vars: replace_patterns: # "^\s*\$config\s*\['$(i)'\s*]\s*=\s*(?!$($(v)[$(i)]);$).*" "^\s*\$config\s*\['$(i)'\s*]\s*=\s*(?!$(ev[$(i)]);$).*" - comment => "Correct the value '$(i)'", - #replace_with => value("$config['$(i)']=$($(v)[$(i)])"), - replace_with => value("$config['$(i)']=$($(v)[$(i)]);"), - classes => results("bundle", "replace_attempted_$(i)"); + comment => "Correct the value '$(i)'", + #replace_with => value("$config['$(i)']=$($(v)[$(i)])"), + replace_with => value("$config['$(i)']=$($(v)[$(i)]);"), + classes => results("bundle", "replace_attempted_$(i)"); reports: - "THE V: $(thev)"; +# "THE V: $(thev)"; - insert_lines: - # If the line doesn't exist, or there is more than one occurrence - # of the LHS commented out, insert a new line and try to place it - # after the commented LHS (keep new line with old comments) - # "$(i)$(sep)$($(v)[$(i)])" - # comment => "Insert the value, marker '$(i)' exists", - # location => after("^$(cp)($(i)$(bp).*|$(i))$"), - # if => "replace_attempted_$(ci[$(i)])_reached.multiple_comments_$(ci[$(i)])"; + insert_lines: + # If the line doesn't exist, or there is more than one occurrence + # of the LHS commented out, insert a new line and try to place it + # after the commented LHS (keep new line with old comments) + # "$(i)$(sep)$($(v)[$(i)])" + # comment => "Insert the value, marker '$(i)' exists", + # location => after("^$(cp)($(i)$(bp).*|$(i))$"), + # if => "replace_attempted_$(ci[$(i)])_reached.multiple_comments_$(ci[$(i)])"; - # If the line doesn't exist and there are no occurrences - # of the LHS commented out, insert a new line at the eof -# "$(i)$(sep)$($(v)[$(i)])" - # comment => "Insert the value, marker '$(i)' doesn't exist", - # if => "replace_attempted_$(ci[$(i)])_reached.!multiple_comments_$(ci[$(i)]).!exists_$(ci[$(i)])"; + # If the line doesn't exist and there are no occurrences + # of the LHS commented out, insert a new line at the eof + # "$(i)$(sep)$($(v)[$(i)])" + # comment => "Insert the value, marker '$(i)' doesn't exist", + # if => "replace_attempted_$(ci[$(i)])_reached.!multiple_comments_$(ci[$(i)]).!exists_$(ci[$(i)])"; - reports: - verbose_mode|EXTRA:: - "$(this.bundle): Line for '$(i)' exists" if => "exists_$(ci[$(i)])"; - "$(this.bundle): Line for '$(i)' does not exist" if => "!exists_$(ci[$(i)])"; +reports: + verbose_mode|EXTRA:: + "$(this.bundle): Line for '$(i)' exists" if => "exists_$(ci[$(i)])"; + "$(this.bundle): Line for '$(i)' does not exist" if => "!exists_$(ci[$(i)])"; } @@ -356,10 +356,10 @@ files: depends_on => {"roundcube_password_recover_config_created"}; reports: - run_git:: - "Run git"; - !run_git:: - "Dont run git"; +# run_git:: +# "Run git"; +# !run_git:: +# "Dont run git"; } diff --git a/scripts/install-php-repo.sh b/scripts/install-apt-repo.sh similarity index 100% rename from scripts/install-php-repo.sh rename to scripts/install-apt-repo.sh diff --git a/scripts/lxc-hooks.sh b/scripts/lxc-hooks.sh new file mode 100644 index 0000000..7c9e543 --- /dev/null +++ b/scripts/lxc-hooks.sh @@ -0,0 +1,2 @@ +#!/usr/bin/env bash +printf "Tut nix im Moment" diff --git a/scripts/postgres-create-db.sh b/scripts/postgres-create-db.sh new file mode 100644 index 0000000..a4f1fda --- /dev/null +++ b/scripts/postgres-create-db.sh @@ -0,0 +1,2 @@ +echo "SELECT 'CREATE DATABASE ${2}' WHERE NOT EXISTS (SELECT FROM pg_database WHERE datname = '${2}')\gexec" | ${1} + diff --git a/templates/config.inc.php b/templates/config.inc.php new file mode 100644 index 0000000..05d69f3 --- /dev/null +++ b/templates/config.inc.php @@ -0,0 +1,71 @@ + name_in_db] +// When using the postfix database 'mailbox' table, you must add two columns to this table: 'question' and 'answer' +// If the plugin does not find the columns it needs in the database, they will be created automatically +$config['pr_fields'] = [ 'altemail' => 'alt_email' ]; +# 'phone' => 'phone', 'question' => 'question', 'answer' => 'answer', + +// Admin email (this account will receive alerts when an user does not have an alternative email and phone) +$config['pr_admin_email'] = 'postmaster@your.domain.com'; + +// Address to be indicated as reply-to in mail notifications +$config['pr_replyto_email'] = 'postmaster@your.domain.com'; + +// Use secret question/answer to confirmation password recovery +$config['pr_use_question'] = false; + +// Use message with code to confirmation password recovery +$config['pr_use_confirm_code'] = true; + +// Confirmation code length +$config['pr_confirm_code_length'] = 6; + +// Maximum number of attempts to send confirmation code +$config['pr_confirm_code_count_max'] = 3; + +// Confirmation code duration (in minutes) +$config['pr_confirm_code_validity_time'] = 30; + +// Use the Password plugin to save a new password +$config['pr_use_password_plugin'] = true; + +// Minimum length of new password +// !!! Note: needed if not used Password plugin) +$config['pr_password_minimum_length'] = 8; + +// Require the new password to have at least the specified strength score. +// Password strength is scored from 1 (weak) to 5 (strong). +// !!! Note: needed if not used Password plugin) +$config['pr_password_minimum_score'] = 1; + + +// SMTP settings +// $config['pr_default_smtp_server'] = 'tls://your.domain.com'; +// $config['pr_default_smtp_user'] = 'no-reply@your.domain.com'; +// $config['pr_default_smtp_pass'] = 'YOUR_SMTP_USER_PASSWORD'; +$config['pr_default_smtp_server'] = 'localhost:25'; +$config['pr_default_smtp_user'] = ''; +$config['pr_default_smtp_pass'] = ''; + + +// Full path to SMS send function +// This function must accept 2 parameters: phone number and message, +// and return true on success or false on failure +// +// Example of send SMS function using Clickatell HTTP API - see /lib/send.php +// +$config['pr_sms_send_function'] = dirname(__FILE__) . '/bin/sendsms.sh'; + + +// Enables logging of password changes into /logs/password.log +$config['pr_password_log'] = true; + +// Set to TRUE if you need write debug messages into /log/console.log +$config['pr_debug'] = false; + +?> diff --git a/templates/dovecot-local.conf.mustache b/templates/dovecot-local.conf.mustache new file mode 100644 index 0000000..26313a1 --- /dev/null +++ b/templates/dovecot-local.conf.mustache @@ -0,0 +1,2 @@ + +protocols = diff --git a/templates/lxc_host/debian.lxc-net.mustache b/templates/lxc_host/debian.lxc-net.mustache new file mode 100644 index 0000000..09f40e1 --- /dev/null +++ b/templates/lxc_host/debian.lxc-net.mustache @@ -0,0 +1,30 @@ +# Leave USE_LXC_BRIDGE as "true" if you want to use lxcbr0 for your +# containers. Set to "false" if you'll use virbr0 or another existing +# bridge, or mavlan to your host's NIC. +USE_LXC_BRIDGE="true" + +# If you change the LXC_BRIDGE to something other than lxcbr0, then +# you will also need to update your /etc/lxc/default.conf as well as the +# configuration (/var/lib/lxc//config) for any containers +# already created using the default config to reflect the new bridge +# name. +# If you have the dnsmasq daemon installed, you'll also have to update +# /etc/dnsmasq.d/lxc and restart the system wide dnsmasq daemon. +LXC_BRIDGE="{{ bridge }}" +LXC_ADDR="{{ addr }}" +LXC_NETMASK="{{ netmask }}" +LXC_NETWORK="{{ network }}" +LXC_DHCP_RANGE="{{ dhcp_range }}" +LXC_DHCP_MAX="{{ dhcp_max }}" +# Uncomment the next line if you'd like to use a conf-file for the lxcbr0 +# dnsmasq. For instance, you can use 'dhcp-host=mail1,10.0.3.100' to have +# container 'mail1' always get ip address 10.0.3.100. +LXC_DHCP_CONFILE=/etc/lxc/dnsmasq.conf + +# Uncomment the next line if you want lxcbr0's dnsmasq to resolve the .lxc +# domain. You can then add "server=/lxc/10.0.3.1' (or your actual $LXC_ADDR) +# to your system dnsmasq configuration file (normally /etc/dnsmasq.conf, +# or /etc/NetworkManager/dnsmasq.d/lxc.conf on systems that use NetworkManager). +# Once these changes are made, restart the lxc-net and network-manager services. +# 'container1.lxc' will then resolve on your host. +LXC_DOMAIN="lxc" diff --git a/templates/lxc_host/default.conf.mustache b/templates/lxc_host/default.conf.mustache new file mode 100644 index 0000000..ab81b5b --- /dev/null +++ b/templates/lxc_host/default.conf.mustache @@ -0,0 +1,15 @@ +lxc.net.0.type = veth +lxc.net.0.link = {{ bridge }} +lxc.net.0.flags = up +{{! 'thirdoctet' string => format( "%02x", nth( splitstring( $(cfg[addr]), '\.', 4 ), 2 ) ); }} +lxc.net.0.hwaddr = 00:16:3e:{{ thirdoctet }}:xx:xx + +lxc.net.0.script.up = /usr/local/bin/lxc-hooks +lxc.net.0.script.down = /usr/local/bin/lxc-hooks + +#lxc.apparmor.profile=unconfined +lxc.apparmor.profile = generated +lxc.apparmor.allow_nesting = 1 + +lxc.hook.version = 1 +lxc.hook.pre-start = /usr/local/bin/lxc-hooks diff --git a/templates/lxc_host/dnsmasq.conf b/templates/lxc_host/dnsmasq.conf new file mode 100644 index 0000000..b0d47bc --- /dev/null +++ b/templates/lxc_host/dnsmasq.conf @@ -0,0 +1 @@ +dhcp-hostsdir=/etc/lxc/hosts.d diff --git a/templates/nanorc.mustache b/templates/nanorc.mustache new file mode 100644 index 0000000..d0c46b8 --- /dev/null +++ b/templates/nanorc.mustache @@ -0,0 +1,328 @@ +set tabsize 4 + +## Sample initialization file for GNU nano. +## +## For the options that take parameters, the default value is shown. +## Other options are unset by default. To make sure that an option +## is disabled, you can use "unset