WMDE
/
wmdeit-cf-wmdelib
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

added cron, lego, lxc-host, mediawiki, nano, python, lxc-hooks.sh, postgres-create-db.sh, and multiple templates, renamed install-php-repo.sh to install-apt-repo.sh

This commit is contained in:
Tobias Herre 2025-04-15 13:05:07 +02:00
parent 4e9b3bebc5
commit a759ac2bc5
31 changed files with 1565 additions and 348 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

BIN
.swp Normal file
View File

Binary file not shown.

15
certbot.cf
View File

@ -15,7 +15,7 @@ vars:
debian:: debian::
"certbot_dir" string => "/etc/letsencrypt"; "certbot_dir" string => "/etc/letsencrypt";
"exe" string => "/usr/bin/certbot"; "exe" string => "/usr/bin/certbot";
"pkgs" slist => {"certbot"}; "pkgs" slist => {"certbot","cron"};
centos:: centos::
"certbot_dir" string => "/etc/letsencrypt"; "certbot_dir" string => "/etc/letsencrypt";
"exe" string => "/usr/bin/certbot"; "exe" string => "/usr/bin/certbot";
@ -25,23 +25,20 @@ vars:
"exe" string => "/usr/bin/certbot"; "exe" string => "/usr/bin/certbot";
"pkgs" slist => {"certbot"}; "pkgs" slist => {"certbot"};
defaults: defaults:
"wr" string => "standalone"; "wr" string => "standalone";
"rn" string => ""; "rn" string => "";
reports: reports:
} }
bundle agent install_certbot bundle agent install_certbot
{ {
methods: methods:
"any" usebundle => wmde_install_packages( @(certbot.pkgs),"certbot"), "any" usebundle => wmde_install_packages( @(certbot.pkgs),"certbot"),
handle => "certbot_installed"; handle => "certbot_installed";
files: files:
freebsd:: freebsd|debian::
"/etc/cron.d/certbot" "/etc/cron.d/certbot"
create => "true", create => "true",
copy_from => local_dcp("$(sys.workdir)/inputs/$(def.wmde_libdir)/templates/certbot-cron.mustache"); copy_from => local_dcp("$(sys.workdir)/inputs/$(def.wmde_libdir)/templates/certbot-cron.mustache");
@ -59,10 +56,7 @@ files:
bundle agent certbot_cert(site,webroot) bundle agent certbot_cert(site,webroot)
{ {
vars: vars:
"domain" string => "$(site[domain])"; "domain" string => "$(site[domain])";
"keytype" string => "rsa"; "keytype" string => "rsa";
@ -71,7 +65,6 @@ vars:
"domains" slist => sort(mergedata(@(ds),getvalues(@(site[aliases])))); "domains" slist => sort(mergedata(@(ds),getvalues(@(site[aliases]))));
"domains_txt" string => string_mustache("{{#-top-}}{{.}} {{/-top-}}",@(domains)); "domains_txt" string => string_mustache("{{#-top-}}{{.}} {{/-top-}}",@(domains));
"site_json" string => storejson(@(site)); "site_json" string => storejson(@(site));
"args" string => string_mustache( "args" string => string_mustache(
"--key-type $(keytype) --cert-name {{domain}} -d {{domain}} {{#aliases}} -d {{.}} {{/aliases}}", "--key-type $(keytype) --cert-name {{domain}} -d {{domain}} {{#aliases}} -d {{.}} {{/aliases}}",
@ -80,7 +73,7 @@ vars:
"webroot_arg" string => ifelse( strcmp("$(webroot)","standalone"), "webroot_arg" string => ifelse( strcmp("$(webroot)","standalone"),
"--standalone", "--standalone",
"--webroot -w $(webroot)"); "--webroot -w $(webroot)");
"cert_test_cmd" string => "$(def.wmde_lib)/scripts/get-domains-from-cert.sh $(certbot.certbot_dir)/live/$(site[domain])/cert.pem"; "cert_test_cmd" string => "$(def.wmde_lib)/scripts/get-domains-from-cert.sh $(certbot.certbot_dir)/live/$(site[domain])/cert.pem";
@ -125,5 +118,3 @@ commands:
reports: reports:
} }

6
cron.cf Normal file
View File

@ -0,0 +1,6 @@
bundle agent cron
{
vars:
"cron_d" string => "/etc/cron.d";
}

36
git.cf
View File

@ -18,3 +18,39 @@ bundle agent install_git
methods: methods:
"any" usebundle => wmde_install_packages(@(git.pkgs),"git"); "any" usebundle => wmde_install_packages(@(git.pkgs),"git");
} }
body contain gitcmd(execuser,execgroup)
{
exec_owner => "$(execuser)";
exec_group => "$(execgroup)";
}
bundle agent git_repo(repo)
{
classes:
"repo_exists" expression => fileexists("$(repo[path])/.git");
files:
"$(repo[path])/."
create=>"true",
perms=>mog("$(repo[perm])","$(repo[user])","$(repo[group])"),
handle=>"git_repo_$(repo[path])_created";
commands:
!repo_exists::
"$(git.exe)"
args=>"clone --branch $(repo[branch]) $(repo[source]) $(repo[path])",
depends_on => {"git_repo_$(repo[path])_created"},
contain => gitcmd("$(repo[user])","$(repo[group])");
reports:
# "PATH $(repo[path])/.git";
# repo_exists::
# "REPO EXISTS";
# !repo_exists::
# "REPO iDOES NOT EXISTS";
}

13
kvm-host.cf Normal file
View File

@ -0,0 +1,13 @@
bundle agent kvm_host(cfg){
vars:
methods:
reports:
files:
}
bundle agent kvm(cfg){
vars:
methods:
reports:
files:
}

105
lego.cf Normal file
View File

@ -0,0 +1,105 @@
#
#Lego
#
bundle agent lego
{
vars:
"pkgs" slist => {
"lego"
};
"exe" string => "/usr/bin/lego";
"data_dir" string => "/etc/lego";
debian::
"exe" string => "/usr/bin/lego";
"data_dir" string => "/etc/lego";
"pkgs" slist => {
"lego","cron"
};
freebsd::
"exe" string => "/usr/local/bin/lego";
"data_dir" string => "/usr/local/etc/lego";
}
bundle agent install_lego
{
methods:
"any" usebundle => wmde_install_packages( @(lego.pkgs),"lego");
files:
"$(lego.data_dir)/."
create => "true",
perms => m("750"),
depends_on => {"lego_pkgs_installed"},
handle => "lego_installed";
}
bundle agent lego_dns_cert(site)
{
vars:
# command to read all domains a certificate contains
"cert_test_cmd" string => "$(def.wmde_lib)/scripts/get-domains-from-cert.sh $(lego.data_dir)/certificates/$(site[domain]).crt";
"ds" slist => {"$(site[domain])"};
"domains" slist => sort(mergedata(@(ds),getvalues(@(site[aliases]))));
"domains_txt" string => string_mustache("{{#-top-}}{{.}} {{/-top-}}",@(domains));
"args" string => string_mustache(
"-d {{domain}} {{#aliases}} -d {{.}} {{/aliases}}",
@(site)
);
"current_domains_txt" string => execresult("/bin/sh $(cert_test_cmd)","useshell"),
if => isvariable ("site[domain]"),
handle=>"lego_current_domains_ready";
classes:
"run_lego"
expression => not (strcmp("$(current_domains_txt) ","$(domains_txt)")),
depends_on => {"lego_current_domains_ready"};
files:
"/etc/cron.d/lego-$(site[domain])"
create => "true",
content => "0 0 * * * root $(site[dnsapi][key]) $(lego.exe) --path $(lego.data_dir) --email $(site[email]) --dns $(site[dnsapi][provider]) $(args) $(site[lego_renew_raw]) renew $(site[lego_renew_raw2])",
depends_on => {"lego_installed"};
commands:
run_lego::
"$(site[dnsapi][key]) $(lego.exe) --path $(lego.data_dir) --accept-tos $(site[lego_raw]) --email $(site[email]) --dns $(site[dnsapi][provider]) $(args) run"
contain => wmde_cmd_useshell,
depends_on => {"lego_installed"};
# "$(certbot.exe)"
# depends_on => {"certbot_installed","certbot_dry_run_ok"},
# args => "certonly --agree-tos -n $(webroot_arg) --expand --email $(site[email]) $(args)";
reports:
# "COMMAND: $(cert_test_cmd)";
# "CMP: $(current_domains_txt) $(domains_txt)";
# "LEG IS INSTALLED" depends_on => {"lego_installed"};
# run_lego::
# "$(lego.exe)";
# "--path $(lego.data_dir) --accept-tos --email $(site[email]) --dns $(site[dnsapi][provider]) $(args) run";
#depends_on => {"lego_installed"},
# run_lego::
# "MUST RUN LEGO";
# !run_lego::
# "MUST NOT RUN LEGO";
}

10
lib.cf
View File

@ -235,7 +235,6 @@ classes:
debian|ubuntu:: debian|ubuntu::
"do_install" expression => not(fileexists("/etc/apt/sources.list.d/$(name).list")); "do_install" expression => not(fileexists("/etc/apt/sources.list.d/$(name).list"));
vars: vars:
do_install:: do_install::
"pkgs" slist => { "pkgs" slist => {
@ -254,7 +253,7 @@ methods:
commands: commands:
do_install:: do_install::
"/bin/sh" "/bin/sh"
args => "$(sys.workdir)/inputs/$(def.wmde_libdir)/scripts/install-php-repo.sh $(name) $(repo_src) $(key_src) $(key_name)", args => "$(sys.workdir)/inputs/$(def.wmde_libdir)/scripts/install-apt-repo.sh $(name) $(repo_src) $(key_src) $(key_name)",
depends_on => { depends_on => {
"wget_pkgs_installed", "wget_pkgs_installed",
"apt_repo_pkgs_installed" "apt_repo_pkgs_installed"
@ -328,7 +327,12 @@ methods:
reports: reports:
} }
# Args:
# method string Either `wget` or anything else (not implemented?)
# src string Source URL of the file to download
# dst string ?
# cls string Prefix for classes used in the bundle
# prms_arg data JSON for { m(string): mode, o(string): uid, g(string): gid }
bundle agent download_file(method,src,dst,cls,prms_arg) bundle agent download_file(method,src,dst,cls,prms_arg)
{ {
vars: vars:

391
lxc-host.cf Normal file
View File

@ -0,0 +1,391 @@
# example lxc_host.cfg
# cfg data => '
# {
# "bridge": "lxcbr0",
# "netmask": "255.255.255.0",
# "network": "10.0.1.0/24",
# "addr": "10.0.1.1",
# "dhcp_range": "10.0.1.200,10.0.1.254"
# "dhcp_max": 253,
# }';
bundle agent lxc_host( cfg )
{
vars:
# var ip wird in mergedata verwendet, und mergedata mag keine flachen Variablen,
# sondern braucht Arrays auf die eine oder andere Weise
'ip[thirdoctet]' string => format( "%02x", nth( splitstring( $(cfg[addr]), '\.', 4 ), 2 ) );
"cfg_ip" data => mergedata( cfg, ip );
debian|ubuntu::
'lxc_path' string => '/etc/lxc';
'lxc_net_path' string => '/etc/default/lxc-net';
'lxc_net_tmpl' string => 'debian.lxc-net.mustache';
'lxc_default_path' string => '$(lxc_path)/default.conf';
'lxc_default_tmpl' string => 'default.conf.mustache';
'lxc_hosts_d' string => '$(lxc_path)/hosts.d';
debian::
'pkg_list' slist => { 'lxc','lxc-templates','debian-archive-keyring' };
ubuntu::
'pkg_list' slist => { 'lxc','lxc-templates','ubuntu-archive-keyring' };
fedora|centos|redhat::
'lxc_net_path' string => '/etc/lxc-net';
methods:
'Ensure the packages required for LXC are installed'
usebundle => wmde_install_packages(@(pkg_list),'lxc'),
comment => "The packages to install are defined in var `pkg_list`.",
handle => "lxc_installed";
reports:
"The agent $(default:def.agent_name) has been prepared as a host for lx containers.";
"The host provides the network on $(cfg[bridge]) with address $(cfg[addr]).";
"It will configure LXC via DHCP in the range $(cfg[dhcp_range]).";
"Static mappings are in /etc/lxc/hosts.d.";
"This is the third octet: $(ip[thirdoctet]).";
files:
"$(lxc_path)/."
acl => lxc_dnsmasq,
depends_on => { "lxc_installed" };
"$(lxc_path)/dnsmasq.conf"
perms => mog('644','root','root'),
content => "dhcp-hostsdir=$(lxc_hosts_d)",
depends_on => { "lxc_installed" };
"$(lxc_hosts_d)/."
create => "true",
perms => mog('755','root','root'),
handle => "lxchostsdir",
depends_on => { "lxc_installed" };
"/usr/local/bin/lxc-hooks"
perms => mog('700','root','root'),
copy_from => local_cp("$(sys.workdir)/inputs/wmdelib/scripts/lxc-hooks.sh"),
depends_on => { "lxc_installed" },
handle => "lxchookscript";
debian|ubuntu::
"$(lxc_net_path)"
perms => mog('644','root', 'root'),
template_data => @(cfg_ip),
template_method => 'mustache',
edit_template => "$(sys.workdir)/inputs/$(def.wmde_libdir)/templates/lxc_host/$(lxc_net_tmpl)",
depends_on => { "lxc_installed" };
"$(lxc_default_path)"
perms => mog('644','root', 'root'),
template_data => @(cfg_ip),
template_method => 'mustache',
edit_template => "$(sys.workdir)/inputs/$(def.wmde_libdir)/templates/lxc_host/$(lxc_default_tmpl)",
depends_on => { "lxc_installed" };
}
body acl lxc_dnsmasq
{
acl_method => "append";
acl_type => "posix";
aces => {
"user:dnsmasq:rx:allow"
};
}
# example lxc.cfg
# cfg data => '
# {
# "name": "proxy",
# "dist": "debian",
# "release": "bookworm",
# "arch": "amd64",
# "bridge": "lxcbr0",
# "ip": "10.0.11.80",
# "group": "",
# "autostart": true,
# "policy": "absent|present",
# "state": "stopped|running",
# }';
# name
# lxc.container.conf:
# # Parameters passed to the template: --dist $(cfg[dist]) --arch $(cfg[arch]) --release $(cfg[release])
bundle agent lxc( cfg )
{
classes:
"cfg_array" expression => strcmp( type( "cfg", "true" ), "data array" );
vars:
cfg_array::
"index" slist => getindices( @(cfg) );
methods:
cfg_array::
"Iterate over config array: $(index)"
usebundle => _lxc( @(cfg[$(index)]) );
!cfg_array::
"Forward config to"
usebundle => _lxc( @(cfg) );
files:
reports:
cfg_array::
"Iterated over cfg array.";
}
# Although all attributes are passed in one data object there are
# qualitative differences. All need the name element.
# lxc-create needs dist, arch and release.
# lxc config file needs autostart and group
# dnsmasq needs the ip
bundle agent _lxc( cfg )
{
classes:
"lxc_exists" expression => returnszero( "/usr/bin/lxc-info $(cfg[name]) 2> /dev/null", "noshell" ), scope => "bundle";
"lxc_host_file_exists" expression => fileexists( "$(lxc_host_file)" ), scope => "bundle";
"lxc_policy_exists" expression => isvariable( "cfg[policy]" );
"lxc_state_exists" expression => isvariable( "cfg[state]" );
lxc_policy_exists::
"lxc_policy_valid" expression => regcmp( "(absent|present)", "$(cfg[policy])" );
lxc_policy_valid::
'present' expression => strcmp( "present", "$(cfg[policy])" );
!lxc_policy_exists::
'present';
lxc_state_exists::
"lxc_state_valid" expression => regcmp( "(stopped|running)", "$(cfg[state])" );
lxc_state_valid::
'running' expression => strcmp( "running", "$(cfg[state])" );
!lxc_state_exists::
'running';
lxc_exists::
"lxc_correct_distribution" expression => regline( '^# Parameters passed to the template: --dist $(cfg[dist]) --arch $(cfg[arch]) --release $(cfg[release])$', "$(lxc_dir)/config" ), scope => "bundle";
vars:
"lxc_host_file" string => "$(lxc_host.lxc_hosts_d)/$(cfg[name])";
"lxc_dir" string => "/var/lib/lxc/$(cfg[name])";
"lxc_rootfs" string => "$(lxc_dir)/rootfs";
'autostart' string => $(cfg[autostart]);
'group' string => $(cfg[group]);
files:
!lxc_exists & present::
"/var/lib/lxc/$(cfg[name])/config"
edit_line => lxc_config( "$(autostart)", "$(group)" ),
depends_on => { "lxc_$(cfg[name])_created" },
handle => "$(cfg[name])_config_created";
methods:
!lxc_exists & present::
"Ensure existence of container ($(cfg[name]))"
usebundle => lxc_create( @(cfg) ),
handle => "lxc_$(cfg[name])_created";
"Ensure static mapping in dnsmasq"
usebundle => lxc_add_static_mapping( @(cfg) ),
depends_on => { "lxc_$(cfg[name])_created" },
handle => "lxc_$(cfg[name])_mapped_statically";
lxc_exists & !present::
"Ensure absence of container ($cfg[name])"
usebundle => lxc_destroy( @(cfg) ),
handle => "lxc_$(cfg[name])_destroyed";
"Ensure absence of static mapping"
usebundle => lxc_remove_static_mapping( @(cfg) ),
depends_on => { "lxc_$(cfg[name])_destroyed" },
handle => "lxc_$(cfg[name])_unmapped_statically";
"Ensure dnsmasq picks up current lxc host configs"
usebundle => reload_dnsmasq,
depends_on => { "lxc_$(cfg[name])_unmapped_statically" },
handle => "reloaded_dnsmasq_for_$(cfg[name])";
present & running::
"Ensure running state of container ($(cfg[name]))"
usebundle => lxc_start( @(cfg[name]) ),
handle => "lxc_$(cfg[name])_started";
present & !running::
"Ensure stopped state of container ($(cfg[name]))"
usebundle => lxc_stop( @(cfg[name]) ),
handle => "lxc_$(cfg[name])_stopped";
reports:
lxc_exists & lxc_correct_distribution::
"LX Container $(cfg[name]) already configured, nothing to do";
!lxc_exists & present::
"LXC $(cfg[name]) did not exist and should have been created.";
lxc_exists & !present::
"LXC $(cfg[name]) did exist and should have been destroyed.";
present & running::
"LXC $(cfg[name]) should now be in state RUNNING.";
present & !running::
"LXC $(cfg[name]) should now be in state STOPPED.";
}
bundle edit_line lxc_config( autostart, group )
{
classes:
"autostart_true"
expression => some( $(autostart_lc), true_statements ),
depends_on => { "$(autostart)_lowercased" };
"group_provided"
expression => isgreaterthan( $(group_length), 0 );
vars:
"autostart_lc"
string => string_downcase( $(autostart) ),
handle => "$(autostart)_lowercased";
"group_length"
int => string_length( $(group) );
"true_statements"
slist => { "yes", "true", "on", "1" },
handle => "truth";
insert_lines:
"# This file is managed by CFEngine. Manual changes will be overwritten."
location => first_line;
autostart_true::
"lxc.start.auto = 1";
!autostart_true::
"lxc.start.auto = 0";
group_provided::
"lxc.group = $(group)";
reports:
"autostart ist $(autostart)";
"group ist $(group)";
}
body location first_line
{
before_after => "before";
first_last => "first";
select_line_matching => ".*";
}
bundle agent lxc_add_static_mapping( cfg )
{
files:
"$(lxc_host.lxc_hosts_d)/$(cfg[name])"
perms => mog( '644', 'root', 'root' ),
content => "$(cfg[name]),$(cfg[ip])",
handle => "mapped_$(cfg[name])";
reports:
"mapped $(cfg[name]) to $(cfg[ip])"
depends_on => { "mapped_$(cfg[name])" };
}
bundle agent lxc_remove_static_mapping( cfg )
{
files:
"$(lxc_host.lxc_hosts_d)/$(cfg[name])"
delete => tidy,
classes => if_repaired(dnsmasq_reload);
reports:
dnsmasq_reload::
"mapped $(cfg[name]) to $(cfg[ip])";
}
# When files for static mappings are added dnsmasq automatically loads
# them. But dnsmasq doesn't remove them automatically again when the
# file gets removed.
bundle agent reload_dnsmasq
{
processes:
dnsmasq_reload::
"dnsmasq"
signals => { "hup" };
}
# DOWNLOAD_KEYSERVER="keyserver.ubuntu.com" lxc-create -n manual -t download -- -d debian -a amd64 -r bookworm
bundle agent lxc_create( cfg )
{
classes:
"lxc_dir_btrfs" expression => strcmp( execresult( "/usr/bin/stat -f -c %T /var/lib/lxc" , "noshell", "stdout" ), "btrfs" );
vars:
!lxc_dir_btrfs::
"create_args" slist => {
"-n",
$(cfg[name]),
"-t",
"download",
"--",
"-d",
$(cfg[dist]),
"-a",
$(cfg[arch]),
"-r",
$(cfg[release]),
};
lxc_dir_btrfs::
"create_args" slist => {
"-n",
$(cfg[name]),
"-t",
"download",
"-B",
"btrfs",
"--",
"-d",
$(cfg[dist]),
"-a",
$(cfg[arch]),
"-r",
$(cfg[release]),
};
commands:
"/usr/bin/lxc-create"
arglist => { @(create_args) },
contain => lxc_commands,
handle => "lxc_$(cfg[name])_created";
reports:
"LXC $(cfg[name]) has been created"
depends_on => { "lxc_$(cfg[name])_created" };
}
bundle agent lxc_destroy( cfg )
{
methods:
"Ensure LXC is stopped"
usebundle => lxc_stop( $(cfg[name]) ),
handle => "stopped_$(cfg[name])";
commands:
"/usr/bin/lxc-destroy"
arglist => {
"-n",
$(cfg[name])
},
depends_on => { "stopped_$(cfg[name])" },
handle => "destroyed_$(cfg[name])";
}
bundle agent lxc_start( name )
{
classes:
"lxc_running"
expression => strcmp( execresult( "/usr/bin/lxc-info -n $(name) -s -H", "noshell", "stdout" ), "RUNNING" ),
scope => "bundle";
commands:
!lxc_running::
"/usr/bin/lxc-start"
arglist => {
"-n",
$(name)
},
handle => "lxc_$(name)_started";
reports:
!lxc_running::
"$(name) has been started"
depends_on => { "lxc_$(name)_started" };
}
bundle agent lxc_stop( name )
{
classes:
"lxc_running"
expression => strcmp( execresult( "/usr/bin/lxc-info -n $(name) -s -H", "noshell", "stdout" ), "RUNNING" ),
scope => "bundle";
commands:
lxc_running::
"/usr/bin/lxc-stop"
arglist => {
"-n",
$(name)
},
handle => "lxc_$(name)_stopped";
reports:
lxc_running::
"$(name) has been stopped"
depends_on => { "lxc_$(name)_stopped" };
}
body contain lxc_commands
{
useshell => "noshell";
no_output => "true";
}

95
mailserver.cf
View File

@ -29,6 +29,7 @@ vars:
"pop3":false, "pop3":false,
"sieve":false, "sieve":false,
"ssl":false, "ssl":false,
"sympa":false,
"opendkim":false, "opendkim":false,
"myhostname":"$(sys.host)", "myhostname":"$(sys.host)",
"mynetworks":"", "mynetworks":"",
@ -59,10 +60,18 @@ vars:
"vimb_src_tgz":"$(sys.workdir)/data/public/vimbadmin-3.4.1.tar.gz", "vimb_src_tgz":"$(sys.workdir)/data/public/vimbadmin-3.4.1.tar.gz",
"php_handler":"$(apache.default_php_handler)", "php_handler":"$(apache.default_php_handler)",
"postmaster_mail":"postmaster@$(sys.host)", "postmaster_mail":"postmaster@$(sys.host)",
"webmaster_mail":"webmaster@$(sys.host)" "webmaster_mail":"webmaster@$(sys.host)",
"sympa_listmaster":"tobias.herre@wikimedia.de",
"sympa_dir":"/var/mail/sympa"
}'; }';
# "sympa_arc_dir": "$(sympa_dir)/arc";
# "sympa_home_dir": "$(sympa_dir)/list_data";
# "sympa_bounce_dir": "$(sympa_dir)/bounce";
"cfg" data => mergedata(@(default_cfg),@(param_cfg)); "cfg" data => mergedata(@(default_cfg),@(param_cfg));
@ -423,7 +432,7 @@ virtual_mailbox_domains = mysql:$(postfix_vimbadmin_sql.virtual_domains_maps)
virtual_mailbox_maps = mysql:$(postfix_vimbadmin_sql.virtual_mailbox_maps) virtual_mailbox_maps = mysql:$(postfix_vimbadmin_sql.virtual_mailbox_maps)
inet_protocols = ipv4 inet_protocols = ipv4
smtp_tls_security_level = may smtp_tls_security_level = may
message_size_limit = 26214400
" "
, ,
"master_raw":"" "master_raw":""
@ -433,6 +442,88 @@ smtp_tls_security_level = may
"sympa_cfg" data => '{
"version":"6.2.72",
"backup_dir":"$(wmde_mail.backup_dir)/sympa",
"db_settings":$(sympa_db_json),
"settings": {
"domain":"$(sympa_domain)",
"wwsympa_url":"$(wwsympa_url)",
"listmaster":"$(sympa_listmaster)",
"sendmail_aliases":"$(sympa.conf_dir)/sympa_transport",
"aliases_program":"/usr/sbin/postmap",
"db_type":"$(sympa_db[db_type])",
"db_name":"$(sympa_db[db_name])",
"db_host":"$(sympa_db[db_host])",
"db_passwd":"$(sympa_db[db_pass])",
"db_user":"$(sympa_db[db_user])",
"home":"$(sympa_home_dir)",
"bounce_path":"$(sympa_bounce_dir)",
"arc_path":"$(sympa_arc_dir)",
"etc":"/mnt/mail-vol/sympa/etc"
}
,
"domains":{
"dewp.org": {
"settings":{
"wwsympa_url":"https://$(sympa_domain)/dewp.org",
"http_host":"$(sympa_domain)",
"domain":"dewp.org",
"title":"Diese Domain ist zu Testzwecken hier"
}
}
,
"wikipedia.de": {
"settings":{
"wwsympa_url":"https://$(sympa_domain)/wikipedia.de",
"http_host":"$(sympa_domain)"
}
}
,
"wikimedia.de": {
"settings":{
"wwsympa_url":"https://$(sympa_domain)/wikimedia.de",
"http_host":"$(sympa_domain)"
}
}
,
"wikimail.info": {
"settings":{
"wwsympa_url":"https://$(sympa_domain)/wikimail.info",
"http_host":"$(sympa_domain)"
}
}
}
,
"domains_old":[
{
"domain":"dewp.org",
"wwsympa_url":"https://$(sympa_domain)/dewp.org",
"http_host":"$(sympa_domain)"
}
,
{
"domain":"wikimedia.de",
"wwsympa_url":"https://$(sympa_domain)/wmde",
"http_host":"$(sympa_domain)"
}
,
{
"domain":"wikipedia.de",
"wwsympa_url":"https://lists.dewp.org/wikipedia.de",
"http_host":"list.dewp.org"
}
]
}',
handle => "wmde_mail_sympa_cfg_ready";
reports: reports:
users: users:

46
mediawiki.cf Normal file
View File

@ -0,0 +1,46 @@
#
#
#
bundle agent mediawiki(cfg)
{
vars:
"major_version" string => "1.39";
"minor_version" string => "5";
"dlsite" string => "https://releases.wikimedia.org/mediawiki/$(major_version)";
"dlbasename" string => "mediawiki-$(major_version).$(minor_version)";
"dlfile" string => "$(dlbasename).tar.gz";
classes:
"run_wget" expression => not (fileexists("$(sys.workdir)/data/agent/mediawiki/$(dlfile)"));
"run_tar" expression => not (fileexists("$(cfg[install_dir])/$(dlbasename)"));
files:
"$(sys.workdir)/data/agent/mediawiki/."
create => "true",
handle => "mediawiki_workdir_created";
commands:
run_wget::
"wget"
args => "$(dlsite)/$(dlfile) -q -O $(sys.workdir)/data/agent/mediawiki/$(dlfile)",
contain => wmde_cmd_useshell,
depends_on => {"mediawiki_workdir_created"},
handle => "mediawiki_tar_downloaded";
!run_wget::
"/bin/true"
inform => "false",
handle => "mediawiki_tar_downloaded";
run_tar::
"tar"
args => "-xzf $(sys.workdir)/data/agent/mediawiki/$(dlfile) -C $(cfg[install_dir]) && chown -R $(apache.www_user):$(apache.www_group) $(cfg[install_dir])/$(dlbasename)",
contain => wmde_cmd_useshell,
depends_on => {"mediawiki_tar_downloaded"},
handle => "mediawiki_untarred";
!run_tar::
"/bin/true"
inform => "false",
handle => "mediawiki_untarred";
reports:
"$(cfg[install_dir])/$(dlbasename)";
}

270
mysql.cf
View File

@ -5,7 +5,6 @@
bundle agent mysql(cfg_param) bundle agent mysql(cfg_param)
{ {
vars: vars:
"default_cfg" data => '{ "default_cfg" data => '{
"bind_address":"127.0.0.1", "bind_address":"127.0.0.1",
"user":"mysql", "user":"mysql",
@ -21,11 +20,9 @@ vars:
"server_pkgs" slist => {"mysql80-server"}; "server_pkgs" slist => {"mysql80-server"};
"client_pkgs" slist => {"mysql80-client"}; "client_pkgs" slist => {"mysql80-client"};
"type" string => "mysql8"; "type" string => "mysql8";
"server_pkgs" slist => {"mariadb106-server"}, if => strcmp("$(cfg[mariadb])","true"); "server_pkgs" slist => {"mariadb106-server"}, if => strcmp("$(cfg[mariadb])","true");
"client_pkgs" slist => {"mariadb106-client"}, if => strcmp("$(cfg[mariadb])","true"); "client_pkgs" slist => {"mariadb106-client"}, if => strcmp("$(cfg[mariadb])","true");
"type" string => "mariadb",if => strcmp("$(cfg[mariadb])","true"); "type" string => "mariadb",if => strcmp("$(cfg[mariadb])","true");
"service_name" string => "mysql-server"; "service_name" string => "mysql-server";
"cfg_dir" string => "/usr/local/etc/mysql"; "cfg_dir" string => "/usr/local/etc/mysql";
"cfg_file" string => "/usr/local/etc/mysql/my.cnf"; "cfg_file" string => "/usr/local/etc/mysql/my.cnf";
@ -43,7 +40,6 @@ vars:
"bin_dir" string => "/usr/bin"; "bin_dir" string => "/usr/bin";
"default_datadir" string => "/var/lib/mysql"; "default_datadir" string => "/var/lib/mysql";
"mysqld_cmd" string => "/usr/sbin/mysqld"; "mysqld_cmd" string => "/usr/sbin/mysqld";
fedora|centos:: fedora|centos::
"user" string => "mysql"; "user" string => "mysql";
"server_pkgs" slist => {"mariadb-server"}; "server_pkgs" slist => {"mariadb-server"};
@ -57,35 +53,29 @@ vars:
"bin_dir" string => "/usr/bin"; "bin_dir" string => "/usr/bin";
"default_datadir" string => "/var/lib/mysql"; "default_datadir" string => "/var/lib/mysql";
"mysqld_cmd" string => "/usr/sbin/mysqld"; "mysqld_cmd" string => "/usr/sbin/mysqld";
any:: any::
"mysql_cmd" string => "$(bin_dir)/mysql"; "mysql_cmd" string => "$(bin_dir)/mysql";
"mysqldump_cmd" string => "$(bin_dir)/mysqldump"; "mysqldump_cmd" string => "$(bin_dir)/mysqldump";
files: files:
freebsd:: freebsd::
"/etc/rc.conf.d/mysql" "/etc/rc.conf.d/mysql"
create => "true", create => "true",
content => "mysql_enable=YES"; content => "mysql_enable=YES";
any:: any::
"$(cfg_dir)/." "$(cfg_dir)/."
create => "true", create => "true",
perms => m("0755"), perms => m("0755"),
handle => "mysql_cfg_dir_created"; handle => "mysql_cfg_dir_created";
"$(cfg_file)"
#create => "true",
"$(cfg_file)" perms => m("644"),
#create => "true", copy_from => seed_cp("$(sys.workdir)/inputs/$(def.wmde_libdir)/templates/my.cnf.mustache"),
perms => m("644"), # edit_template => "$(sys.workdir)/inputs/$(def.wmde_libdir)/templates/my.cnf.mustache",
copy_from => seed_cp("$(sys.workdir)/inputs/$(def.wmde_libdir)/templates/my.cnf.mustache"), # template_method => "mustache",
# edit_template => "$(sys.workdir)/inputs/$(def.wmde_libdir)/templates/my.cnf.mustache", handle => "mysql_cfg_created",
# template_method => "mustache", depends_on => {"mysql_cfg_dir_created"},
handle => "mysql_cfg_created", classes => if_repaired("mysql_repaired");
depends_on => {"mysql_cfg_dir_created"},
classes => if_repaired("mysql_repaired");
services: services:
@ -96,8 +86,8 @@ services:
mysql_repaired:: mysql_repaired::
"$(service_name)" "$(service_name)"
service_policy => "restart", service_policy => "restart",
depends_on => {"mysql_running","mysql_cfg_created"}; depends_on => {"mysql_running","mysql_cfg_created"};
reports: reports:
} }
@ -108,106 +98,92 @@ classes:
"type_$(mysql.type)" ; "type_$(mysql.type)" ;
vars: vars:
"mysqld_idx" slist => getindices(@(cfg[settings][mysqld])); "mysqld_idx" slist => getindices(@(cfg[settings][mysqld]));
"settings[mysqld][$(mysqld_idx)]" string => "$(cfg[settings][mysqld][$(mysqld_idx)])"; "settings[mysqld][$(mysqld_idx)]" string => "$(cfg[settings][mysqld][$(mysqld_idx)])";
"datadir" string => ifelse(
isvariable("cfg[settings][mysqld][datadir]"),
"datadir" string => ifelse(isvariable("cfg[settings][mysqld][datadir]"), "$(cfg[settings][mysqld][datadir])",
"$(cfg[settings][mysqld][datadir])", "$(mysql.default_datadir)"
"$(mysql.default_datadir)"); );
type_mariadb:: type_mariadb::
"install_db_exe" string => ifelse(fileexists("$(mysql.bin_dir)/mysql_install_db"), "install_db_exe" string => ifelse(
"$(mysql.bin_dir)/mysql_install_db", fileexists("$(mysql.bin_dir)/mysql_install_db"),
"$(mysql.bin_dir)/mariadb-install-db"); "$(mysql.bin_dir)/mysql_install_db",
"$(mysql.bin_dir)/mariadb-install-db"
);
"install_db_cmd" string => "if [ ! -d $(datadir)/mysql ]; then $(install_db_exe) --user=$(mysql.user)>/dev/null ; fi"; "install_db_cmd" string => "if [ ! -d $(datadir)/mysql ]; then $(install_db_exe) --user=$(mysql.user)>/dev/null ; fi";
type_mysql8:: type_mysql8::
"install_db_cmd" string => "if [ ! -d $(datadir)/mysql ]; then $(mysql.mysqld_cmd) --initialize-insecure --user=$(mysql.user); fi"; "install_db_cmd" string => "if [ ! -d $(datadir)/mysql ]; then $(mysql.mysqld_cmd) --initialize-insecure --user=$(mysql.user); fi";
"j" string => storejson(@(cfg)); "j" string => storejson(@(cfg));
methods: methods:
"any" usebundle => mysql(@(cfg)); "any" usebundle => mysql(@(cfg));
"any" usebundle => wmde_install_packages(@(mysql.server_pkgs),"mysql_server"); "any" usebundle => wmde_install_packages(@(mysql.server_pkgs),"mysql_server");
files: files:
"$(mysql.cfg_file)" "$(mysql.cfg_file)"
copy_from => seed_cp("$(sys.workdir)/inputs/$(def.wmde_libdir)/templates/my.cnf.mustache"), copy_from => seed_cp("$(sys.workdir)/inputs/$(def.wmde_libdir)/templates/my.cnf.mustache"),
handle => "myslq_server_cfg_created", handle => "myslq_server_cfg_created",
depends_on => {"mysql_server_pkgs_installed"}; depends_on => {"mysql_server_pkgs_installed"};
"$(mysql.cfg_file)" "$(mysql.cfg_file)"
create => "true", create => "true",
perms => m("644"), perms => m("644"),
edit_line => set_variable_values_inix("$(this.bundle).settings","mysqld"), edit_line => set_variable_values_inix("$(this.bundle).settings","mysqld"),
depends_on => {"myslq_server_cfg_created"}, depends_on => {"myslq_server_cfg_created"},
handle => "myslq_server_cfg_edited", handle => "myslq_server_cfg_edited",
classes => if_repaired("mysql_server_repaired"); classes => if_repaired("mysql_server_repaired");
commands: commands:
"$(install_db_cmd)" "$(install_db_cmd)"
handle=>"mysql_datadir_initialized", handle=>"mysql_datadir_initialized",
contain => wmde_cmd_useshell, contain => wmde_cmd_useshell,
inform => "false", inform => "false",
depends_on => {"myslq_server_cfg_edited"}; depends_on => {"myslq_server_cfg_edited"};
methods: methods:
"any" usebundle => wmde_service("$(mysql.service_name)","mysql_server_kept","mysql_server_repaired"), "any" usebundle => wmde_service("$(mysql.service_name)","mysql_server_kept","mysql_server_repaired"),
depends_on => {"mysql_datadir_initialized"}; depends_on => {"mysql_datadir_initialized"};
reports: reports:
} }
bundle edit_line set_variable_values_inix(tab, sectionName) bundle edit_line set_variable_values_inix(tab, sectionName)
{ {
vars: vars:
"index" slist => getindices("$(tab)[$(sectionName)]"); "index" slist => getindices("$(tab)[$(sectionName)]");
# Be careful if the index string contains funny chars
"cindex[$(index)]" string => canonify("$(index)");
# Be careful if the index string contains funny chars classes:
"cindex[$(index)]" string => canonify("$(index)"); "edit_$(cindex[$(index)])" not => strcmp("$($(tab)[$(sectionName)][$(index)])","dontchange"),
comment => "Create conditions to make changes";
classes: field_edits:
"edit_$(cindex[$(index)])" not => strcmp("$($(tab)[$(sectionName)][$(index)])","dontchange"), # If the line is there, but commented out, first uncomment it
comment => "Create conditions to make changes"; # "#+\s*$(index)\s*=.*"
# select_region => INI_section(escape("$(sectionName)")),
# edit_field => col("\s*=\s*","1","$(index)","set"),
# if => "edit_$(cindex[$(index)])";
# match a line starting like the key something
"\s*$(index)\s*=.*"
edit_field => col("\s*=\s*","2","$($(tab)[$(sectionName)][$(index)])","set"),
select_region => INI_section(escape("$(sectionName)")),
classes => results("bundle", "set_variable_values_ini_not_$(cindex[$(index)])"),
if => "edit_$(cindex[$(index)])";
field_edits: delete_lines:
"!include.*";
# If the line is there, but commented out, first uncomment it insert_lines:
# "#+\s*$(index)\s*=.*" "[$(sectionName)]"
# select_region => INI_section(escape("$(sectionName)")), location => start,
# edit_field => col("\s*=\s*","1","$(index)","set"), comment => "Insert lines";
# if => "edit_$(cindex[$(index)])";
# match a line starting like the key something
"\s*$(index)\s*=.*"
edit_field => col("\s*=\s*","2","$($(tab)[$(sectionName)][$(index)])","set"),
select_region => INI_section(escape("$(sectionName)")),
classes => results("bundle", "set_variable_values_ini_not_$(cindex[$(index)])"),
if => "edit_$(cindex[$(index)])";
delete_lines:
"!include.*";
insert_lines:
"[$(sectionName)]"
location => start,
comment => "Insert lines";
"$(index)=$($(tab)[$(sectionName)][$(index)])"
select_region => INI_section(escape("$(sectionName)")),
if => "!(set_variable_values_ini_not_$(cindex[$(index)])_kept|set_variable_values_ini_not_$(cindex[$(index)])_repaired).edit_$(cindex[$(index)])";
"$(index)=$($(tab)[$(sectionName)][$(index)])"
select_region => INI_section(escape("$(sectionName)")),
if => "!(set_variable_values_ini_not_$(cindex[$(index)])_kept|set_variable_values_ini_not_$(cindex[$(index)])_repaired).edit_$(cindex[$(index)])";
} }
bundle agent install_mysql_client bundle agent install_mysql_client
@ -225,21 +201,23 @@ body contain mysql_cmd
bundle agent mysql_table_exists(dbdef,table_name) bundle agent mysql_table_exists(dbdef,table_name)
{ {
vars: vars:
"pass_arg" string => ifelse ( isvariable("dbdef[db_pass]"), "pass_arg" string => ifelse (
"-p$(dbdef[db_pass])","" isvariable("dbdef[db_pass]"),
); "-p$(dbdef[db_pass])",
"host_arg" string => ifelse ( isvariable("dbdef[db_host]"), ""
"-h$(dbdef[db_host])","" );
); "host_arg" string => ifelse (
"user_arg" string => ifelse ( isvariable("dbdef[db_user]"), isvariable("dbdef[db_host]"),
"-u$(dbdef[db_user])","" "-h$(dbdef[db_host])",
); ""
);
"user_arg" string => ifelse (
isvariable("dbdef[db_user]"),
"-u$(dbdef[db_user])",
""
);
"xargs" string => "$(pass_arg) $(host_arg) $(user_arg)"; "xargs" string => "$(pass_arg) $(host_arg) $(user_arg)";
"classname" string => "mysql_$(dbdef[db_name])_$(table_name)_exists"; "classname" string => "mysql_$(dbdef[db_name])_$(table_name)_exists";
"cmd" string => 'mysql $(xargs) -e "show tables LIKE \'$(table_name)\'" $(dbdef[db_name]) > /tmp/$(dbdef[db_name]).check && if grep -q \'$(table_name)\' /tmp/$(dbdef[db_name]).check ; then echo "+$(classname)"; else echo "-$(classname)"; fi'; "cmd" string => 'mysql $(xargs) -e "show tables LIKE \'$(table_name)\'" $(dbdef[db_name]) > /tmp/$(dbdef[db_name]).check && if grep -q \'$(table_name)\' /tmp/$(dbdef[db_name]).check ; then echo "+$(classname)"; else echo "-$(classname)"; fi';
commands: commands:
@ -253,7 +231,6 @@ reports:
bundle agent mysql_backup_all(cfg) bundle agent mysql_backup_all(cfg)
{ {
vars: vars:
"cmd" string => '$(mysql.mysql_cmd) -N -e \'show databases\' | while read dbname; do $(mysql.mysqldump_cmd) --default-character-set=utf8mb4 --complete-insert --routines --triggers --single-transaction --max_allowed_packet=512M "$dbname" > $(cfg[backup_dir])/"$dbname".sql; done'; "cmd" string => '$(mysql.mysql_cmd) -N -e \'show databases\' | while read dbname; do $(mysql.mysqldump_cmd) --default-character-set=utf8mb4 --complete-insert --routines --triggers --single-transaction --max_allowed_packet=512M "$dbname" > $(cfg[backup_dir])/"$dbname".sql; done';
@ -262,7 +239,6 @@ reports:
} }
bundle agent mysql_backup_db(cfg,file) bundle agent mysql_backup_db(cfg,file)
{ {
classes: classes:
@ -271,8 +247,6 @@ classes:
vars: vars:
"table_exists_cmd" string => '$(mysql.mysql_cmd) -e "show tables LIKE \'$(table_name)\'" $(cdfg[db_name]) | grep -q $(table_name)'; "table_exists_cmd" string => '$(mysql.mysql_cmd) -e "show tables LIKE \'$(table_name)\'" $(cdfg[db_name]) | grep -q $(table_name)';
"cmd" string => "$(mysql.mysqldump_cmd) --default-character-set=utf8mb4 --no-tablespaces --complete-insert --routines --triggers --single-transaction --max_allowed_packet=512M -h$(cfg[db_host]) -u$(cfg[db_user]) -p$(cfg[db_pass]) $(cfg[db_name]) >$(file)"; "cmd" string => "$(mysql.mysqldump_cmd) --default-character-set=utf8mb4 --no-tablespaces --complete-insert --routines --triggers --single-transaction --max_allowed_packet=512M -h$(cfg[db_host]) -u$(cfg[db_user]) -p$(cfg[db_pass]) $(cfg[db_name]) >$(file)";
} }
# #
@ -288,26 +262,22 @@ classes:
"type_$(mysql.type)" ; "type_$(mysql.type)" ;
"create_cron" expression => strcmp("$(run)","true"); "create_cron" expression => strcmp("$(run)","true");
vars: vars:
"table_exists_cmd" string => '$(mysql.mysql_cmd) -h$(cfg[db_host]) -u$(cfg[db_user]) -p$(cfg[db_pass]) $(cfg[db_name]) -e "show tables LIKE \'$(table_name)\'" | grep -q $(table_name)'; "table_exists_cmd" string => '$(mysql.mysql_cmd) -h$(cfg[db_host]) -u$(cfg[db_user]) -p$(cfg[db_pass]) $(cfg[db_name]) -e "show tables LIKE \'$(table_name)\'" | grep -q $(table_name)';
type_mariadb:: type_mariadb::
"backup_cmd" string => "$(mysql.mysqldump_cmd) --default-character-set=utf8mb4 --complete-insert --routines --triggers --single-transaction --max_allowed_packet=512M -h$(cfg[db_host]) -u$(cfg[db_user]) -p$(cfg[db_pass]) $(cfg[db_name]) >$(file)"; "backup_cmd" string => "$(mysql.mysqldump_cmd) --default-character-set=utf8mb4 --complete-insert --routines --triggers --single-transaction --max_allowed_packet=512M -h$(cfg[db_host]) -u$(cfg[db_user]) -p$(cfg[db_pass]) $(cfg[db_name]) >$(file)";
type_mysql8:: type_mysql8::
"backup_cmd" string => "$(mysql.mysqldump_cmd) --set-gtid-purged=OFF --no-tablespaces --complete-insert --routines --triggers --single-transaction --max_allowed_packet=512M -h$(cfg[db_host]) -u$(cfg[db_user]) -p$(cfg[db_pass]) $(cfg[db_name]) >$(file)"; "backup_cmd" string => "$(mysql.mysqldump_cmd) --set-gtid-purged=OFF --no-tablespaces --complete-insert --routines --triggers --single-transaction --max_allowed_packet=512M -h$(cfg[db_host]) -u$(cfg[db_user]) -p$(cfg[db_pass]) $(cfg[db_name]) >$(file)";
files: files:
!create_cron:: !create_cron::
"/etc/cron.d/dump-mysql-db-$(cfg[db_name])" "/etc/cron.d/dump-mysql-db-$(cfg[db_name])"
delete=>tidy; delete => tidy;
create_cron:: create_cron::
"/etc/cron.d/dump-mysql-db-$(cfg[db_name])" "/etc/cron.d/dump-mysql-db-$(cfg[db_name])"
perms => m("644"), perms => m("644"),
create => "true", create => "true",
content => " content => "
# #
# /etc/cron.d/roundcube # /etc/cron.d/roundcube
# #
@ -316,12 +286,8 @@ PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
0 * * * * root $(table_exists_cmd) && $(backup_cmd) 0 * * * * root $(table_exists_cmd) && $(backup_cmd)
"; ";
} }
# #
# Create cronjob # Create cronjob
# @param cfg definition for database, db_user, db_host, db_pass, db_name # @param cfg definition for database, db_user, db_host, db_pass, db_name
@ -334,8 +300,11 @@ classes:
"type_$(mysql.type)" ; "type_$(mysql.type)" ;
"create_cron" expression => strcmp("$(run)","true"); "create_cron" expression => strcmp("$(run)","true");
vars: vars:
"cron" string => ifelse(isvariable("cfg[db_cron]"), "cron" string => ifelse(
"$(cfg[db_cron])","0 1 * * * "); isvariable("cfg[db_cron]"),
"$(cfg[db_cron])",
"0 1 * * * "
);
"table_exists_cmd" string => '$(mysql.mysql_cmd) -h$(cfg[db_host]) -u$(cfg[db_user]) -p$(cfg[db_pass]) $(cfg[db_name]) -e "show tables LIKE \'$(cfg[db_check_table])\'" | grep -q $(cfg[db_check_table])'; "table_exists_cmd" string => '$(mysql.mysql_cmd) -h$(cfg[db_host]) -u$(cfg[db_user]) -p$(cfg[db_pass]) $(cfg[db_name]) -e "show tables LIKE \'$(cfg[db_check_table])\'" | grep -q $(cfg[db_check_table])';
@ -353,9 +322,9 @@ files:
create_cron:: create_cron::
"/etc/cron.d/mysqldump-$(cfg[db_name])" "/etc/cron.d/mysqldump-$(cfg[db_name])"
perms => m("644"), perms => m("644"),
create => "true", create => "true",
content => " content => "
# #
# /etc/cron.d/mysqldump-$(cfg[db_name]) # /etc/cron.d/mysqldump-$(cfg[db_name])
# #
@ -364,40 +333,25 @@ PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
$(cron) root $(table_exists_cmd) && $(backup_cmd) $(cron) root $(table_exists_cmd) && $(backup_cmd)
"; ";
} }
bundle agent create_mysql_db(cfg) bundle agent create_mysql_db(cfg)
{ {
classes: classes:
"type_$(mysql.type)" ; "type_$(mysql.type)" ;
# "do_restore" expression => isvariable("cfg[restore]"); # "do_restore" expression => isvariable("cfg[restore]");
"do_restore" expression => strcmp("$(cfg[db_restore])","true"); "do_restore" expression => strcmp("$(cfg[db_restore])","true");
"do_backup" expression => strcmp("$(cfg[db_backup])","true"); "do_backup" expression => strcmp("$(cfg[db_backup])","true");
vars: vars:
"db_name" string => "$(cfg[db_name])"; "db_name" string => "$(cfg[db_name])";
"db_user" string => "$(cfg[db_user])"; "db_user" string => "$(cfg[db_user])";
"host" string => "$(cfg[db_user_host])"; "host" string => "$(cfg[db_user_host])";
"db_pass" string => "$(cfg[db_pass])"; "db_pass" string => "$(cfg[db_pass])";
"args" string => "pnunf"; "args" string => "pnunf";
type_mariadb:: type_mariadb::
"args" string => "-e \"CREATE DATABASE IF NOT EXISTS $(db_name); GRANT ALL PRIVILEGES ON $(db_name).* TO '$(db_user)'@'$(host)' IDENTIFIED BY '$(db_pass)'; \" "; "args" string => "-e \"CREATE DATABASE IF NOT EXISTS $(db_name); GRANT ALL PRIVILEGES ON $(db_name).* TO '$(db_user)'@'$(host)' IDENTIFIED BY '$(db_pass)'; \" ";
type_mysql8:: type_mysql8::
"args" string => "-e \"CREATE DATABASE IF NOT EXISTS $(db_name); CREATE USER IF NOT EXISTS '$(db_user)'@'$(host)'; ALTER USER '$(db_user)'@'$(host)' IDENTIFIED BY '$(db_pass)'; GRANT RELOAD ON *.* to '$(db_user)'@'$(host)'; GRANT ALL PRIVILEGES ON $(db_name).* TO '$(db_user)'@'$(host)';\" "; "args" string => "-e \"CREATE DATABASE IF NOT EXISTS $(db_name); CREATE USER IF NOT EXISTS '$(db_user)'@'$(host)'; ALTER USER '$(db_user)'@'$(host)' IDENTIFIED BY '$(db_pass)'; GRANT RELOAD ON *.* to '$(db_user)'@'$(host)'; GRANT ALL PRIVILEGES ON $(db_name).* TO '$(db_user)'@'$(host)';\" ";
methods: methods:
do_restore:: do_restore::
@ -408,19 +362,15 @@ methods:
!do_backup:: !do_backup::
"any" usebundle => create_mysqldump_cron(@(cfg),"$(mysql.cfg[backup_dir])/$(cfg[db_name])-dmp.sql","false"); "any" usebundle => create_mysqldump_cron(@(cfg),"$(mysql.cfg[backup_dir])/$(cfg[db_name])-dmp.sql","false");
commands: commands:
"$(mysql.mysql_cmd)"
"$(mysql.mysql_cmd)" args => "$(args)",
args => "$(args)", handle => "mysql_$(cfg[db_name])_created",
handle => "mysql_$(cfg[db_name])_created", inform => "false";
inform => "false";
reports: reports:
} }
bundle agent restore_mysql_db(cfg,file) bundle agent restore_mysql_db(cfg,file)
{ {
commands: commands:
@ -429,7 +379,6 @@ commands:
contain => wmde_cmd_useshell; contain => wmde_cmd_useshell;
} }
bundle agent restore_mysql_db_conditional(cfg,file) bundle agent restore_mysql_db_conditional(cfg,file)
{ {
classes: classes:
@ -439,7 +388,6 @@ vars:
methods: methods:
"any" usebundle => mysql_table_exists(@(cfg),"$(cfg[db_check_table])"), "any" usebundle => mysql_table_exists(@(cfg),"$(cfg[db_check_table])"),
handle=>"$(table_exists)_checked"; handle=>"$(table_exists)_checked";
"!$(table_exists)&backup_exists":: "!$(table_exists)&backup_exists"::
"any" usebundle => restore_mysql_db(@(cfg),"$(file)"), "any" usebundle => restore_mysql_db(@(cfg),"$(file)"),
depends_on=>{"$(table_exists)_checked"}; depends_on=>{"$(table_exists)_checked"};
@ -448,6 +396,4 @@ reports:
# "DB DOES NOT EXISTS"; # "DB DOES NOT EXISTS";
#"$(table_exists)&backup_exists":: #"$(table_exists)&backup_exists"::
# "DB DOES EXISTS"; # "DB DOES EXISTS";
} }

51
nano.cf Normal file
View File

@ -0,0 +1,51 @@
#
# Installs nano
#
bundle agent install_nano
{
vars:
freebsd::
"nanorc" string => "/usr/local/etc/nanorc";
"nano_conf_d" string => "/usr/local/share/nano";
"pkg" string => "nano";
debian::
"nanorc" string => "/etc/nanorc";
"nano_conf_d" string => "/usr/share/nano";
"pkg" string => "nano";
centos|fedora::
"nanorc" string => "/etc/nanorc";
"nano_conf_d" string => "/usr/share/nano";
"pkg" string => "nano";
packages:
freebsd::
"$(pkg)"
policy => "present",
package_module => pkg;
debian::
"$(pkg)"
policy => "present",
package_module => apt_get;
fedora|centos::
"$(pkg)"
policy => "present",
package_module => yum;
files:
"$(nanorc)"
create => "true",
edit_template => "$(sys.workdir)/inputs/$(def.wmde_libdir)/templates/nanorc.mustache",
template_method => "mustache",
template_data => parsejson('
{
"nano_conf_d": "$(nano_conf_d)"
}
');
reports:
}

158
nginx.cf
View File

@ -5,7 +5,7 @@ bundle agent nginx
vars: vars:
"pkgs" slist => { "pkgs" slist => {
"nginx", "nginx",
}; };
centos:: centos::
"www_dir" string => "/usr/share/nginx",unless => isvariable( $(this.promiser) ) ; "www_dir" string => "/usr/share/nginx",unless => isvariable( $(this.promiser) ) ;
"www_user" string => "nginx"; "www_user" string => "nginx";
@ -26,19 +26,15 @@ freebsd::
"restart_cmd" string => "/usr/sbin/service $(service_name) restart"; "restart_cmd" string => "/usr/sbin/service $(service_name) restart";
any:: any::
"service_deps" slist => { "service_deps" slist => {
"nginx_pkgs_installed", "nginx_pkgs_installed",
"nginx_www_dir_created", "nginx_www_dir_created",
}; };
any:: any::
"default_html_dir" string => "$(www_dir)/html"; "default_html_dir" string => "$(www_dir)/html";
} }
bundle agent install_nginx bundle agent install_nginx
{ {
methods: methods:
@ -46,16 +42,16 @@ methods:
files: files:
"$(nginx.www_dir)/." "$(nginx.www_dir)/."
create=>"true", create=>"true",
perms => m("755"), perms => m("755"),
depends_on => { "nginx_pkgs_installed" }, depends_on => { "nginx_pkgs_installed" },
handle => "nginx_www_dir_created"; handle => "nginx_www_dir_created";
"$(nginx.default_html_dir)/." "$(nginx.default_html_dir)/."
create=>"true", create=>"true",
perms => uperm("$(nginx.www_user)","$(nginx.www_group)","755"), perms => uperm("$(nginx.www_user)","$(nginx.www_group)","755"),
depends_on => {"nginx_www_dir_created"}, depends_on => {"nginx_www_dir_created"},
handle=>"nginx_default_html_dir_created"; handle=>"nginx_default_html_dir_created";
files: files:
@ -64,7 +60,6 @@ files:
handle => "nginx_work_dir_created"; handle => "nginx_work_dir_created";
methods: methods:
"any" usebundle => wmde_enable_service("nginx"); "any" usebundle => wmde_enable_service("nginx");
"any" usebundle => wmde_service("$(nginx.service_name)","nginx_kept","nginx_repaired"), "any" usebundle => wmde_service("$(nginx.service_name)","nginx_kept","nginx_repaired"),
depends_on => @(nginx.service_deps) ; depends_on => @(nginx.service_deps) ;
@ -73,31 +68,23 @@ methods:
commands: commands:
"/bin/sh" "/bin/sh"
args => "$(sys.workdir)/inputs/$(def.wmde_libdir)/scripts/del-files-not-in-list.sh $(nginx.vhost_cfg_dir) $(sys.workdir)/data/agent/nginx/domains.txt && echo dummy.conf > $(sys.workdir)/data/agent/nginx/domains.txt", args => "$(sys.workdir)/inputs/$(def.wmde_libdir)/scripts/del-files-not-in-list.sh $(nginx.vhost_cfg_dir) $(sys.workdir)/data/agent/nginx/domains.txt && echo dummy.conf > $(sys.workdir)/data/agent/nginx/domains.txt",
inform => "false", inform => "false",
handle => "nginx_vhost_dir_cleaned", handle => "nginx_vhost_dir_cleaned",
# depends_on => {"nginx_dummy_conf_created"}, # depends_on => {"nginx_dummy_conf_created"},
contain => wmde_cmd_useshell; contain => wmde_cmd_useshell;
} }
bundle agent nginx_vhost(site_param)
bundle agent nginx_vhost
(site_param)
{ {
classes: classes:
"delete" expression => $(site[disable]); "delete" expression => $(site[disable]);
"use_ssl" expression => $(site[ssl]); "use_ssl" expression => $(site[ssl]);
"use_certbot" expression => strcmp("certbot","$(site[ssl_cert])"); "use_certbot" expression => strcmp("certbot","$(site[ssl_cert])");
"use_lego" expression => strcmp("lego","$(site[ssl_cert])");
"do_logrotate" expression => $(site[logrotate]); "do_logrotate" expression => $(site[logrotate]);
vars: vars:
# "email":$(nginx.admin_email),
"site_defaults" data => ' "site_defaults" data => '
{ {
"aliases":[], "aliases":[],
@ -107,17 +94,14 @@ vars:
"logging80":true, "logging80":true,
"logging443":true, "logging443":true,
"logrotate":false, "logrotate":false,
"listen":"*:80",
"sslraw":""
} }
'; ';
"site" data => mergedata(site_defaults,site_param); "site" data => mergedata(site_defaults,site_param);
"cert_file" string => "$(certbot.certbot_dir)/live/$(site[domain])"; "cert_file" string => "$(certbot.certbot_dir)/live/$(site[domain])";
"template_file" "template_file" string => "$(sys.workdir)/inputs/$(def.wmde_libdir)/templates/nginx-vhost.conf.mustache";
string =>
"$(sys.workdir)/inputs/$(def.wmde_libdir)/templates/nginx-vhost.conf.mustache";
"domain_file" string => "$(nginx.vhost_cfg_dir)/$(site[domain]).conf"; "domain_file" string => "$(nginx.vhost_cfg_dir)/$(site[domain]).conf";
"domain_dir" string => "$(nginx.www_dir)/$(site[domain])"; "domain_dir" string => "$(nginx.www_dir)/$(site[domain])";
@ -129,12 +113,20 @@ vars:
"$(certbot.certbot_dir)/live/$(site[domain])/privkey.pem", "$(certbot.certbot_dir)/live/$(site[domain])/privkey.pem",
"$(site[ssl_key])"); "$(site[ssl_key])");
use_ssl&(use_certbot):: use_lego::
"ssl_cert" string => "$(lego.data_dir)/certificates/$(site[domain]).crt";
"ssl_key" string => "$(lego.data_dir)/certificates/$(site[domain]).key";
use_ssl&(use_certbot|use_lego)::
"vhostdeps" slist => { "vhostdeps" slist => {
"nginx_ssl_created$(site[domain])", "nginx_ssl_created$(site[domain])",
"nginx_vhost_dir_cleaned" "nginx_vhost_dir_cleaned"
}; };
(!use_ssl)|(!use_certbot)::
(!use_ssl)|(!use_certbot)|(!use_lego)::
"vhostdeps" slist => { "vhostdeps" slist => {
"nginx_vhost_dir_cleaned" "nginx_vhost_dir_cleaned"
}; };
@ -142,18 +134,18 @@ vars:
delete:: delete::
"$(domain_file)" "$(domain_file)"
delete => tidy, delete => tidy,
classes => if_repaired(nginx_restart); classes => if_repaired(nginx_restart);
!delete:: !delete::
"$(domain_file)" "$(domain_file)"
perms => uperm("$(nginx.www_user)","$(nginx.www_group)","644"), perms => uperm("$(nginx.www_user)","$(nginx.www_group)","644"),
create => "true", create => "true",
edit_template => "$(template_file)", edit_template => "$(template_file)",
template_method => "mustache", template_method => "mustache",
handle => "vhost_cfg_done$(site[domain])", handle => "vhost_cfg_done$(site[domain])",
depends_on => @(vhostdeps), depends_on => @(vhostdeps),
classes => if_repaired("nginx_vhost_restart"); classes => results("bundle","domain_config");
"$(domain_dir)/." "$(domain_dir)/."
create => "true", create => "true",
@ -164,19 +156,30 @@ methods:
"any" usebundle => certbot_cert(@(site),"$(nginx.default_html_dir)"), #,"$(site[domain])"), "any" usebundle => certbot_cert(@(site),"$(nginx.default_html_dir)"), #,"$(site[domain])"),
handle => "nginx_ssl_created$(site[domain])"; handle => "nginx_ssl_created$(site[domain])";
"nginx_vhost_restart":: "any" usebundle => nginx_restart_service("$(nginx.service_name)","$(site[domain])"),
"any" usebundle => wmde_restart_service("$(nginx.service_name)","$(site[domain])"), if => "domain_config_repaired",
depends_on => { depends_on => {
"vhost_cfg_done$(site[domain])", "vhost_cfg_done$(site[domain])",
"nginx_ssl_created$(site[domain])" }; "nginx_ssl_created$(site[domain])"
};
use_ssl&use_lego::
"any" usebundle => lego_dns_cert(@(site)), #,"$(site[domain])"),
handle => "nginx_ssl_created$(site[domain])";
"any" usebundle => nginx_restart_service("$(nginx.service_name)","$(site[domain])"),
if => "domain_config_repaired",
depends_on => {
"vhost_cfg_done$(site[domain])",
"nginx_ssl_created$(site[domain])"
};
(!use_ssl)|(!use_certbot)::
"nginx_vhost_restart"::
"any" usebundle => wmde_restart_service("$(nginx.service_name)","$(site[domain])"),
depends_on => {"vhost_cfg_done$(site[domain])" };
# "any" usebundle => install_logrot; ((!use_ssl)|(!use_certbot))::
"any" usebundle => nginx_restart_service("$(nginx.service_name)","$(site[domain])"),
if => "domain_config_repaired",
depends_on => {"vhost_cfg_done$(site[domain])" };
files: files:
# do_logrotate:: # do_logrotate::
@ -187,17 +190,16 @@ files:
# template_method => "mustache"; # template_method => "mustache";
commands: commands:
"echo" "echo"
args => "$(site[domain]).conf >> $(sys.workdir)/data/agent/nginx/domains.txt", args => "$(site[domain]).conf >> $(sys.workdir)/data/agent/nginx/domains.txt",
inform => "false", inform => "false",
depends_on => {"vhost_cfg_done$(site[domain])"}, depends_on => {"vhost_cfg_done$(site[domain])"},
contain => wmde_cmd_useshell; contain => wmde_cmd_useshell;
reports: reports:
# "SITE: $(site[domain]): $(site[logrotate])"; # "SITE: $(site[domain]): $(site[logrotate])";
# "SF: @(site)"; # "SF: @(site)";
# "DF $(domain_file)"; # "DF $(domain_file)";
@ -211,23 +213,37 @@ reports:
# "LOGOROOTATE FOR $(site[domain]): FALSE"; # "LOGOROOTATE FOR $(site[domain]): FALSE";
# do_logrotate:: # do_logrotate::
# "LOGOROOTATE FOR $(site[domain]): TRUE"; # "LOGOROOTATE FOR $(site[domain]): TRUE";
} }
bundle agent nginx_restart_service(service_name,domain)
{
classes:
"nginx_must_restart" scope=> "namespace";
commands:
"/usr/sbin/nginx -t" handle => "nginx_syntax_ok_$(domain)";
methods:
!nginx_do_not_restart::
"any" usebundle => wmde_restart_service($(service_name),$(domain)),
depends_on => {"nginx_syntax_ok_$(domain)"};
reports:
# "RESTART NGINX" depends_on => {"nginx_syntax_ok_$(domain)"};
# nginx_do_not_restart::
# "RESTART IS DISABLED";
}
bundle agent nginx_vhosts(sites) bundle agent nginx_vhosts(sites)
{ {
vars: vars:
"idx" slist => getindices(@(sites)); "idx" slist => getindices(@(sites));
methods: methods:
"any" usebundle => nginx_vhost(@(sites[$(idx)])); "$(idx)" usebundle => nginx_vhost(@(sites[$(idx)]));
reports: reports:
} }

2
php.cf
View File

@ -13,8 +13,6 @@ vars:
"version" string => ""; "version" string => "";
freebsd::
freebsd:: freebsd::
"pkgs" slist => { "pkgs" slist => {
"php$(php.bsdvs)-session", "php$(php.bsdvs)-session",

2
postfix.cf
View File

@ -145,7 +145,7 @@ files:
perms => m("644"), perms => m("644"),
classes => if_repaired(postfix_repaired), classes => if_repaired(postfix_repaired),
# content => "$(master_cf_content)"; # content => "$(master_cf_content)";
content => regex_replace("$(master_cf_content)", "\\\\dollar", "$", "g"); content => regex_replace("$(master_cf_content)", "\\\\dollar", "$$", "g");
# "$(postfix.master_cf)" # "$(postfix.master_cf)"
# create => "true", # create => "true",

62
python.cf Normal file
View File

@ -0,0 +1,62 @@
#
bundle agent python39
{
vars:
debian::
"exe" string => "/usr/local/bin/python3.9";
centos::
"pkgs" slist => {"python3.9"};
"exe" string => "/usr/bin/python3.9";
}
bundle agent install_python39
{
methods:
# "any" usebundle => wmde_install_packages($(python39.pkgs),"python39");
}
bundle agent pip3
{
vars:
debian::
"pkgs" slist => {
# "python3-pip",
# "python3-venv"
};
"exe" string => "/usr/local/bin/pip3.9";
freebsd::
"pkgs" slist => {
"py39-pip"
};
"exe" string => "/usr/local/bin/pip3";
}
bundle agent install_pip3
{
methods:
"any" usebundle => wmde_install_packages(@(pip3.pkgs),"pip3"),
handle=>"pip3_installed";
}
bundle agent python_venv(name,user)
{
classes:
"venv_exists" expression => fileexists("$(name)");
methods:
"any" usebundle => install_pip3;
commands:
!venv_exists::
"su $(user) -c '$(python39.exe) -m venv $(name)'"
contain => wmde_cmd_useshell,
depends_on => {"pip3_installed"};
}

104
roundcube.cf
View File

@ -59,9 +59,9 @@ methods:
# classes => if_repaired ("roundcube_untar"); # classes => if_repaired ("roundcube_untar");
# "$(dlfile)" # "$(dlfile)"
# copy_from => remote_dcp("$(def.hub_public_dir)/$(cfg[src_tgz])","$(sys.policy_hub)"), # copy_from => remote_dcp("$(def.hub_public_dir)/$(cfg[src_tgz])","$(sys.policy_hub)"),
# perms => m(644); # perms => m(644);
files: files:
"$(cfg[install_dir])/public" "$(cfg[install_dir])/public"
@ -151,17 +151,17 @@ methods:
bundle edit_line roundcube_values(tab, sectionName) bundle edit_line roundcube_values(tab, sectionName)
{ {
vars: vars:
"index" slist => getindices("$(tab)[$(sectionName)]"); "index" slist => getindices("$(tab)[$(sectionName)]");
# Be careful if the index string contains funny chars # Be careful if the index string contains funny chars
"cindex[$(index)]" string => canonify("$(index)"); "cindex[$(index)]" string => canonify("$(index)");
classes: classes:
"edit_$(cindex[$(index)])" not => strcmp("$($(tab)[$(sectionName)][$(index)])","dontchange"), "edit_$(cindex[$(index)])" not => strcmp("$($(tab)[$(sectionName)][$(index)])","dontchange"),
comment => "Create conditions to make changes"; comment => "Create conditions to make changes";
field_edits: field_edits:
# If the line is there, but commented out, first uncomment it # If the line is there, but commented out, first uncomment it
# "#+\s*$(index)\s*=.*" # "#+\s*$(index)\s*=.*"
@ -170,23 +170,23 @@ bundle edit_line roundcube_values(tab, sectionName)
# if => "edit_$(cindex[$(index)])"; # if => "edit_$(cindex[$(index)])";
# match a line starting like the key something # match a line starting like the key something
"\s*$(index)\s*=.*" "\s*$(index)\s*=.*"
edit_field => col("\s*=\s*","2","$($(tab)[$(sectionName)][$(index)])","set"), edit_field => col("\s*=\s*","2","$($(tab)[$(sectionName)][$(index)])","set"),
select_region => INI_section(escape("$(sectionName)")), select_region => INI_section(escape("$(sectionName)")),
classes => results("bundle", "set_variable_values_ini_not_$(cindex[$(index)])"), classes => results("bundle", "set_variable_values_ini_not_$(cindex[$(index)])"),
if => "edit_$(cindex[$(index)])"; if => "edit_$(cindex[$(index)])";
delete_lines: delete_lines:
"!include.*"; "!include.*";
insert_lines: insert_lines:
"[$(sectionName)]" "[$(sectionName)]"
location => start, location => start,
comment => "Insert lines"; comment => "Insert lines";
"$(index)=$($(tab)[$(sectionName)][$(index)])" "$(index)=$($(tab)[$(sectionName)][$(index)])"
select_region => INI_section(escape("$(sectionName)")), select_region => INI_section(escape("$(sectionName)")),
if => "!(set_variable_values_ini_not_$(cindex[$(index)])_kept|set_variable_values_ini_not_$(cindex[$(index)])_repaired).edit_$(cindex[$(index)])"; if => "!(set_variable_values_ini_not_$(cindex[$(index)])_kept|set_variable_values_ini_not_$(cindex[$(index)])_repaired).edit_$(cindex[$(index)])";
} }
@ -194,10 +194,10 @@ bundle edit_line roundcube_values(tab, sectionName)
bundle edit_line rc_line_based(v) bundle edit_line rc_line_based(v)
{ {
vars: vars:
"i" slist => getindices("$(v)"); "i" slist => getindices("$(v)");
# Escape the value (had a problem with special characters and regex's) # Escape the value (had a problem with special characters and regex's)
"ev[$(i)]" string => escape("$($(v)[$(i)])"); "ev[$(i)]" string => escape("$($(v)[$(i)])");
vars: vars:
"exx" string => "^\s*\$config\s*\['$(i)'\s*]\s*=\s*(?!33).*$"; "exx" string => "^\s*\$config\s*\['$(i)'\s*]\s*=\s*(?!33).*$";
@ -207,33 +207,33 @@ vars:
replace_patterns: replace_patterns:
# "^\s*\$config\s*\['$(i)'\s*]\s*=\s*(?!$($(v)[$(i)]);$).*" # "^\s*\$config\s*\['$(i)'\s*]\s*=\s*(?!$($(v)[$(i)]);$).*"
"^\s*\$config\s*\['$(i)'\s*]\s*=\s*(?!$(ev[$(i)]);$).*" "^\s*\$config\s*\['$(i)'\s*]\s*=\s*(?!$(ev[$(i)]);$).*"
comment => "Correct the value '$(i)'", comment => "Correct the value '$(i)'",
#replace_with => value("$config['$(i)']=$($(v)[$(i)])"), #replace_with => value("$config['$(i)']=$($(v)[$(i)])"),
replace_with => value("$config['$(i)']=$($(v)[$(i)]);"), replace_with => value("$config['$(i)']=$($(v)[$(i)]);"),
classes => results("bundle", "replace_attempted_$(i)"); classes => results("bundle", "replace_attempted_$(i)");
reports: reports:
"THE V: $(thev)"; # "THE V: $(thev)";
insert_lines: insert_lines:
# If the line doesn't exist, or there is more than one occurrence # If the line doesn't exist, or there is more than one occurrence
# of the LHS commented out, insert a new line and try to place it # of the LHS commented out, insert a new line and try to place it
# after the commented LHS (keep new line with old comments) # after the commented LHS (keep new line with old comments)
# "$(i)$(sep)$($(v)[$(i)])" # "$(i)$(sep)$($(v)[$(i)])"
# comment => "Insert the value, marker '$(i)' exists", # comment => "Insert the value, marker '$(i)' exists",
# location => after("^$(cp)($(i)$(bp).*|$(i))$"), # location => after("^$(cp)($(i)$(bp).*|$(i))$"),
# if => "replace_attempted_$(ci[$(i)])_reached.multiple_comments_$(ci[$(i)])"; # if => "replace_attempted_$(ci[$(i)])_reached.multiple_comments_$(ci[$(i)])";
# If the line doesn't exist and there are no occurrences # If the line doesn't exist and there are no occurrences
# of the LHS commented out, insert a new line at the eof # of the LHS commented out, insert a new line at the eof
# "$(i)$(sep)$($(v)[$(i)])" # "$(i)$(sep)$($(v)[$(i)])"
# comment => "Insert the value, marker '$(i)' doesn't exist", # comment => "Insert the value, marker '$(i)' doesn't exist",
# if => "replace_attempted_$(ci[$(i)])_reached.!multiple_comments_$(ci[$(i)]).!exists_$(ci[$(i)])"; # if => "replace_attempted_$(ci[$(i)])_reached.!multiple_comments_$(ci[$(i)]).!exists_$(ci[$(i)])";
reports: reports:
verbose_mode|EXTRA:: verbose_mode|EXTRA::
"$(this.bundle): Line for '$(i)' exists" if => "exists_$(ci[$(i)])"; "$(this.bundle): Line for '$(i)' exists" if => "exists_$(ci[$(i)])";
"$(this.bundle): Line for '$(i)' does not exist" if => "!exists_$(ci[$(i)])"; "$(this.bundle): Line for '$(i)' does not exist" if => "!exists_$(ci[$(i)])";
} }
@ -356,10 +356,10 @@ files:
depends_on => {"roundcube_password_recover_config_created"}; depends_on => {"roundcube_password_recover_config_created"};
reports: reports:
run_git:: # run_git::
"Run git"; # "Run git";
!run_git:: # !run_git::
"Dont run git"; # "Dont run git";
} }

0
scripts/install-php-repo.sh → scripts/install-apt-repo.sh
View File

2
scripts/lxc-hooks.sh Normal file
View File

@ -0,0 +1,2 @@
#!/usr/bin/env bash
printf "Tut nix im Moment"

2
scripts/postgres-create-db.sh Normal file
View File

@ -0,0 +1,2 @@
echo "SELECT 'CREATE DATABASE ${2}' WHERE NOT EXISTS (SELECT FROM pg_database WHERE datname = '${2}')\gexec" | ${1}

71
templates/config.inc.php Normal file
View File

@ -0,0 +1,71 @@
<?php
// Database connection string and table name with user passwords
$config['pr_db_dsn'] = 'mysql://vimbadmin:vimbdb-secret@10.0.25.10/vimbadmin';
$config['pr_users_table'] = 'mailbox';
// Array with names for ext_fields in 'pr_users_table': [name_for_plugin => name_in_db]
// When using the postfix database 'mailbox' table, you must add two columns to this table: 'question' and 'answer'
// If the plugin does not find the columns it needs in the database, they will be created automatically
$config['pr_fields'] = [ 'altemail' => 'alt_email' ];
# 'phone' => 'phone', 'question' => 'question', 'answer' => 'answer',
// Admin email (this account will receive alerts when an user does not have an alternative email and phone)
$config['pr_admin_email'] = 'postmaster@your.domain.com';
// Address to be indicated as reply-to in mail notifications
$config['pr_replyto_email'] = 'postmaster@your.domain.com';
// Use secret question/answer to confirmation password recovery
$config['pr_use_question'] = false;
// Use message with code to confirmation password recovery
$config['pr_use_confirm_code'] = true;
// Confirmation code length
$config['pr_confirm_code_length'] = 6;
// Maximum number of attempts to send confirmation code
$config['pr_confirm_code_count_max'] = 3;
// Confirmation code duration (in minutes)
$config['pr_confirm_code_validity_time'] = 30;
// Use the Password plugin to save a new password
$config['pr_use_password_plugin'] = true;
// Minimum length of new password
// !!! Note: needed if not used Password plugin)
$config['pr_password_minimum_length'] = 8;
// Require the new password to have at least the specified strength score.
// Password strength is scored from 1 (weak) to 5 (strong).
// !!! Note: needed if not used Password plugin)
$config['pr_password_minimum_score'] = 1;
// SMTP settings
// $config['pr_default_smtp_server'] = 'tls://your.domain.com';
// $config['pr_default_smtp_user'] = 'no-reply@your.domain.com';
// $config['pr_default_smtp_pass'] = 'YOUR_SMTP_USER_PASSWORD';
$config['pr_default_smtp_server'] = 'localhost:25';
$config['pr_default_smtp_user'] = '';
$config['pr_default_smtp_pass'] = '';
// Full path to SMS send function
// This function must accept 2 parameters: phone number and message,
// and return true on success or false on failure
//
// Example of send SMS function using Clickatell HTTP API - see /lib/send.php
//
$config['pr_sms_send_function'] = dirname(__FILE__) . '/bin/sendsms.sh';
// Enables logging of password changes into /logs/password.log
$config['pr_password_log'] = true;
// Set to TRUE if you need write debug messages into /log/console.log
$config['pr_debug'] = false;
?>

2
templates/dovecot-local.conf.mustache Normal file
View File

@ -0,0 +1,2 @@
protocols =

30
templates/lxc_host/debian.lxc-net.mustache Normal file
View File

@ -0,0 +1,30 @@
# Leave USE_LXC_BRIDGE as "true" if you want to use lxcbr0 for your
# containers. Set to "false" if you'll use virbr0 or another existing
# bridge, or mavlan to your host's NIC.
USE_LXC_BRIDGE="true"
# If you change the LXC_BRIDGE to something other than lxcbr0, then
# you will also need to update your /etc/lxc/default.conf as well as the
# configuration (/var/lib/lxc/<container>/config) for any containers
# already created using the default config to reflect the new bridge
# name.
# If you have the dnsmasq daemon installed, you'll also have to update
# /etc/dnsmasq.d/lxc and restart the system wide dnsmasq daemon.
LXC_BRIDGE="{{ bridge }}"
LXC_ADDR="{{ addr }}"
LXC_NETMASK="{{ netmask }}"
LXC_NETWORK="{{ network }}"
LXC_DHCP_RANGE="{{ dhcp_range }}"
LXC_DHCP_MAX="{{ dhcp_max }}"
# Uncomment the next line if you'd like to use a conf-file for the lxcbr0
# dnsmasq. For instance, you can use 'dhcp-host=mail1,10.0.3.100' to have
# container 'mail1' always get ip address 10.0.3.100.
LXC_DHCP_CONFILE=/etc/lxc/dnsmasq.conf
# Uncomment the next line if you want lxcbr0's dnsmasq to resolve the .lxc
# domain. You can then add "server=/lxc/10.0.3.1' (or your actual $LXC_ADDR)
# to your system dnsmasq configuration file (normally /etc/dnsmasq.conf,
# or /etc/NetworkManager/dnsmasq.d/lxc.conf on systems that use NetworkManager).
# Once these changes are made, restart the lxc-net and network-manager services.
# 'container1.lxc' will then resolve on your host.
LXC_DOMAIN="lxc"

15
templates/lxc_host/default.conf.mustache Normal file
View File

@ -0,0 +1,15 @@
lxc.net.0.type = veth
lxc.net.0.link = {{ bridge }}
lxc.net.0.flags = up
{{! 'thirdoctet' string => format( "%02x", nth( splitstring( $(cfg[addr]), '\.', 4 ), 2 ) ); }}
lxc.net.0.hwaddr = 00:16:3e:{{ thirdoctet }}:xx:xx
lxc.net.0.script.up = /usr/local/bin/lxc-hooks
lxc.net.0.script.down = /usr/local/bin/lxc-hooks
#lxc.apparmor.profile=unconfined
lxc.apparmor.profile = generated
lxc.apparmor.allow_nesting = 1
lxc.hook.version = 1
lxc.hook.pre-start = /usr/local/bin/lxc-hooks

1
templates/lxc_host/dnsmasq.conf Normal file
View File

@ -0,0 +1 @@
dhcp-hostsdir=/etc/lxc/hosts.d

328
templates/nanorc.mustache Normal file
View File

@ -0,0 +1,328 @@
set tabsize 4
## Sample initialization file for GNU nano.
##
## For the options that take parameters, the default value is shown.
## Other options are unset by default. To make sure that an option
## is disabled, you can use "unset <option>".
##
## Characters that are special in a shell should not be escaped here.
## Inside string parameters, quotes should not be escaped -- the last
## double quote on the line will be seen as the closing quote.
## Make 'nextword' (Ctrl+Right) and 'chopwordright' (Ctrl+Delete)
## stop at word ends instead of at beginnings.
# set afterends
## When soft line wrapping is enabled, make it wrap lines at blanks
## (tabs and spaces) instead of always at the edge of the screen.
# set atblanks
## Automatically indent a newly created line to the same number of
## tabs and/or spaces as the preceding line -- or as the next line
## if the preceding line is the beginning of a paragraph.
set autoindent
## Back up files to the current filename plus a tilde.
# set backup
## The directory to put unique backup files in.
# set backupdir ""
## Use bold text instead of reverse video text.
# set boldtext
## Treat any line with leading whitespace as the beginning of a paragraph.
# set bookstyle
## The characters treated as closing brackets when justifying paragraphs.
## This may not include any blank characters. Only closing punctuation,
## optionally followed by these closing brackets, can end sentences.
# set brackets ""')>]}"
## Automatically hard-wrap the current line when it becomes overlong.
# set breaklonglines
## Do case-sensitive searches by default.
# set casesensitive
## Constantly display the cursor position in the status bar or minibar.
# set constantshow
## Use cut-from-cursor-to-end-of-line by default.
# set cutfromcursor
## Do not use the line below the title bar, leaving it entirely blank.
# set emptyline
## Set the target width for automatic hard-wrapping and for justifying
## paragraphs. If the specified value is 0 or less, the wrapping point
## will be the terminal's width minus this number.
# set fill -8
## Draw a vertical stripe at the given column, to help judge text width.
## (This option does not have a default value.)
# set guidestripe 75
## Remember the used search/replace strings for the next session.
set historylog
## Display a "scrollbar" on the righthand side of the edit window.
# set indicator
## Scroll the buffer contents per half-screen instead of per line.
# set jumpyscrolling
## Display line numbers to the left (and any anchors in the margin).
# set linenumbers
## Enable vim-style lock-files. This is just to let a vim user know you
## are editing a file [s]he is trying to edit and vice versa. There are
## no plans to implement vim-style undo state in these files.
set locking
## Fall back to slow libmagic to try and determine an applicable syntax.
# set magic
## The opening and closing brackets that are found by a matching-bracket
## search. This may not contain blank characters. The opening brackets
## must come before the closing ones, and they must be in the same order.
# set matchbrackets "(<[{)>]}"
## Suppress the title bar and show the filename plus a cursor-position
## percentage in the space of the status bar.
# set minibar
## Enable mouse support, if available for your system. When enabled,
## mouse clicks can be used to place the cursor, set the mark (with a
## double click), and execute shortcuts. The mouse will work in the
## X Window System, and on the console when gpm is running.
set mouse
## Switch on multiple file buffers (inserting a file will put it into
## a separate buffer).
set multibuffer
## Don't convert files from DOS/Mac format.
# set noconvert
## Don't display the helpful shortcut lists at the bottom of the screen.
# set nohelp
## Don't automatically add a newline when a file does not end with one.
# set nonewlines
## Set operating directory. nano will not read or write files outside
## this directory and its subdirectories. Also, the current directory
## is changed to here, so any files are inserted from this dir. A blank
## string means the operating-directory feature is turned off.
# set operatingdir ""
## Remember the cursor position in each file for the next editing session.
set positionlog
## Preserve the XON and XOFF keys (^Q and ^S).
# set preserve
## The characters treated as closing punctuation when justifying paragraphs.
## This may not contain blank characters. Only these closing punctuations,
## optionally followed by closing brackets, can end sentences.
# set punct "!.?"
## Make status-bar messages disappear after 1 keystroke instead of after 20.
# set quickblank
## The regular expression that matches quoting characters in email
## or line-comment introducers in source code. The default is:
# set quotestr "^([ ]*([!#%:;>|}]|//))+"
## Try to work around a mismatching terminfo terminal description.
# set rawsequences
## Fix Backspace/Delete confusion problem.
# set rebinddelete
## Do regular-expression searches by default.
## Regular expressions are of the extended type (ERE).
# set regexp
## Save a changed buffer automatically on exit; don't prompt.
# set saveonexit
## (The old form of this option, 'set tempfile', is deprecated.)
## Put the cursor on the highlighted item in the file browser, and
## show the cursor in the help viewer; useful for people who use a
## braille display and people with poor vision.
# set showcursor
## Make the Home key smarter: when Home is pressed anywhere but at the
## very beginning of non-whitespace characters on a line, the cursor
## will jump to that beginning (either forwards or backwards). If the
## cursor is already at that position, it will jump to the true start
## of the line (the left edge).
# set smarthome
## Spread overlong lines over multiple screen lines.
# set softwrap
## Use this spelling checker instead of the internal one. This option
## does not have a default value.
# set speller "aspell -x -c"
## Use the end of the title bar for some state flags: I = auto-indenting,
## M = mark, L = hard-wrapping long lines, R = recording, S = soft-wrapping.
set stateflags
## Use this tab size instead of the default; it must be greater than 0.
set tabsize 4
## Convert each typed tab to the fitting number of spaces.
# set tabstospaces
## Snip whitespace at the end of lines when justifying or hard-wrapping.
# set trimblanks
## Save files by default in Unix format (also when they were DOS or Mac).
# set unix
## The two single-column characters used to display the first characters
## of tabs and spaces. 187 in ISO 8859-1 (0000BB in Unicode) and 183 in
## ISO-8859-1 (0000B7 in Unicode) seem to be good values for these.
## The default when in a UTF-8 locale:
# set whitespace "»·"
## The default otherwise:
# set whitespace ">."
## Detect word boundaries differently by treating punctuation
## characters as parts of words.
# set wordbounds
## The characters (besides alphanumeric ones) that should be considered
## as parts of words. This option does not have a default value. When
## set, it overrides option 'set wordbounds'.
# set wordchars "<_>."
## Let an unmodified Backspace or Delete erase the marked region (instead
## of a single character, and without affecting the cutbuffer).
# set zap
## Hide the bars plus help lines and use the whole terminal as edit area.
# set zero
## Paint the interface elements of nano. These are examples; there are
## no colors by default, except for errorcolor and spotlightcolor.
set titlecolor bold,white,blue
set promptcolor lightwhite,grey
set statuscolor bold,white,green
set errorcolor bold,white,red
set spotlightcolor black,lightyellow
set selectedcolor lightwhite,magenta
set stripecolor ,yellow
set scrollercolor cyan
set numbercolor cyan
set keycolor cyan
set functioncolor green
## In root's .nanorc you might want to use:
set titlecolor bold,white,magenta
set promptcolor black,yellow
set statuscolor bold,white,magenta
set errorcolor bold,white,red
set spotlightcolor black,orange
set selectedcolor lightwhite,cyan
set stripecolor ,yellow
set scrollercolor magenta
set numbercolor magenta
set keycolor lightmagenta
set functioncolor magenta
## === Syntax coloring ===
## For all details, see 'man nanorc', section SYNTAX HIGHLIGHTING.
## To include most of the existing syntax definitions, you can do:
include "{{nano_conf_d}}/*.nanorc"
## Or you can select just the ones you need. For example:
# include "/usr/share/nano/html.nanorc"
# include "/usr/share/nano/python.nanorc"
# include "/usr/share/nano/sh.nanorc"
## In /usr/share/nano/extra/ you can find some syntaxes that are
## specific for certain distros or for some less common languages.
## If <Tab> should always produce four spaces when editing a Python file,
## independent of the settings of 'tabsize' and 'tabstospaces':
# extendsyntax python tabgives " "
## If <Tab> should always produce an actual TAB when editing a Makefile:
# extendsyntax makefile tabgives " "
## === Key bindings ===
## For all details, see 'man nanorc', section REBINDING KEYS.
## If you want to suspend nano with one keystroke (instead of with ^T^Z):
# bind ^Z suspend main
## The <Ctrl+Delete> keystroke deletes the word to the right of the cursor.
## On some terminals the <Ctrl+Backspace> keystroke produces ^H, which is
## the ASCII character for backspace, so it is bound by default to the
## backspace function. The <Backspace> key itself produces a different
## keycode, which is hard-bound to the backspace function. So, if you
## normally use <Backspace> for backspacing and not ^H, you can make
## <Ctrl+Backspace> delete the word to the left of the cursor with:
# bind ^H chopwordleft main
## For a more mnemonic Comment keystroke (overriding Cut-from-cursor):
# bind M-K comment main
## If you want ^L to just refresh the screen and not center the cursor:
# bind ^L refresh main
## When you sometimes type M-J instead of M-K, or M-T instead of M-R:
# unbind M-J main
# unbind M-T main
## (Those functions are still accessible through ^T^J and ^T^V.)
## For quickly uppercasing or lowercasing the word under the cursor.
## (These effectively do a Ctrl+Right followed by a Shift+Ctrl+Left,
## and then pipe the selected text through a sed command.)
#bind Sh-M-U "^[Oc^[[1;6D^T|sed 's/.*/\U&/'^M" main
#bind Sh-M-L "^[Oc^[[1;6D^T|sed 's/.*/\L&/'^M" main
## If you would like nano to have keybindings that are more "usual",
## such as ^O for Open, ^F for Find, ^H for Help, and ^Q for Quit,
## then uncomment these:
#bind ^X cut main
#bind ^C copy main
#bind ^V paste all
#bind ^Q exit all
#bind ^S savefile main
#bind ^W writeout main
#bind ^O insert main
#set multibuffer
#bind ^H help all
#bind ^H exit help
#bind ^F whereis all
#bind ^G findnext all
#bind ^B wherewas all
#bind ^D findprevious all
#bind ^R replace main
#bind ^Z undo main
#bind ^Y redo main
#unbind ^K main
#unbind ^U all
#unbind ^N main
#unbind ^Y all
#unbind M-J main
#unbind M-T main
#bind ^A mark main
#bind ^P location main
#bind ^T gotoline main
#bind ^T gotodir browser
#bind ^T cutrestoffile execute
#bind ^L linter execute
#bind ^E execute main

37
templates/nginx-vhost.conf.mustache
View File

@ -2,10 +2,9 @@
# Managed by CFEengine # Managed by CFEengine
# #
{{^vars.nginx_vhost.site.ssl}} {{^vars.nginx_vhost.site.ssl}}
server { server {
listen *:80; listen {{vars.nginx_vhost.site.listen}};
server_name {{vars.nginx_vhost.site.domain}} {{#vars.nginx_vhost.site.aliases}}{{.}} {{/vars.nginx_vhost.site.aliases}}; server_name {{vars.nginx_vhost.site.domain}} {{#vars.nginx_vhost.site.aliases}}{{.}} {{/vars.nginx_vhost.site.aliases}};
root {{vars.nginx_vhost.site.doc_root}}; root {{vars.nginx_vhost.site.doc_root}};
@ -17,36 +16,32 @@ server {
} }
{{/vars.nginx_vhost.site.ssl}} {{/vars.nginx_vhost.site.ssl}}
{{#vars.nginx_vhost.site.ssl}} {{#vars.nginx_vhost.site.ssl}}
server { server {
listen *:80; listen *:80;
server_name {{vars.nginx_vhost.site.domain}} {{#vars.nginx_vhost.site.aliases}}{{.}} {{/vars.nginx_vhost.site.aliases}}; server_name {{vars.nginx_vhost.site.domain}} {{#vars.nginx_vhost.site.aliases}}{{.}} {{/vars.nginx_vhost.site.aliases}};
location ^~ /.well-known/acme-challenge/ { location ^~ /.well-known/acme-challenge/ {
alias {{vars.nginx.default_html_dir}}/.well-known/acme-challenge/; alias {{vars.nginx.default_html_dir}}/.well-known/acme-challenge/;
try_files $uri $uri/ =404; try_files $uri $uri/ =404;
} }
access_log /var/log/nginx/{{vars.nginx_vhost.site.domain}}.access.log; access_log /var/log/nginx/{{vars.nginx_vhost.site.domain}}.access.log;
error_log /var/log/nginx/{{vars.nginx_vhost.site.domain}}.error.log; error_log /var/log/nginx/{{vars.nginx_vhost.site.domain}}.error.log;
return 301 https://{{vars.nginx_vhost.site.domain}}$request_uri; return 301 https://$host$request_uri;
} }
server { server {
listen *:443; listen *:443 ssl;
ssl on; ## ssl on;
server_name {{vars.nginx_vhost.site.domain}} {{#vars.nginx_vhost.site.aliases}}{{.}} {{/vars.nginx_vhost.site.aliases}}; server_name {{vars.nginx_vhost.site.domain}} {{#vars.nginx_vhost.site.aliases}}{{.}} {{/vars.nginx_vhost.site.aliases}};
location ^~ /.well-known/acme-challenge/ { location ^~ /.well-known/acme-challenge/ {
alias {{vars.nginx.default_html_dir}}/.well-known/acme-challenge/; alias {{vars.nginx.default_html_dir}}/.well-known/acme-challenge/;
try_files $uri $uri/ =404; try_files $uri $uri/ =404;
} }
ssl_certificate {{vars.nginx_vhost.ssl_cert}}; ssl_certificate {{vars.nginx_vhost.ssl_cert}};
ssl_certificate_key {{vars.nginx_vhost.ssl_key}}; ssl_certificate_key {{vars.nginx_vhost.ssl_key}};
@ -57,11 +52,11 @@ server {
error_log /var/log/nginx/{{vars.nginx_vhost.site.domain}}.error.log; error_log /var/log/nginx/{{vars.nginx_vhost.site.domain}}.error.log;
root {{vars.nginx_vhost.site.doc_root}}; root {{vars.nginx_vhost.site.doc_root}};
{{{vars.nginx_vhost.site.raw}}} {{{vars.nginx_vhost.site.raw}}}
{{{vars.nginx_vhost.site.sslraw}}}
} }
{{/vars.nginx_vhost.site.ssl}} {{/vars.nginx_vhost.site.ssl}}
{{{vars.nginx_vhost.site.xraw}}}

5
templates/postfix/vimbadmin_virtual_alias_maps.cf.mustache Normal file
View File

@ -0,0 +1,5 @@
user = {{db_user}}
password = {{db_password}}
hosts = {{db_host}}
dbname = {{db_name}}
query = SELECT goto FROM alias WHERE address = '%s' AND active = '1'

7
templates/postfix/virtual_domains_maps.cf Normal file
View File

@ -0,0 +1,7 @@
user =
password = password
hosts = 127.0.0.1
dbname = vimbadmin
query = SELECT domain FROM domain WHERE domain = '%s' AND backupmx = '0' AND active = '1'

8
templates/sympa-robot.conf.mustache Normal file
View File

@ -0,0 +1,8 @@
#
# Managed by CFEngine
#
domain {{domain}}
wwsympa_url {{wwsympa_url}}
http_host {{http_host}}

5
vim.cf
View File

@ -4,9 +4,7 @@
bundle agent install_vim bundle agent install_vim
{ {
vars: vars:
freebsd:: freebsd::
"vimrc" string => "/usr/local/etc/vim/vimrc"; "vimrc" string => "/usr/local/etc/vim/vimrc";
"pkg" string => "vim"; "pkg" string => "vim";
@ -17,9 +15,7 @@ vars:
"vimrc" string => "/etc/vim/vimrc"; "vimrc" string => "/etc/vim/vimrc";
"pkg" string => "vim-enhanced"; "pkg" string => "vim-enhanced";
packages: packages:
freebsd:: freebsd::
"$(pkg)" "$(pkg)"
policy => "present", policy => "present",
@ -33,7 +29,6 @@ packages:
policy => "present", policy => "present",
package_module => yum; package_module => yum;
files: files:
"$(vimrc)" "$(vimrc)"
create => "true", create => "true",