raw output with {{{ }}} to prevent html escaping

Uses library functions to install
Added bundle to create cronjob for backups
2023-10-16 09:25:42 +02:00 · 2023-10-16 09:24:52 +02:00 · 2023-10-16 09:24:11 +02:00 · 2023-10-14 15:16:55 +02:00 · 2023-10-14 15:16:27 +02:00 · 2023-10-14 15:16:00 +02:00
8 changed files with 180 additions and 80 deletions
--- a/dovecot.cf
+++ b/dovecot.cf
@ -18,6 +18,9 @@ vars:

 		"imap_key" string => "$(cfg_dir)/private/imap.key";
 		"imap_cert" string => "$(cfg_dir)/private/imap.crt";
+		"submission_key" string => "$(cfg_dir)/private/submission.key";
+		"submission_cert" string => "$(cfg_dir)/private/submission.crt";
+


 		"service_name" string => "dovecot";
@ -37,9 +40,11 @@ methods:
 	"any" usebundle => wmde_service("$(service_name)","dovecot_kept","dovecot_repaired"),
 		depends_on => {
 			"dovecot_pkgs_installed",
+			"dovecot_cfg_created",
 			"dovecot_imap_key_installed",
 			"dovecot_imap_cert_installed",
-			"dovecot_cfg_created"
+			"dovecot_submission_key_installed",
+			"dovecot_submission_cert_installed",
 		};
 services:

@ -71,6 +76,18 @@ files:
 	copy_from => local_dcp( execresult(  "/usr/bin/readlink -qfn $(cfg[imap_key])","noshell" )),
 	perms => mog("600","root","root");

+	"$(submission_cert)" 
+	handle => "dovecot_submission_cert_installed",
+	classes => if_repaired(dovecot_repaired),
+	copy_from => local_dcp( execresult(  "/usr/bin/readlink -qfn $(cfg[submission_cert])","noshell" )),
+	perms => mog("600","root","root");
+
+	"$(submission_key)" 
+	handle => "dovecot_submission_key_installed",
+	classes => if_repaired(dovecot_repaired),
+	copy_from => local_dcp( execresult(  "/usr/bin/readlink -qfn $(cfg[submission_key])","noshell" )),
+	perms => mog("600","root","root");
+

 	

--- a/mysql.cf
+++ b/mysql.cf
@ -2,31 +2,41 @@
 #
 #

-bundle agent mysql
+bundle agent mysql(cfg_param)
 {
 vars:
-	"bind_address" string => "127.0.0.1";
-	"user" string => "mysql";
-	"port" string => "3306";
+	"default_cfg" data => '{
+		"bind_address":"127.0.0.1",
+		"user":"mysql",
+		"port":"3306"
+	}';
+
+	"cfg" data => mergedata(@(default_cfg),@(cfg_param));

 	freebsd::
 #		"pkg"  string => "mariadb106-server";
 		"pkg"  string => "mysql80-server";
 		"service_name" string => "mysql-server";
+		"cfg_dir" string => "/usr/local/etc/mysql";
 		"cfg_file" string => "/usr/local/etc/mysql/my.cnf";
-		"mysql_cmd" string => "/usr/local/bin/mysql";
+		"bin_dir" string => "/usr/local/bin";
 	debian::
-		"pkg"  slist => {"mariadb-common", "mariadb-client", "mariadb-server"};
+		"pkg"  slist => {"mariadb-server"};
+		"client_pkgs" slist => {"mariadb-client"};
 		"service_name" string => "mysql";
+		"cfg_dir" string => "/etc/mysql";
 		"cfg_file" string => "/etc/mysql/my.cnf";
-		"mysql_cmd" string => "/usr/bin/mysql";
-commands:
-#	debian&mysql_repaired::
-#	"/usr/bin/mysql_install_db"
-#		depends_on => { "mysql_pkgs_installed" },
-#		handle => "mysql_db_installed";
+		"bin_dir" string => "/usr/bin";
+	any::
+		"mysql_cmd" string => "$(bin_dir)/mysql";
+		"mysqldump_cmd" string => "$(bin_dir)/mysqldump";

 files:
+	"$(cfg_dir)/."
+	create => "true",
+	perms => mog("0755","root","root"),
+	handle => "mysql_cfg_dir_created";
+	

 	"$(cfg_file)" 
 	create => "true",
@ -34,13 +44,13 @@ files:
 	edit_template => "$(sys.workdir)/inputs/$(def.wmde_libdir)/templates/my.cnf.mustache",
 	template_method => "mustache",
 	handle => "mysql_cfg_created",
-#	depends_on => {"mysql_db_installed"},
+	depends_on => {"mysql_cfg_dir_created"},
 	classes => if_repaired("mysql_repaired");


 methods:
 	"any" usebundle => wmde_install_packages(@(mysql.pkg),"mysql"),
-		depends_on => { "mysql_cfg_created" };
+		depends_on => { "mysql_cfg_created"};

 services:
 	"$(service_name)"
@ -53,10 +63,19 @@ services:
 		service_policy => "restart",
 		depends_on => {"mysql_running","mysql_cfg_created"};

+reports:

 }


+
+bundle agent install_mysql_client
+{
+methods:
+	"any" usebundle => wmde_install_packages(@(mysql.client_pkgs),"mysql_client"),
+		handle => "mysql_client_installed";	
+}
+
 body contain mysql_cmd
 {
 	useshell=>"useshell";
@ -81,15 +100,6 @@ vars:
 	"classname" string => "mysql_$(dbdef[db_name])_$(table_name)_exists";

 	"cmd" string => 'if mysql $(xargs) -e "show tables LIKE \'$(table_name)\'" $(dbdef[db_name]) | grep -q \'$(table_name)\'; then echo "+$(classname)"; else echo "-$(classname)"; fi';
-	#"cmd" string => '"if mysql -e \\\"show tables"';
-#	"cmdfile" string => hash("$cmd)","sha256");
-
-#files:
-#	"/tmp/$(cmdfile)"
-#		create => "true",
-#		content => "$(cmd)",
-#		handle => "mysql_$(cmdfile)_created";
-
 	
 commands:
 	"$(cmd)"
@ -98,9 +108,59 @@ commands:
 		module => "true";

 reports:
-#	"CMD: $(cmd)";
 }

+bundle agent mysql_backup_all(cfg)
+{
+
+vars:
+	"cmd" string => '$(mysql.mysql_cmd) -N -e \'show databases\' | while read dbname; do $(mysql.mysqldump_cmd) --complete-insert --routines --triggers --single-transaction --max_allowed_packet=512M "$dbname" > $(cfg[backup_dir])/"$dbname".sql; done';
+
+reports:
+#	"CMD: $(cmd)";
+
+}
+
+
+bundle agent mysql_backup_db(cfg,file)
+{
+vars:
+	"table_exists_cmd" string => '$(mysql.mysql_cmd) -e "show tables LIKE \'$(table_name)\'" $(cdfg[db_name]) | grep -q $(table_name)';
+	"cmd" string => "$(mysql.mysqldump_cmd) --complete-insert --routines --triggers --single-transaction --max_allowed_packet=512M -h$(cfg[db_host]) -u$(cfg[db_user]) -p$(cfg[db_pass]) $(cfg[db_name]) >$(file)";
+
+
+}
+
+bundle agent create_mysql_backup_cron_job(cfg,file,table_name,run)
+{
+classes:
+	"create_cron" expression => strcmp("$(run)","true");
+vars:
+	"table_exists_cmd" string => '$(mysql.mysql_cmd) -u$(cfg[db_user]) -p$(cfg[db_pass]) $(cfg[db_name]) -e "show tables LIKE \'$(table_name)\'" $(cfg[db_name]) | grep -q $(table_name)';
+	"backup_cmd" string => "$(mysql.mysqldump_cmd) --complete-insert --routines --triggers --single-transaction --max_allowed_packet=512M -h$(cfg[db_host]) -u$(cfg[db_user]) -p$(cfg[db_pass]) $(cfg[db_name]) >$(file)";
+
+
+files:
+	!create_cron::
+		"/etc/cron.d/$(cfg[db_name])"
+		delete=>tidy;
+
+	create_cron::
+		"/etc/cron.d/$(cfg[db_name])"
+		perms => m("644"),
+		create => "true",
+		content => "
+#
+# /etc/cron.d/roundcube
+#
+SHELL=/bin/sh
+PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
+
+0 * * * *	root	$(table_exists_cmd) && $(backup_cmd)
+";
+
+
+}

 bundle agent create_mysql_db(cfg)
 {
@ -118,7 +178,5 @@ commands:
 		args => "$(args)",
 		inform => "false";

-#mysql -u <username> -p -e "USE <database_name>;" && mysql -u <username> -p -e "SHOW TABLES LIKE '<table_name>';" | grep -q '<table_name>' && exit 0 || exit 1
-
 reports:
 }
--- a/php.cf
+++ b/php.cf
@ -38,7 +38,13 @@ vars:
 			"php$(version)-mysql",
 			"php-json",
 			"php$(version)-xml",
-			"php-gd"
+			"php-gd",
+			"php-mbstring",
+			"php-intl",
+			"php-curl",
+			"php-imagick",
+			"php-ldap",
+			
 		};
 	ubuntu::
 		"pkgs" slist => {
--- a/rspamd.cf
+++ b/rspamd.cf
@ -9,7 +9,7 @@ vars:
 		"local.d/milter_headers.conf",
 #		"local.d/actions.conf",
      		"local.d/worker-normal.inc",
-#		"local.d/worker-proxy.inc",
+		"local.d/worker-proxy.inc",
 #		"local.d/worker-controller.inc",
 #		"local.d/classifier-bayes.conf",
 #		"local.d/worker-fuzzy.inc",
@ -29,53 +29,28 @@ vars:
 		"service_name" string => "rspamd";
 		"root_user" string => "root";
 		"root_group" string => "root";
-packages:
-	freebsd::
-		"$(rspamd.pkgs)"
-			policy => "present",
-			package_module => pkg,
-			handle => "rspamd_pkg_installed",
-			classes => if_repaired(rspamd_changed);
-	debian::
-		"$(rspamd.pkgs)"
-			policy => "present",
-			package_module => apt_get,
-			handle => "rspamd_pkg_installed",
-			classes => if_repaired(rspamd_changed);
-	fedora|centos::
-		"$(rspamd.pkgs)"
-			policy => "present",
-			package_module => yum,
-			handle => "rspamd_pkg_installed",
-			classes => if_repaired(rspamd_changed);
+
+
+methods:
+	"any" usebundle => wmde_install_packages(@(pkgs),"rspamd");
+	"any" usebundle => wmde_service("$(service_name)","rspamd_kept","rspamd_repaired"),
+		depends_on => {"rspamd_cfgs_done"};
 files:
 	"$(cfg_dir)/."
 	perms => uperm("$(root_user)","$(root_group)","755"),
-	depends_on => { "rspamd_pkg_installed" },
+	depends_on => { "rspamd_pkgs_installed" },
 	handle => "rspamd_cfg_dir_created";

 	"$(cfg_dir)/$(cfgfiles)"
 	create => "true",
 	edit_template => "$(sys.workdir)/inputs/$(def.wmde_libdir)/templates/rspamd/$(cfgfiles).mustache",
 	template_method => "mustache",
-	perms => uperm("$(root_user)","$(root_group)","644"),
+	perms => m("644"),
 	template_data => bundlestate("$(this.bundle)"),
-	depends_on => { "rspamd_pkg_installed","rspamd_cfg_dir_created" },
-	classes => if_repaired(rspamd_restart),
+	depends_on => { "rspamd_pkgs_installed","rspamd_cfg_dir_created" },
+	classes => if_repaired(rspamd_repaired),
 	handle => "rspamd_cfgs_done";

-
-services:
-	"$(service_name)"
-	service_policy => "start",
-	depends_on => { "rspamd_cfgs_done" },
-	handle => "rspamd_running";
-
-	rspamd_restart::
-		"$(service_name)"
-		service_policy => "restart",
-		depends_on => { "rspamd_running", "rspamd_cfgs_done"};
-
 reports:
 #	"RSPAMD: $(cfgjs)";
 #	"RSJ: $(worker_normalx)";
--- a/templates/dovecot/dovecot.conf.mustache
+++ b/templates/dovecot/dovecot.conf.mustache
@ -30,12 +30,25 @@ protocol imap {
 	ssl_cert = <{{vars.dovecot.imap_cert}}
 	ssl_key = <{{vars.dovecot.imap_key}}

-  # Space separated list of plugins to load (default is global mail_plugins).
-  #mail_plugins = $mail_plugins
+	# Space separated list of plugins to load (default is global mail_plugins).
+	#mail_plugins = $mail_plugins

-  # Maximum number of IMAP connections allowed for a user from each IP address.
-  # NOTE: The username is compared case-sensitively.
-  #mail_max_userip_connections = 10
+	# Maximum number of IMAP connections allowed for a user from each IP address.
+	# NOTE: The username is compared case-sensitively.
+	#mail_max_userip_connections = 10
+}
+
+protocol submission {
+
+	ssl_cert = <{{vars.dovecot.submission_cert}}
+	ssl_key = <{{vars.dovecot.submission_key}}
+
+	# Space separated list of plugins to load (default is global mail_plugins).
+	#mail_plugins = $mail_plugins
+
+	# Maximum number of IMAP connections allowed for a user from each IP address.
+	# NOTE: The username is compared case-sensitively.
+	#mail_max_userip_connections = 10
 }


@ -55,5 +68,18 @@ passdb {
 }
 {{/vars.dovecot.cfg.passdbs}}

+
+{{#vars.dovecot.cfg.services}}
+#
+# {{comment}}
+#
+service {{@}} {
+{{{raw}}}
+}
+
+{{/vars.dovecot.cfg.services}}
+
+
+
 {{vars.dovecot.cfg.raw}}

--- a/templates/my.cnf.mustache
+++ b/templates/my.cnf.mustache
@ -3,7 +3,7 @@
 #

 [client-server]
-port                            = {{vars.mysql.port}}
+port                            = {{vars.cfg.mysql.port}}
 socket				= /run/mysqld/mysqld.sock

 #[mysql]
@ -11,10 +11,10 @@ socket				= /run/mysqld/mysqld.sock
 #no_auto_rehash

 [mysqld]
-log-error			=/var/log/mysql/mysqld.log
-user                            = {{vars.mysql.user}}
-port                            = {{vars.mysql.port}}
-bind-address                    = 127.0.0.1
+#log-error			=/var/log/mysql/mysqld.log
+user                            = {{vars.mysql.cfg.user}}
+port                            = {{vars.mysql.cfg.port}}
+bind-address                    = {{vars.mysql.cfg.bind_address}}

 lower_case_table_names          = 1

--- a/templates/rspamd/local.d/worker-normal.inc.mustache
+++ b/templates/rspamd/local.d/worker-normal.inc.mustache
@ -1,5 +1,5 @@
 #
 # Managed by CFEngine
 #
-{{cfg.worker_normal}}
+{{{cfg.worker_normal}}}

--- a/vimbadmin.cf
+++ b/vimbadmin.cf
@ -4,11 +4,13 @@

 bundle agent vimbadmin(cfg) 
 {
-vars:
-	"r" int => randomint(1,5),
-		handle => "rand_assigned";
+classes:
+	"vimbadmin_restore_db_file" expression => isvariable("cfg[restore_db_file]");

-	
+	vimbadmin_restore_db_file::
+		"vimbadmin_restore_db" expression => fileexists("$(cfg[restore_db_file])");
+
+vars:
 	"vsettings[resources.doctrine2.connection.options.driver]" string => "'$(cfg[db_driver])'";
 	"vsettings[resources.doctrine2.connection.options.dbname]" string => "'$(cfg[db_name])'";
 	"vsettings[resources.doctrine2.connection.options.user]" string => "'$(cfg[db_user])'";
@ -88,11 +90,17 @@ files:

 commands:
 	
-	"!mysql_$(cfg[db_name])_admin_exists"::
+	"(!mysql_$(cfg[db_name])_admin_exists)&(!vimbadmin_restore_db)"::
 		"cd $(cfg[install_dir]) && ./bin/doctrine2-cli.php orm:schema-tool:create "
 		contain => wmde_cmd_useshell,	
+		handle => "vimbadmin_db_initialized",
 		depends_on => {"vimbadmin_appini_edited"};
 	
+	"(!mysql_$(cfg[db_name])_admin_exists)&vimbadmin_restore_db"::
+		"mysql -u $(cfg[db_user]) -p$(cfg[db_pass]) -h$(cfg[db_host]) $(cfg[db_name]) < $(cfg[restore_db_file])"
+		contain => wmde_cmd_useshell,
+		depends_on => {"vimbadmin_appini_edited"};	
+			

 	vimbadmin_reconfigure::
 		"/bin/sh"
@ -121,6 +129,16 @@ methods:
 	"any" usebundle => mysql_table_exists(@(cfg),"admin");

 reports:
+#	"VIMBADMIN $(cfg[restore_db_file])";
+
+#	"vimbadmin_restore_db_file"::
+#		"RESTORE_DB_FILE";
+
+#	"vimbadmin_restore_db"::
+#		"RESTORE_DB";
+	
+#	"(!mysql_$(cfg[db_name])_admin_exists)&vimbadmin_restore_db"::
+#		"Should restore db";
 }
Author	SHA1	Message	Date
Tobias Herre	83c714ad31	raw output with {{{ }}} to prevent html escaping	2023-10-16 09:25:42 +02:00
Tobias Herre	178449e8e3	Uses library functions to install	2023-10-16 09:24:52 +02:00
Tobias Herre	cb0dfb9bc4	Added bundle to create cronjob for backups	2023-10-16 09:24:11 +02:00
Tobias Herre	4d35d5c79e	Bind address configurable	2023-10-14 15:16:55 +02:00
Tobias Herre	7fd07e9ebe	Submission cert added	2023-10-14 15:16:27 +02:00
Tobias Herre	b777ce0381	php gd added	2023-10-14 15:16:00 +02:00
Tobias Herre	f06752c216	Submission cert added	2023-10-14 15:15:30 +02:00
Tobias Herre	1cd5758f05	Feature to restore database implemented	2023-10-13 21:08:47 +02:00
Tobias Herre	a6a149a156	Default cfg and correct perms for /etc/mysql	2023-10-13 20:09:33 +02:00