+++ /dev/null
-
-choice
- depends on PACKAGE_cfengine-promises
- prompt "Network profile"
- default NETWORK_PROFILE_APU
-
- config NETWORK_PROFILE_ALIX
- bool "ALIX"
-
- config NETWORK_PROFILE_APU
- bool "APU"
-
- config NETWORK_PROFILE_RASPI
- bool "Rasperry Pi"
-
-endchoice
-
+++ /dev/null
-include $(TOPDIR)/rules.mk
-
-PKG_NAME:=cfengine-promises
-PKG_VERSION:=1.3.22
-PKG_RELEASE:=1
-
-include $(INCLUDE_DIR)/package.mk
-
-define Package/cfengine-promises
- SECTION:=administration
- CATEGORY:=Enigmabox
- TITLE:=CFEngine promises
- DEPENDS:=+cfengine
-endef
-
-define Package/cfengine-promises/config
- source "$(SOURCE)/Config.in"
-endef
-
-define Package/cfengine-promises/description
- The promises for CFEngine which configure the Enigmabox.
-endef
-
-define Build/Configure
-endef
-
-define Build/Compile
-endef
-
-define Package/cfengine-promises/install
- $(INSTALL_DIR) $(1)/opt/cfengine
- $(INSTALL_BIN) ./files/root/bootstrap.cf $(1)/opt/cfengine/bootstrap.cf
- $(INSTALL_BIN) ./files/root/site.cf $(1)/opt/cfengine/site.cf
-
- $(INSTALL_DIR) $(1)/opt/enigmabox/cfengine-promises
- cp -rv ./files/root/* $(1)/opt/enigmabox/cfengine-promises/
-
- $(INSTALL_DIR) $(1)/usr/sbin
- $(INSTALL_BIN) ./files/cfengine-apply $(1)/usr/sbin/cfengine-apply
- $(INSTALL_BIN) ./files/init-mysql $(1)/usr/sbin/init-mysql
-
- $(INSTALL_DIR) $(1)/usr/bin
- $(INSTALL_BIN) ./files/hello $(1)/usr/bin/hello
- $(INSTALL_BIN) ./files/speedtest $(1)/usr/bin/speedtest
-
- $(INSTALL_DIR) $(1)/etc/init.d
- $(INSTALL_BIN) ./files/cfengine-promises.init $(1)/etc/init.d/cfengine-promises
- $(INSTALL_BIN) ./files/rebuild-iptables.init $(1)/etc/init.d/rebuild-iptables
- $(INSTALL_BIN) ./files/setup-cjdns-networking.init $(1)/etc/init.d/setup-cjdns-networking
-
- $(INSTALL_DIR) $(1)/etc
- $(INSTALL_DATA) ./files/resolv.conf $(1)/etc/resolv.conf.enigmabox
-
- # network profile
- $(INSTALL_DIR) $(1)/etc/enigmabox
- if [ "$(CONFIG_NETWORK_PROFILE_ALIX)" == "y" ]; then echo alix > $(1)/etc/enigmabox/network-profile; fi
- if [ "$(CONFIG_NETWORK_PROFILE_APU)" == "y" ]; then echo apu > $(1)/etc/enigmabox/network-profile; fi
- if [ "$(CONFIG_NETWORK_PROFILE_RASPI)" == "y" ]; then echo raspi > $(1)/etc/enigmabox/network-profile; fi
-
- # create empty crontab so that the cron service starts
- $(INSTALL_DIR) $(1)/etc/crontabs
- touch $(1)/etc/crontabs/root
-endef
-
-$(eval $(call BuildPackage,cfengine-promises))
+++ /dev/null
-#!/bin/ash
-
-#set -xv
-
-# variables
-cfengine_site="/box/.cf-site.json"
-cfagent="/opt/cfengine/bin/cf-agent"
-webinterface="http://127.0.0.1:8000"
-pidfile="/var/run/cfengine-apply.pid"
-dynamic_output="/tmp/dynamic_output"
-dynamic_status="/tmp/apply-in-progress"
-
-
-
-run() {
- background=""
- if [[ "$1" == "background" || "$2" == "background" ]]; then
- > "$dynamic_output"
- background=1
- fi
-
- touch "$dynamic_status"
-
- echo "running cfengine and applying promises..."
- curl "$webinterface/cfengine/site.json" > "$cfengine_site"
-
- if [[ "$background" == 1 ]]; then
- (
- cfengine_run > "$dynamic_output"
- inform_webinterface
- ) &
- else
- cfengine_run && inform_webinterface
- fi
-
-}
-
-inform_webinterface() {
- curl --data "key=config_changed&value=False" -X POST "$webinterface/api/v1/set_option" &> /dev/null
- rm "$dynamic_status"
-}
-
-cfengine_run() {
- "$cfagent" --no-lock --inform --color=always /opt/enigmabox/cfengine-promises/site.cf
-}
-
-
-
-# Check if this script is already running
-kill -0 $(cat "$pidfile" 2> /dev/null) 2> /dev/null
-if [[ "$?" == "0" ]]; then
- echo "Script is already running, exiting"
- exit 1
-else
- [[ -f "$pidfile" ]] && rm "$pidfile"
-fi
-echo $$ > "$pidfile"
-
-
-
-# Option parsing
-while getopts "s:b" opt; do
- case "$opt" in
- s)
- sleep="$OPTARG"
- ;;
- b)
- background="background"
- ;;
- :)
- echo "Option -$OPTARG requires an argument."
- exit 1
- ;;
- esac
-done
-
-
-
-if [[ -n "$sleep" ]]; then
- echo "sleeping for $sleep seconds..."
- sleep "$sleep"
-fi
-
-run $background
-
-rm "$pidfile"
-
+++ /dev/null
-#!/bin/sh /etc/rc.common
-# cfengine promises apply service
-
-START=92
-
-start() {
- /usr/sbin/cfengine-apply
- (sleep 60 && /usr/sbin/asterisk -rx 'sip notify gsreboot 100') &
-}
-
+++ /dev/null
-#!/bin/ash
-################################################################################
-less << EOF
-Hello.
-
-Thank you for joining us in our mission to provide the infrastructure
-for an independent, decentralized network built on secure protocols
-to protect humanity against tyranny and oppressive states.
-
-This is the Enigmabox, providing ready to use applications like telephony
-and email for use over cjdns networks.
-
-
-
-Enigmabox - folder structure
-============================
-
-/box - personal data
-/etc/enigmabox - enigmabox specific data
-/opt/enigmabox - enigmabox applications
-/opt/enigmabox/cfengine-promises - system configuration templates
-
-
-
-Enigmabox - commands
-====================
-
-cfengine-apply - run CFEngine, apply the configuration
-rebuild-iptables - apply firewall rules
-setup-cjdns-networking - manually run network setup script
-speedtest - conduct a bandwidth test
-
-
-The following commands are available for subscribers:
-
-addressbook pull - get global addressbook
-addressbook push - publish your address in the directory
-updater check - check for updates
-updater install [package] - install a package
-updater apply - apply updates - this will reboot your box!
-upgrader download - download newest firmware image
-upgrader verify - verify firmware image
-upgrader write - write firmware image
-
-
-
-cjdns - tools
-=============
-
-cjdnslog '' - watch cjdns at work
-dumptable - dump all nodes known to this cjdns instance
-findnodes - details about nodes, e.g. link quality, cjdns version, path
-peerStats - statistics about your direct peers
-
-EOF
+++ /dev/null
-#!/bin/ash
-
-/usr/bin/mysql_install_db --force
-
-/etc/init.d/mysqld start
-/etc/init.d/mysqld enable
-
-mysqladmin -u root password 'root'
-
+++ /dev/null
-#!/bin/sh /etc/rc.common
-# rebuild iptables
-
-START=86
-
-start() {
- /usr/sbin/rebuild-iptables
-}
-
+++ /dev/null
-domain box
-search box
-nameserver ::1
-nameserver 127.0.0.1
-nameserver 4.2.2.1
-nameserver 4.2.2.2
-nameserver 4.2.2.3
-nameserver 4.2.2.4
-nameserver 8.8.8.8
+++ /dev/null
-
-bundle agent app_cjdns
-{
- vars:
- "json"
- data => readjson("$(g.site)", 64000);
-
- classes:
- "cjdns_master"
- expression => regcmp("master", "$(json[cjdns_version])");
-
- "cjdns_v6"
- expression => regcmp("v6", "$(json[cjdns_version])");
-
- files:
- "/box/cjdroute.conf"
- create => "true",
- template_method => "mustache",
- template_data => readjson("$(g.site)", 64000),
- edit_template => "$(this.promise_dirname)/templates/cjdroute.conf.mustache",
- edit_defaults => no_backup,
- classes => if_repaired("restart_cjdns");
-
- "/root/.cjdnsadmin"
- create => "true",
- template_method => "mustache",
- template_data => readjson("$(g.site)", 64000),
- edit_template => "$(this.promise_dirname)/templates/cjdnsadmin.mustache",
- edit_defaults => no_backup;
-
- "/etc/wpa_supplicant/."
- create => "true";
-
- "/etc/wpa_supplicant/wpa_supplicant.conf"
- create => "true",
- template_method => "mustache",
- template_data => readjson("$(g.site)", 64000),
- edit_template => "$(this.promise_dirname)/templates/wpa_supplicant.conf.mustache",
- edit_defaults => no_backup;
-
- "/usr/sbin/setup-cjdns-networking"
- create => "true",
- perms => script,
- template_method => "mustache",
- template_data => readjson("$(g.site)", 64000),
- edit_template => "$(this.promise_dirname)/templates/setup-cjdns-networking.mustache",
- edit_defaults => no_backup;
-
- cjdns_master::
- "/usr/sbin/cjdroute"
- copy_from => local_copy("/usr/sbin/cjdroute.master"),
- classes => if_repaired("restart_cjdns");
-
- cjdns_v6::
- "/usr/sbin/cjdroute"
- copy_from => local_copy("/usr/sbin/cjdroute.v6"),
- classes => if_repaired("restart_cjdns");
-
- commands:
- restart_cjdns::
- "/etc/init.d/cjdns restart";
-
- reports:
- "checking cjdns: done";
-}
-
+++ /dev/null
-{
- "addr": "127.0.0.1",
- "port": 11234,
- "password": "6v60ggy58qu0x0013vh64gzsu2lch0y"
-}
+++ /dev/null
-// Autogenerated cjdns.conf
-
-{
- "privateKey": "{{cjdns_private_key}}",
- "publicKey": "{{cjdns_public_key}}",
- "ipv6": "{{cjdns_ipv6}}",
- "authorizedPasswords":
- [
-{{#if_peering_password}}
-{"password": "{{peering_password}}"}
-{{/if_peering_password}}
- ],
-
- "admin":
- {
- "bind": "127.0.0.1:11234",
- "password": "6v60ggy58qu0x0013vh64gzsu2lch0y"
- },
-
- // Interfaces to connect to the switch core.
- "interfaces":
- {
- "UDPInterface":
- [
- {
- "bind": "0.0.0.0:{{peering_port}}",
- "connectTo":
- {
-{{#if_peerings}}
-{{#peerings}}
- "{{address}}":{"password":"{{password}}","publicKey":"{{public_key}}"},
-{{/peerings}}
-{{/if_peerings}}
- }
- }
- ]
- "ETHInterface":
- [
-{{#autopeering}}
- {
- "bind": "{{interface}}",
- "beacon": 2,
- },
-{{/autopeering}}
-{{#if_meshmode}}
- {
- "bind": "wlan0",
- "beacon": 2,
- },
-{{/if_meshmode}}
- ]
- },
-
- // Configuration for the router.
- "router":
- {
- "interface":
- {
- "type": "TUNInterface"
- //"tunDevice": "tun0"
- },
- "ipTunnel":
- {
- "allowedConnections":
- [
- ],
- "outgoingConnections":
- [
-{{#if_internet_gateway}}
-{{#internet_gateway}}
- "{{public_key}}",
-{{/internet_gateway}}
-{{/if_internet_gateway}}
- ]
- }
- },
-
- "resetAfterInactivitySeconds": 100,
- //"pidFile": "cjdroute.pid",
- "security":
- [
- "nofiles",
- {
- "setuser": "nobody",
- "exemptAngel": 1
- }
- ],
- "logging":
- {
- // "logTo":"stdout"
- }
-}
+++ /dev/null
-#!/bin/ash
-export LC_ALL=en_US.UTF-8
-
-# TODO
-# * dns und gateway vom dhcp-server übernehmen, erst setzen, wenn ip erhalten
-
-# vars
-
-remoteaddresses="{{#peerings}}{{ip}} {{/peerings}}{{#missioncontrol}}{{ip}} {{/missioncontrol}}"
-
-orggatewayfile="/tmp/cjdns_org_gw"
-
-network_profile="$(cat /etc/enigmabox/network-profile)"
-[[ "$network_profile" = "alix" ]] && clearnet_interface="eth0"
-[[ "$network_profile" = "apu" ]] && clearnet_interface="eth2"
-[[ "$network_profile" = "raspi" ]] && clearnet_interface="eth1"
-
-ping="ping -c 5 -W 5"
-cjdns_request_tries="/tmp/cjdns_request_tries"
-netstat_file="/tmp/netstat"
-pidfile="/tmp/setup-cjdns-networking.pid"
-opmode="{{wlan_opmode}}"
-ssid="{{wlan_ssid}}"
-wep_pass="{{wlan_pass}}"
-security="{{wlan_security}}"
-dynamic_output="/tmp/dynamic_output"
-
-{{#if_internet_gateway}}
-request_internet="yes"
-{{/if_internet_gateway}}
-
-{{^if_internet_gateway}}
-request_internet="no"
-{{/if_internet_gateway}}
-
-
-
-# check if its already running
-if [[ "$1" != "startwifi" ]]; then
- kill -0 $(cat "$pidfile" 2> /dev/null) 2> /dev/null
- if [[ "$?" == "0" ]]; then
- echo "script is already running"
- exit 0
- fi
-
- echo $$ > "$pidfile"
-fi
-
-
-
-# functions
-
-e() {
- echo 1>&2
- echo 1>&2
- echo "$1" 1>&2
-}
-
-startwifi() {
- echo "please wait, configuring system..." > "$dynamic_output"
- /usr/sbin/cfengine-apply &> /dev/null
- echo "done" > "$dynamic_output"
-
- /usr/sbin/setup-cjdns-networking &> "$dynamic_output"
-
- exit 0 #the script should end here
-}
-
-dhcp() {
- ifconfig "$clearnet_interface" up
-
- if [[ $( route -n | grep ^0.0.0.0 | wc -l ) -eq 0 ]]; then
- e "dhcp request $clearnet_interface"
- udhcpc -i "$clearnet_interface" --now
- fi
-}
-
-start_wpa() {
- e "start WPA session"
-
- ifconfig wlan0 down
- killall wpa_supplicant
-
- # make sure wpa_supplicant is absent
- rm "/var/run/wpa_supplicant/wlan0" 2> /dev/null
-
- sleep 2
-
- ifconfig wlan0 up
- wpa_supplicant -i wlan0 -D wext -c /etc/wpa_supplicant/wpa_supplicant.conf -B
-
- sleep 2
-}
-
-start_wep() {
-{{#if_wlan_pass}}
- e "start WEP session"
- ifconfig wlan0 up
- iwconfig wlan0 essid "$ssid"
- iwconfig wlan0 key "d:0:$wep_pass"
-{{/if_wlan_pass}}
-{{^if_wlan_pass}}
- e "connecting to AP"
- ifconfig wlan0 up
- iwconfig wlan0 essid "$ssid"
-{{/if_wlan_pass}}
-}
-
-request_cjdns_internet() {
- try=$(cat "$cjdns_request_tries" 2> /dev/null)
- try=$(($try+1))
- echo "$try" > "$cjdns_request_tries"
-
- # try another countryserver after the 2nd try
- if [[ "$try" -ge 2 ]]; then
- e "switching to an alternative server"
- curl http://127.0.0.1:8000/api/v1/set_next_country &> /dev/null
- /usr/sbin/cfengine-apply
- fi
-
- # request cjdns internet via script after the 3rd try
- if [[ "$try" -ge 3 ]]; then
- e "request cjdns internet"
- /usr/sbin/request-internet
- fi
-}
-
-start_cjdns() {
- if [[ "$(/etc/init.d/cjdns status)" != "running" ]]; then
- e "starting cjdns"
- /etc/init.d/cjdns start
- fi
-}
-
-restart_cjdns() {
- e "restarting cjdns"
- /etc/init.d/cjdns restart
-}
-
-get_vpn_gateway() {
- ifconfig tun0 2> /dev/null | grep "inet addr" | cut -d: -f2 | awk '{ print $1 }'
-}
-
-get_original_gateway() {
- if [[ -f "$orggatewayfile" ]]; then
- org_gw=$(cat "$orggatewayfile")
- else
- org_gw=$(route -n | grep '^0.0.0.0' | awk '{ print $2 }')
- echo "$org_gw" > "$orggatewayfile"
- fi
- echo "$org_gw"
-}
-
-gateway_is_up() {
- vpn_gateway=$(get_vpn_gateway)
- if [[ "$vpn_gateway" != "" ]]; then
- echo true
- fi
-}
-
-interface_dhcp_success() {
- if [[ "$(ifconfig "$clearnet_interface" | grep 'inet addr' | wc -l)" -gt 0 ]]; then
- echo true
- fi
-}
-
-mtu() {
- if [[ "$(ifconfig tun0 2> /dev/null | grep -i mtu | awk '{ print $6 }' | cut -d: -f 2)" -ne 1300 ]]; then
- e "setting mtu"
- ifconfig tun0 mtu 1300
- fi
-}
-
-original_gateway() {
- original_gateway=$(get_original_gateway)
- for remoteaddress in $remoteaddresses; do
- if [[ "$(route -n | egrep "$remoteaddress.*?$original_gateway" | wc -l)" -eq 0 ]]; then
- e "setting route $remoteaddress via $original_gateway dev $clearnet_interface"
- route add "$remoteaddress" gw "$original_gateway" "$clearnet_interface"
- fi
- done
-}
-
-defaultroute() {
- original_gateway=$(get_original_gateway)
- vpn_gateway=$(get_vpn_gateway)
- if [[ "$(route -n | egrep "0.0.0.0.*?$vpn_gateway" | wc -l)" -eq 0 ]]; then
- e "setting defaultroute"
- route del default
- route add default gw "$vpn_gateway" tun0
- fi
-}
-
-set_network_parameters() {
- mtu
- original_gateway
- defaultroute
-}
-
-check_for_internet() {
- # check for internet. if only one server with a direct route is pingable,
- # we have an internet connection
- for remoteaddress in $remoteaddresses; do
- if [[ "$($ping "$remoteaddress" | grep 'bytes from')" ]]; then
- echo true
- break
- fi
- done
-}
-
-set_status() {
- key=$1
- val=$2
- echo "$val" > "$netstat_file-$key"
-}
-
-
-
-# params
-[[ "$1" == "startwifi" ]] && startwifi "$2"
-
-
-
-# logic
-
-# ensure dhcpd is running
-if [[ $( pidof dhcpd | wc -l ) -eq 0 ]]; then
- /etc/init.d/dhcpd restart
-fi
-
-# ensure radvd is running
-if [[ "$(pidof radvd | wc -l)" -eq 0 ]]; then
- /etc/init.d/radvd restart
-fi
-
-# setup wifi if available
-if [[ -e "/sys/class/net/wlan0" ]]; then
- e "wifi detected"
-
- if [[ "$opmode" = "mesh" ]]; then
- e "opmode: mesh"
-
- # check if wlan0 has already started
- if [[ "$(iwconfig wlan0 | grep 'ESSID' | grep 'cjdns' | wc -l)" -eq 0 \
- || "$(iwconfig wlan0 | grep 'Mode:' | grep 'Ad-Hoc' | wc -l)" -eq 0 ]]; then
- e "starting ad-hoc mesh"
- ifconfig wlan0 down
- iwconfig wlan0 mode ad-hoc
- iwconfig wlan0 essid cjdns
- ifconfig wlan0 up
- restart_cjdns
- else
- e "ad-hoc mesh is running fine"
- fi
- fi
-
- if [[ "$opmode" = "client" ]]; then
- e "opmode: client"
-
- clearnet_interface=wlan0
-
- # check if wlan0 has already started
- if [[ "$(ifconfig wlan0 | grep 'inet addr' | wc -l)" -eq 0 \
- || "$(iwconfig wlan0 | grep 'Access Point: Not-Associated' | wc -l)" -gt 0 ]]; then
- if [[ "$security" = "WPA" ]]; then
- start_wpa
- else
- start_wep
- fi
- else
- e "wlan client is running fine"
- fi
- #TODO: connect to unencrypted wifi
- fi
-fi
-
-if [[ "$(gateway_is_up)" == "true" ]]; then
- set_network_parameters
- e "checking internet connectivity over cjdns"
- if [[ "$($ping 8.8.8.8 | grep 'bytes from')" ]]; then
- echo "We have internet. Good."
- set_status "dhcp" 1
- set_status "internet" 1
- set_status "cjdns" 1
- set_status "cjdns_internet" 1
- rm "$cjdns_request_tries" 2> /dev/null
- exit
- fi
-fi
-
-echo "No internet via cjdns. Checking for regular internet connection..."
-set_status "dhcp" 0
-set_status "internet" 0
-set_status "cjdns" 0
-set_status "cjdns_internet" 0
-
-# request dhcp
-dhcp
-
-if [[ "$(interface_dhcp_success)" == "true" ]]; then
- set_status "dhcp" 1
-fi
-
-wehaveinternet="no"
-if [[ "$(check_for_internet)" == "true" ]]; then
- set_status "internet" 1
- wehaveinternet="yes"
-fi
-
-if [[ "$wehaveinternet" == "yes" && "$request_internet" == "yes" ]]; then
- request_cjdns_internet
- restart_cjdns
- set_status "cjdns" 1
- for i in $(seq 60 -1 1); do
- echo "waiting $i seconds for gateway to come up..."
- if [[ "$(gateway_is_up)" == "true" ]]; then
- e "gateway is up."
- set_network_parameters
- e "checking internet connectivity over cjdns"
- if [[ "$($ping 8.8.8.8 | grep 'bytes from')" ]]; then
- echo "We have internet. Good."
- set_status "dhcp" 1
- set_status "internet" 1
- set_status "cjdns" 1
- set_status "cjdns_internet" 1
- rm "$cjdns_request_tries" 2> /dev/null
- exit
- else
- echo "Gateway is up, but no internet. Requesting..."
- /usr/sbin/request-internet
- exit
- fi
- fi
- sleep 1
- done
-else
- e "no internet via cjdns."
- # just ensure that cjdns is running, but DO NOT restart it!
- # since local phone calls may be active.
- start_cjdns
- set_status "cjdns" 1
-fi
-
+++ /dev/null
-
-# docs: http://wiki.ubuntuusers.de/WLAN/wpa_supplicant
-
-ctrl_interface=/var/run/wpa_supplicant
-eapol_version=1
-ap_scan=1
-
-network={
- ssid="{{wlan_ssid}}"
- scan_ssid=1
- proto=RSN
- key_mgmt=WPA-PSK
- group={{wlan_group}}
- pairwise={{wlan_pairwise}}
- psk="{{wlan_pass}}"
-}
-
+++ /dev/null
-
-bundle agent app_database
-{
- files:
- "/etc/my.cnf"
- create => "true",
- edit_template => "$(this.promise_dirname)/templates/my.cnf",
- edit_defaults => no_backup,
- classes => if_repaired("init_mysql");
-
- "/www/db/mysql/."
- create => "true";
-
- commands:
- init_mysql::
- "/usr/sbin/init-mysql";
-
- reports:
- "checking database: done";
-}
-
+++ /dev/null
-[client]
-port = 3306
-socket = /var/run/mysqld.sock
-
-[mysqld]
-user = root
-socket = /var/run/mysqld.sock
-port = 3306
-basedir = /usr
-
-############ Don't put this on the NAND #############
-# Figure out where you are going to put the databases
-# And run mysql_install_db --force
-datadir = /www/db/mysql/
-
-######### This should also not go on the NAND #######
-tmpdir = /tmp
-
-skip-external-locking
-
-bind-address = 127.0.0.1
-
-# Fine Tuning
-key_buffer = 16M
-max_allowed_packet = 16M
-thread_stack = 192K
-thread_cache_size = 8
-
-# Here you can see queries with especially long duration
-#log_slow_queries = /var/log/mysql/mysql-slow.log
-#long_query_time = 2
-#log-queries-not-using-indexes
-
-# The following can be used as easy to replay backup logs or for replication.
-#server-id = 1
-#log_bin = /var/log/mysql/mysql-bin.log
-#expire_logs_days = 10
-#max_binlog_size = 100M
-#binlog_do_db = include_database_name
-#binlog_ignore_db = include_database_name
-
-
-[mysqldump]
-quick
-quote-names
-max_allowed_packet = 16M
-
-[mysql]
-#no-auto-rehash # faster start of mysql but no tab completition
-
-[isamchk]
-key_buffer = 16M
-
-
+++ /dev/null
-
-bundle agent app_email
-{
- vars:
- "pwd[uucp]" string => "uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh";
- "pwd[mail]" string => "mail:x:8:8:mail:/var/mail:/bin/sh";
- "pwd[exim]" string => "exim:x:110:110:exim:/var/mail:/bin/sh";
- "pwd[dovecot]" string => "dovecot:x:106:106:Dovecot mail server:/usr/lib/dovecot:/bin/false";
- "pwd[dovenull]" string => "dovenull:x:107:107:Dovecot login user:/nonexistent:/bin/false";
- #"pwd[vmail]" string => "vmail:x:5000:5000:virtual mail user:/box/vmail:/bin/sh";
- "grp[uucp]" string => "uucp:x:10:";
- "grp[mail]" string => "mail:x:8:";
- "grp[exim]" string => "exim:x:110:";
- "grp[dovecot]" string => "dovecot:x:106:";
- #"grp[vmail]" string => "vmail:x:5000:";
-
- files:
- "/etc/passwd"
- edit_line => append_users_starting("app_email.pwd");
-
- "/etc/group"
- edit_line => append_groups_starting("app_email.grp");
-
- "/usr/exim/configure"
- create => "true",
- template_method => "mustache",
- template_data => readjson("$(g.site)", 64000),
- edit_template => "$(this.promise_dirname)/templates/exim4.conf.mustache",
- edit_defaults => no_backup,
- classes => if_repaired("restart_exim");
-
- "/etc/dovecot/dovecot.conf"
- create => "true",
- edit_template => "$(this.promise_dirname)/templates/dovecot.conf",
- edit_defaults => no_backup,
- classes => if_repaired("restart_dovecot");
-
- "/box/vmail/."
- create => "true",
- perms => vmail;
-
- "/etc/dovecot/users.conf"
- create => "true",
- perms => file,
- template_method => "mustache",
- template_data => readjson("$(g.site)", 64000),
- edit_template => "$(this.promise_dirname)/templates/users.conf.mustache",
- edit_defaults => no_backup,
- classes => if_repaired("restart_dovecot");
-
- "/etc/php.ini"
- create => "true",
- edit_template => "$(this.promise_dirname)/templates/php.ini",
- edit_defaults => no_backup,
- classes => if_repaired("restart_php");
-
- commands:
- restart_exim::
- "/etc/init.d/exim restart";
-
- restart_dovecot::
- "/etc/init.d/dovecot restart";
-
- restart_php::
- "/etc/init.d/php5-fastcgi restart";
-
- reports:
- "checking email: done";
-}
-
-body perms vmail
-{
- mode => "755";
- owners => { "exim" };
- groups => { "exim" };
-}
-
+++ /dev/null
-auth_mechanisms = plain login
-disable_plaintext_auth = no
-auth_verbose = yes
-first_valid_gid = 110
-first_valid_uid = 110
-last_valid_gid = 110
-last_valid_uid = 110
-log_timestamp = "%Y-%m-%d %H:%M:%S "
-mail_location = maildir:/box/vmail/%n/Maildir
-mail_privileged_group = exim
-passdb {
- args = scheme=SHA1 /etc/dovecot/users.conf
- driver = passwd-file
-}
-protocols = imap pop3
-
-# try to work around that crappy slow ssl dipshit
-# we really really don't need ssl
-ssl = no
-ssl_parameters_regenerate = 0
-
-userdb {
- args = uid=110 gid=110 home=/box/vmail/%n allow_all_users=yes
- driver = static
-}
-protocol lda {
- auth_socket_path = /var/run/dovecot/auth-master
- log_path =
- mail_plugins = sieve
- postmaster_address = postmaster@example.org
-}
+++ /dev/null
-#####################################################
-### main/01_exim4-config_listmacrosdefs
-#####################################################
-######################################################################
-# Runtime configuration file for Exim 4 (Debian Packaging) #
-######################################################################
-
-######################################################################
-# /etc/exim4/exim4.conf.template is only used with the non-split
-# configuration scheme.
-# /etc/exim4/conf.d/main/01_exim4-config_listmacrosdefs is only used
-# with the split configuration scheme.
-# If you find this comment anywhere else, somebody copied it there.
-# Documentation about the Debian exim4 configuration scheme can be
-# found in /usr/share/doc/exim4-base/README.Debian.gz.
-######################################################################
-
-######################################################################
-# MAIN CONFIGURATION SETTINGS #
-######################################################################
-
-# Just for reference and scripts.
-# On Debian systems, the main binary is installed as exim4 to avoid
-# conflicts with the exim 3 packages.
-exim_path = /usr/sbin/exim4
-
-# Macro defining the main configuration directory.
-# We do not use absolute paths.
-.ifndef CONFDIR
-CONFDIR = /etc/exim4
-.endif
-
-MAIN_HARDCODE_PRIMARY_HOSTNAME = enigma.box
-MAIN_LOCAL_DOMAINS = @[]
-MAIN_RELAY_NETS = 127.0.0.1
-MAIN_RELAY_TO_DOMAINS = *
-ETC_MAILNAME = localhost
-MAIN_ALLOW_DOMAIN_LITERALS = 1
-REMOTE_SMTP_HEADERS_REWRITE = mail@* "mail@[${lookup dnsdb{aaaa=$domain}}]" tcb
-MESSAGE_SIZE_LIMIT = 150M
-
-# debconf-driven macro definitions get inserted after this line
-UPEX4CmacrosUPEX4C = 1
-
-# Create domain and host lists for relay control
-# '@' refers to 'the name of the local host'
-
-# List of domains considered local for exim. Domains not listed here
-# need to be deliverable remotely.
-domainlist local_domains = MAIN_LOCAL_DOMAINS
-
-# List of recipient domains to relay _to_. Use this list if you're -
-# for example - fallback MX or mail gateway for domains.
-domainlist relay_to_domains = MAIN_RELAY_TO_DOMAINS
-
-# List of sender networks (IP addresses) to _unconditionally_ relay
-# _for_. If you intend to be SMTP AUTH server, you do not need to enter
-# anything here.
-hostlist relay_from_hosts = MAIN_RELAY_NETS
-
-
-# Decide which domain to use to add to all unqualified addresses.
-# If MAIN_PRIMARY_HOSTNAME_AS_QUALIFY_DOMAIN is defined, the primary
-# hostname is used. If not, but MAIN_QUALIFY_DOMAIN is set, the value
-# of MAIN_QUALIFY_DOMAIN is used. If both macros are not defined,
-# the first line of /etc/mailname is used.
-.ifndef MAIN_PRIMARY_HOSTNAME_AS_QUALIFY_DOMAIN
-.ifndef MAIN_QUALIFY_DOMAIN
-qualify_domain = ETC_MAILNAME
-.else
-qualify_domain = MAIN_QUALIFY_DOMAIN
-.endif
-.endif
-
-# listen on all all interfaces?
-.ifdef MAIN_LOCAL_INTERFACES
-local_interfaces = MAIN_LOCAL_INTERFACES
-.endif
-
-.ifndef LOCAL_DELIVERY
-# The default transport, set in /etc/exim4/update-exim4.conf.conf,
-# defaulting to mail_spool. See CONFDIR/conf.d/transport/ for possibilities
-LOCAL_DELIVERY=mail_spool
-.endif
-
-# The gecos field in /etc/passwd holds not only the name. see passwd(5).
-gecos_pattern = ^([^,:]*)
-gecos_name = $1
-
-# define macros to be used in acl/30_exim4-config_check_rcpt to check
-# recipient local parts for strange characters.
-
-# This macro definition really should be in
-# acl/30_exim4-config_check_rcpt but cannot be there due to
-# http://www.exim.org/bugzilla/show_bug.cgi?id=101 as of exim 4.62.
-
-# These macros are documented in acl/30_exim4-config_check_rcpt,
-# can be changed here or overridden by a locally added configuration
-# file as described in README.Debian chapter 2.1.2
-
-.ifndef CHECK_RCPT_LOCAL_LOCALPARTS
-CHECK_RCPT_LOCAL_LOCALPARTS = ^[.] : ^.*[@%!/|`#&?]
-.endif
-
-.ifndef CHECK_RCPT_REMOTE_LOCALPARTS
-CHECK_RCPT_REMOTE_LOCALPARTS = ^[./|] : ^.*[@%!`#&?] : ^.*/\\.\\./
-.endif
-
-# always log tls_peerdn as we use TLS for outgoing connects by default
-.ifndef MAIN_LOG_SELECTOR
-MAIN_LOG_SELECTOR = +tls_peerdn
-.endif
-#####################################################
-### end main/01_exim4-config_listmacrosdefs
-#####################################################
-#####################################################
-### main/02_exim4-config_options
-#####################################################
-
-### main/02_exim4-config_options
-#################################
-
-
-# Defines the access control list that is run when an
-# SMTP MAIL command is received.
-#
-.ifndef MAIN_ACL_CHECK_MAIL
-MAIN_ACL_CHECK_MAIL = acl_check_mail
-.endif
-acl_smtp_mail = MAIN_ACL_CHECK_MAIL
-
-
-# Defines the access control list that is run when an
-# SMTP RCPT command is received.
-#
-.ifndef MAIN_ACL_CHECK_RCPT
-MAIN_ACL_CHECK_RCPT = acl_check_rcpt
-.endif
-acl_smtp_rcpt = MAIN_ACL_CHECK_RCPT
-
-
-# Defines the access control list that is run when an
-# SMTP DATA command is received.
-#
-.ifndef MAIN_ACL_CHECK_DATA
-MAIN_ACL_CHECK_DATA = acl_check_data
-.endif
-acl_smtp_data = MAIN_ACL_CHECK_DATA
-
-
-# Message size limit. The default (used when MESSAGE_SIZE_LIMIT
-# is unset) is 50 MB
-.ifdef MESSAGE_SIZE_LIMIT
-message_size_limit = MESSAGE_SIZE_LIMIT
-.endif
-
-
-# If you are running exim4-daemon-heavy or a custom version of Exim that
-# was compiled with the content-scanning extension, you can cause incoming
-# messages to be automatically scanned for viruses. You have to modify the
-# configuration in two places to set this up. The first of them is here,
-# where you define the interface to your scanner. This example is typical
-# for ClamAV; see the manual for details of what to set for other virus
-# scanners. The second modification is in the acl_check_data access
-# control list.
-
-# av_scanner = clamd:/var/run/clamav/clamd.ctl
-
-
-# For spam scanning, there is a similar option that defines the interface to
-# SpamAssassin. You do not need to set this if you are using the default, which
-# is shown in this commented example. As for virus scanning, you must also
-# modify the acl_check_data access control list to enable spam scanning.
-
-# spamd_address = 127.0.0.1 783
-
-# Domain used to qualify unqualified recipient addresses
-# If this option is not set, the qualify_domain value is used.
-# qualify_recipient = <value of qualify_domain>
-
-
-# Allow Exim to recognize addresses of the form "user@[10.11.12.13]",
-# where the domain part is a "domain literal" (an IP address) instead
-# of a named domain. The RFCs require this facility, but it is disabled
-# in the default config since it is seldomly used and frequently abused.
-# Domain literal support also needs a special router, which is automatically
-# enabled if you use the enable macro MAIN_ALLOW_DOMAIN_LITERALS.
-# Additionally, you might want to make your local IP addresses (or @[])
-# local domains.
-.ifdef MAIN_ALLOW_DOMAIN_LITERALS
-allow_domain_literals
-.endif
-
-
-# Do a reverse DNS lookup on all incoming IP calls, in order to get the
-# true host name. If you feel this is too expensive, the networks for
-# which a lookup is done can be listed here.
-.ifndef DC_minimaldns
-.ifndef MAIN_HOST_LOOKUP
-MAIN_HOST_LOOKUP = *
-.endif
-host_lookup = MAIN_HOST_LOOKUP
-.endif
-
-
-# In a minimaldns setup, update-exim4.conf guesses the hostname and
-# dumps it here to avoid DNS lookups being done at Exim run time.
-.ifdef MAIN_HARDCODE_PRIMARY_HOSTNAME
-primary_hostname = MAIN_HARDCODE_PRIMARY_HOSTNAME
-.endif
-
-# The settings below, which are actually the same as the defaults in the
-# code, cause Exim to make RFC 1413 (ident) callbacks for all incoming SMTP
-# calls. You can limit the hosts to which these calls are made, and/or change
-# the timeout that is used. If you set the timeout to zero, all RFC 1413 calls
-# are disabled. RFC 1413 calls are cheap and can provide useful information
-# for tracing problem messages, but some hosts and firewalls are
-# misconfigured to drop the requests instead of either answering or
-# rejecting them. This can result in a timeout instead of an immediate refused
-# connection, leading to delays on starting up SMTP sessions. (The default was
-# reduced from 30s to 5s for release 4.61.)
-# rfc1413_hosts = *
-rfc1413_query_timeout = 0s
-
-# When using an external relay tester (such as rt.njabl.org and/or the
-# currently defunct relay-test.mail-abuse.org, the test may be aborted
-# since exim complains about "too many nonmail commands". If you want
-# the test to complete, add the host from where "your" relay tester
-# connects from to the MAIN_SMTP_ACCEPT_MAX_NOMAIL_HOSTS macro.
-# Please note that a non-empty setting may cause extra DNS lookups to
-# happen, which is the reason why this option is commented out in the
-# default settings.
-# MAIN_SMTP_ACCEPT_MAX_NOMAIL_HOSTS = !rt.njabl.org
-.ifdef MAIN_SMTP_ACCEPT_MAX_NOMAIL_HOSTS
-smtp_accept_max_nonmail_hosts = MAIN_SMTP_ACCEPT_MAX_NOMAIL_HOSTS
-.endif
-
-# By default, exim forces a Sender: header containing the local
-# account name at the local host name in all locally submitted messages
-# that don't have the local account name at the local host name in the
-# From: header, deletes any Sender: header present in the submitted
-# message and forces the envelope sender of all locally submitted
-# messages to the local account name at the local host name.
-# The following settings allow local users to specify their own envelope sender
-# in a locally submitted message. Sender: headers existing in a locally
-# submitted message are not removed, and no automatic Sender: headers
-# are added. These settings are fine for most hosts.
-# If you run exim on a classical multi-user systems where all users
-# have local mailboxes that can be reached via SMTP from the Internet
-# with the local FQDN as the domain part of the address, you might want
-# to disable the following three lines for traceability reasons.
-.ifndef MAIN_FORCE_SENDER
-local_from_check = false
-local_sender_retain = true
-untrusted_set_sender = *
-.endif
-
-
-# By default, Exim expects all envelope addresses to be fully qualified, that
-# is, they must contain both a local part and a domain. Configure exim
-# to accept unqualified addresses from certain hosts. When this is done,
-# unqualified addresses are qualified using the settings of qualify_domain
-# and/or qualify_recipient (see above).
-# sender_unqualified_hosts = <unset>
-# recipient_unqualified_hosts = <unset>
-
-
-# Configure Exim to support the "percent hack" for certain domains.
-# The "percent hack" is the feature by which mail addressed to x%y@z
-# (where z is one of the domains listed) is locally rerouted to x@y
-# and sent on. If z is not one of the "percent hack" domains, x%y is
-# treated as an ordinary local part. The percent hack is rarely needed
-# nowadays but frequently abused. You should not enable it unless you
-# are sure that you really need it.
-# percent_hack_domains = <unset>
-
-
-# Bounce handling
-.ifndef MAIN_IGNORE_BOUNCE_ERRORS_AFTER
-MAIN_IGNORE_BOUNCE_ERRORS_AFTER = 2d
-.endif
-ignore_bounce_errors_after = MAIN_IGNORE_BOUNCE_ERRORS_AFTER
-
-.ifndef MAIN_TIMEOUT_FROZEN_AFTER
-MAIN_TIMEOUT_FROZEN_AFTER = 7d
-.endif
-timeout_frozen_after = MAIN_TIMEOUT_FROZEN_AFTER
-
-.ifndef MAIN_FREEZE_TELL
-MAIN_FREEZE_TELL = postmaster
-.endif
-freeze_tell = MAIN_FREEZE_TELL
-
-
-# Define spool directory
-.ifndef SPOOLDIR
-SPOOLDIR = /var/spool/exim4
-.endif
-spool_directory = SPOOLDIR
-
-
-# trusted users can set envelope-from to arbitrary values
-.ifndef MAIN_TRUSTED_USERS
-MAIN_TRUSTED_USERS = uucp
-.endif
-trusted_users = MAIN_TRUSTED_USERS
-.ifdef MAIN_TRUSTED_GROUPS
-trusted_groups = MAIN_TRUSTED_GROUPS
-.endif
-
-
-# users in admin group can do many other things
-# admin_groups = <unset>
-
-
-# SMTP Banner. The example includes the Debian version in the SMTP dialog
-# MAIN_SMTP_BANNER = "${primary_hostname} ESMTP Exim ${version_number} (Debian package MAIN_PACKAGE_VERSION) ${tod_full}"
-# smtp_banner = $smtp_active_hostname ESMTP Exim $version_number $tod_full
-smtp_banner = Enigmabox ESMTP Stealth Mailer $tod_full
-
-#####################################################
-### end main/02_exim4-config_options
-#####################################################
-#####################################################
-### main/03_exim4-config_tlsoptions
-#####################################################
-
-### main/03_exim4-config_tlsoptions
-#################################
-
-# TLS/SSL configuration for exim as an SMTP server.
-# See /usr/share/doc/exim4-base/README.Debian.gz for explanations.
-
-.ifdef MAIN_TLS_ENABLE
-# Defines what hosts to 'advertise' STARTTLS functionality to. The
-# default, *, will advertise to all hosts that connect with EHLO.
-.ifndef MAIN_TLS_ADVERTISE_HOSTS
-MAIN_TLS_ADVERTISE_HOSTS = *
-.endif
-tls_advertise_hosts = MAIN_TLS_ADVERTISE_HOSTS
-
-
-# Full paths to Certificate and Private Key. The Private Key file
-# must be kept 'secret' and should be owned by root.Debian-exim mode
-# 640 (-rw-r-----). exim-gencert takes care of these prerequisites.
-# Normally, exim4 looks for certificate and key in different files:
-# MAIN_TLS_CERTIFICATE - path to certificate file,
-# CONFDIR/exim.crt if unset
-# MAIN_TLS_PRIVATEKEY - path to private key file
-# CONFDIR/exim.key if unset
-# You can also configure exim to look for certificate and key in the
-# same file, set MAIN_TLS_CERTKEY to that file to enable. This takes
-# precedence over all other settings regarding certificate and key file.
-.ifdef MAIN_TLS_CERTKEY
-tls_certificate = MAIN_TLS_CERTKEY
-.else
-.ifndef MAIN_TLS_CERTIFICATE
-MAIN_TLS_CERTIFICATE = CONFDIR/exim.crt
-.endif
-tls_certificate = MAIN_TLS_CERTIFICATE
-
-.ifndef MAIN_TLS_PRIVATEKEY
-MAIN_TLS_PRIVATEKEY = CONFDIR/exim.key
-.endif
-tls_privatekey = MAIN_TLS_PRIVATEKEY
-.endif
-
-# Pointer to the CA Certificates against which client certificates are
-# checked. This is controlled by the `tls_verify_hosts' and
-# `tls_try_verify_hosts' lists below.
-# If you want to check server certificates, you need to add an
-# tls_verify_certificates statement to the smtp transport.
-# /etc/ssl/certs/ca-certificates.crt is generated by
-# the "ca-certificates" package's update-ca-certificates(8) command.
-.ifndef MAIN_TLS_VERIFY_CERTIFICATES
-MAIN_TLS_VERIFY_CERTIFICATES = ${if exists{/etc/ssl/certs/ca-certificates.crt}\
- {/etc/ssl/certs/ca-certificates.crt}\
- {/dev/null}}
-.endif
-tls_verify_certificates = MAIN_TLS_VERIFY_CERTIFICATES
-
-
-# A list of hosts which are constrained by `tls_verify_certificates'. A host
-# that matches `tls_verify_host' must present a certificate that is
-# verifyable through `tls_verify_certificates' in order to be accepted as an
-# SMTP client. If it does not, the connection is aborted.
-.ifdef MAIN_TLS_VERIFY_HOSTS
-tls_verify_hosts = MAIN_TLS_VERIFY_HOSTS
-.endif
-
-# A weaker form of checking: if a client matches `tls_try_verify_hosts' (but
-# not `tls_verify_hosts'), request a certificate and check it against
-# `tls_verify_certificates' but do not abort the connection if there is no
-# certificate or if the certificate presented does not match. (This
-# condition can be tested for in ACLs through `verify = certificate')
-# By default, this check is done for all hosts. It is known that some
-# clients (including incredimail's version downloadable in February
-# 2008) choke on this. To disable, set MAIN_TLS_TRY_VERIFY_HOSTS to an
-# empty value.
-.ifdef MAIN_TLS_TRY_VERIFY_HOSTS
-tls_try_verify_hosts = MAIN_TLS_TRY_VERIFY_HOSTS
-.endif
-
-.endif
-#####################################################
-### end main/03_exim4-config_tlsoptions
-#####################################################
-#####################################################
-### main/90_exim4-config_log_selector
-#####################################################
-
-### main/90_exim4-config_log_selector
-#################################
-
-# uncomment this for debugging
-# MAIN_LOG_SELECTOR == MAIN_LOG_SELECTOR +all -subject -arguments
-
-.ifdef MAIN_LOG_SELECTOR
-log_selector = MAIN_LOG_SELECTOR
-.endif
-#####################################################
-### end main/90_exim4-config_log_selector
-#####################################################
-#####################################################
-### acl/00_exim4-config_header
-#####################################################
-
-######################################################################
-# ACL CONFIGURATION #
-# Specifies access control lists for incoming SMTP mail #
-######################################################################
-begin acl
-
-
-#####################################################
-### end acl/00_exim4-config_header
-#####################################################
-#####################################################
-### acl/20_exim4-config_local_deny_exceptions
-#####################################################
-
-### acl/20_exim4-config_local_deny_exceptions
-#################################
-
-# This is used to determine whitelisted senders and hosts.
-# It checks for CONFDIR/host_local_deny_exceptions and
-# CONFDIR/sender_local_deny_exceptions.
-#
-# It is meant to be used from some other acl entry.
-#
-# See exim4-config_files(5) for details.
-#
-# If the files do not exist, the white list never matches, which is
-# the desired behaviour.
-#
-# The old file names CONFDIR/local_host_whitelist and
-# CONFDIR/local_sender_whitelist will continue to be honored for a
-# transition period. Their use is deprecated.
-
-acl_local_deny_exceptions:
- accept
- hosts = ${if exists{CONFDIR/host_local_deny_exceptions}\
- {CONFDIR/host_local_deny_exceptions}\
- {}}
- accept
- senders = ${if exists{CONFDIR/sender_local_deny_exceptions}\
- {CONFDIR/sender_local_deny_exceptions}\
- {}}
- accept
- hosts = ${if exists{CONFDIR/local_host_whitelist}\
- {CONFDIR/local_host_whitelist}\
- {}}
- accept
- senders = ${if exists{CONFDIR/local_sender_whitelist}\
- {CONFDIR/local_sender_whitelist}\
- {}}
-
- # This hook allows you to hook in your own ACLs without having to
- # modify this file. If you do it like we suggest, you'll end up with
- # a small performance penalty since there is an additional file being
- # accessed. This doesn't happen if you leave the macro unset.
- .ifdef LOCAL_DENY_EXCEPTIONS_LOCAL_ACL_FILE
- .include LOCAL_DENY_EXCEPTIONS_LOCAL_ACL_FILE
- .endif
-
- # this is still supported for a transition period and is deprecated.
- .ifdef WHITELIST_LOCAL_DENY_LOCAL_ACL_FILE
- .include WHITELIST_LOCAL_DENY_LOCAL_ACL_FILE
- .endif
-#####################################################
-### end acl/20_exim4-config_local_deny_exceptions
-#####################################################
-#####################################################
-### acl/30_exim4-config_check_mail
-#####################################################
-
-### acl/30_exim4-config_check_mail
-#################################
-
-# This access control list is used for every MAIL command in an incoming
-# SMTP message. The tests are run in order until the address is either
-# accepted or denied.
-#
-acl_check_mail:
- .ifdef CHECK_MAIL_HELO_ISSUED
- deny
- message = no HELO given before MAIL command
- condition = ${if def:sender_helo_name {no}{yes}}
- .endif
-
- accept
-#####################################################
-### end acl/30_exim4-config_check_mail
-#####################################################
-#####################################################
-### acl/30_exim4-config_check_rcpt
-#####################################################
-
-### acl/30_exim4-config_check_rcpt
-#################################
-
-# This access control list is used for every RCPT command in an incoming
-# SMTP message. The tests are run in order until the address is either
-# accepted or denied.
-#
-acl_check_rcpt:
-
- # Accept if the source is local SMTP (i.e. not over TCP/IP). We do this by
- # testing for an empty sending host field.
- accept
- hosts = :
- control = dkim_disable_verify
-
- # Do not try to verify DKIM signatures of incoming mail if DC_minimaldns
- # or DISABLE_DKIM_VERIFY are set.
-.ifdef DC_minimaldns
- warn
- control = dkim_disable_verify
-.else
-.ifdef DISABLE_DKIM_VERIFY
- warn
- control = dkim_disable_verify
-.endif
-.endif
-
- # The following section of the ACL is concerned with local parts that contain
- # certain non-alphanumeric characters. Dots in unusual places are
- # handled by this ACL as well.
- #
- # Non-alphanumeric characters other than dots are rarely found in genuine
- # local parts, but are often tried by people looking to circumvent
- # relaying restrictions. Therefore, although they are valid in local
- # parts, these rules disallow certain non-alphanumeric characters, as
- # a precaution.
- #
- # Empty components (two dots in a row) are not valid in RFC 2822, but Exim
- # allows them because they have been encountered. (Consider local parts
- # constructed as "firstinitial.secondinitial.familyname" when applied to
- # a name without a second initial.) However, a local part starting
- # with a dot or containing /../ can cause trouble if it is used as part of a
- # file name (e.g. for a mailing list). This is also true for local parts that
- # contain slashes. A pipe symbol can also be troublesome if the local part is
- # incorporated unthinkingly into a shell command line.
- #
- # These ACL components will block recipient addresses that are valid
- # from an RFC2822 point of view. We chose to have them blocked by
- # default for security reasons.
- #
- # If you feel that your site should have less strict recipient
- # checking, please feel free to change the default values of the macros
- # defined in main/01_exim4-config_listmacrosdefs or override them from a
- # local configuration file.
- #
- # Two different rules are used. The first one has a quite strict
- # default, and is applied to messages that are addressed to one of the
- # local domains handled by this host.
-
- # The default value of CHECK_RCPT_LOCAL_LOCALPARTS is defined in
- # main/01_exim4-config_listmacrosdefs:
- # CHECK_RCPT_LOCAL_LOCALPARTS = ^[.] : ^.*[@%!/|`#&?]
- # This blocks local parts that begin with a dot or contain a quite
- # broad range of non-alphanumeric characters.
- .ifdef CHECK_RCPT_LOCAL_LOCALPARTS
- deny
- domains = +local_domains
- local_parts = CHECK_RCPT_LOCAL_LOCALPARTS
- message = restricted characters in address
- .endif
-
-
- # The second rule applies to all other domains, and its default is
- # considerably less strict.
-
- # The default value of CHECK_RCPT_REMOTE_LOCALPARTS is defined in
- # main/01_exim4-config_listmacrosdefs:
- # CHECK_RCPT_REMOTE_LOCALPARTS = ^[./|] : ^.*[@%!`#&?] : ^.*/\\.\\./
-
- # It allows local users to send outgoing messages to sites
- # that use slashes and vertical bars in their local parts. It blocks
- # local parts that begin with a dot, slash, or vertical bar, but allows
- # these characters within the local part. However, the sequence /../ is
- # barred. The use of some other non-alphanumeric characters is blocked.
- # Single quotes might probably be dangerous as well, but they're
- # allowed by the default regexps to avoid rejecting mails to Ireland.
- # The motivation here is to prevent local users (or local users' malware)
- # from mounting certain kinds of attack on remote sites.
- .ifdef CHECK_RCPT_REMOTE_LOCALPARTS
- deny
- domains = !+local_domains
- local_parts = CHECK_RCPT_REMOTE_LOCALPARTS
- message = restricted characters in address
- .endif
-
-
- # Accept mail to postmaster in any local domain, regardless of the source,
- # and without verifying the sender.
- #
- accept
- .ifndef CHECK_RCPT_POSTMASTER
- local_parts = postmaster
- .else
- local_parts = CHECK_RCPT_POSTMASTER
- .endif
- domains = +local_domains : +relay_to_domains
-
-
- # Deny unless the sender address can be verified.
- #
- # This is disabled by default so that DNSless systems don't break. If
- # your system can do DNS lookups without delay or cost, you might want
- # to enable this feature.
- #
- # This feature does not work in smarthost and satellite setups as
- # with these setups all domains pass verification. See spec.txt chapter
- # 39.31 with the added information that a smarthost/satellite setup
- # routes all non-local e-mail to the smarthost.
- .ifdef CHECK_RCPT_VERIFY_SENDER
- deny
- message = Sender verification failed
- !acl = acl_local_deny_exceptions
- !verify = sender
- .endif
-
- # Verify senders listed in local_sender_callout with a callout.
- #
- # In smarthost and satellite setups, this causes the callout to be
- # done to the smarthost. Verification will thus only be reliable if the
- # smarthost does reject illegal addresses in the SMTP dialog.
- deny
- !acl = acl_local_deny_exceptions
- senders = ${if exists{CONFDIR/local_sender_callout}\
- {CONFDIR/local_sender_callout}\
- {}}
- !verify = sender/callout
-
-
- # Accept if the message comes from one of the hosts for which we are an
- # outgoing relay. It is assumed that such hosts are most likely to be MUAs,
- # so we set control=submission to make Exim treat the message as a
- # submission. It will fix up various errors in the message, for example, the
- # lack of a Date: header line. If you are actually relaying out out from
- # MTAs, you may want to disable this. If you are handling both relaying from
- # MTAs and submissions from MUAs you should probably split them into two
- # lists, and handle them differently.
-
- # Recipient verification is omitted here, because in many cases the clients
- # are dumb MUAs that don't cope well with SMTP error responses. If you are
- # actually relaying out from MTAs, you should probably add recipient
- # verification here.
-
- # Note that, by putting this test before any DNS black list checks, you will
- # always accept from these hosts, even if they end up on a black list. The
- # assumption is that they are your friends, and if they get onto black
- # list, it is a mistake.
- accept
- hosts = +relay_from_hosts
- control = submission/sender_retain
- control = dkim_disable_verify
-
-
- # Accept if the message arrived over an authenticated connection, from
- # any host. Again, these messages are usually from MUAs, so recipient
- # verification is omitted, and submission mode is set. And again, we do this
- # check before any black list tests.
- accept
- authenticated = *
- control = submission/sender_retain
- control = dkim_disable_verify
-
-
- # Insist that any other recipient address that we accept is either in one of
- # our local domains, or is in a domain for which we explicitly allow
- # relaying. Any other domain is rejected as being unacceptable for relaying.
- require
- message = relay not permitted
- domains = +local_domains : +relay_to_domains
-
-
- # We also require all accepted addresses to be verifiable. This check will
- # do local part verification for local domains, but only check the domain
- # for remote domains.
- require
- verify = recipient
-
-
- # Verify recipients listed in local_rcpt_callout with a callout.
- # This is especially handy for forwarding MX hosts (secondary MX or
- # mail hubs) of domains that receive a lot of spam to non-existent
- # addresses. The only way to check local parts for remote relay
- # domains is to use a callout (add /callout), but please read the
- # documentation about callouts before doing this.
- deny
- !acl = acl_local_deny_exceptions
- recipients = ${if exists{CONFDIR/local_rcpt_callout}\
- {CONFDIR/local_rcpt_callout}\
- {}}
- !verify = recipient/callout
-
-
- # CONFDIR/local_sender_blacklist holds a list of envelope senders that
- # should have their access denied to the local host. Incoming messages
- # with one of these senders are rejected at RCPT time.
- #
- # The explicit white lists are honored as well as negative items in
- # the black list. See exim4-config_files(5) for details.
- deny
- message = sender envelope address $sender_address is locally blacklisted here. If you think this is wrong, get in touch with postmaster
- !acl = acl_local_deny_exceptions
- senders = ${if exists{CONFDIR/local_sender_blacklist}\
- {CONFDIR/local_sender_blacklist}\
- {}}
-
-
- # deny bad sites (IP address)
- # CONFDIR/local_host_blacklist holds a list of host names, IP addresses
- # and networks (CIDR notation) that should have their access denied to
- # The local host. Messages coming in from a listed host will have all
- # RCPT statements rejected.
- #
- # The explicit white lists are honored as well as negative items in
- # the black list. See exim4-config_files(5) for details.
- deny
- message = sender IP address $sender_host_address is locally blacklisted here. If you think this is wrong, get in touch with postmaster
- !acl = acl_local_deny_exceptions
- hosts = ${if exists{CONFDIR/local_host_blacklist}\
- {CONFDIR/local_host_blacklist}\
- {}}
-
-
- # Warn if the sender host does not have valid reverse DNS.
- #
- # If your system can do DNS lookups without delay or cost, you might want
- # to enable this.
- # If sender_host_address is defined, it's a remote call. If
- # sender_host_name is not defined, then reverse lookup failed. Use
- # this instead of !verify = reverse_host_lookup to catch deferrals
- # as well as outright failures.
- .ifdef CHECK_RCPT_REVERSE_DNS
- warn
- condition = ${if and{{def:sender_host_address}{!def:sender_host_name}}\
- {yes}{no}}
- add_header = X-Host-Lookup-Failed: Reverse DNS lookup failed for $sender_host_address (${if eq{$host_lookup_failed}{1}{failed}{deferred}})
- .endif
-
-
- # Use spfquery to perform a pair of SPF checks (for details, see
- # http://www.openspf.org/)
- #
- # This is quite costly in terms of DNS lookups (~6 lookups per mail). Do not
- # enable if that's an issue. Also note that if you enable this, you must
- # install "spf-tools-perl" which provides the spfquery command.
- # Missing spf-tools-perl will trigger the "Unexpected error in
- # SPF check" warning.
- .ifdef CHECK_RCPT_SPF
- deny
- message = [SPF] $sender_host_address is not allowed to send mail from \
- ${if def:sender_address_domain {$sender_address_domain}{$sender_helo_name}}. \
- Please see \
- http://www.openspf.org/Why?scope=${if def:sender_address_domain \
- {mfrom}{helo}};identity=${if def:sender_address_domain \
- {$sender_address}{$sender_helo_name}};ip=$sender_host_address
- log_message = SPF check failed.
- !acl = acl_local_deny_exceptions
- condition = ${run{/usr/bin/spfquery.mail-spf-perl --ip \
- ${quote:$sender_host_address} --identity \
- ${if def:sender_address_domain \
- {--scope mfrom --identity ${quote:$sender_address}}\
- {--scope helo --identity ${quote:$sender_helo_name}}}}\
- {no}{${if eq {$runrc}{1}{yes}{no}}}}
-
- defer
- message = Temporary DNS error while checking SPF record. Try again later.
- !acl = acl_local_deny_exceptions
- condition = ${if eq {$runrc}{5}{yes}{no}}
-
- warn
- condition = ${if <={$runrc}{6}{yes}{no}}
- add_header = Received-SPF: ${if eq {$runrc}{0}{pass}\
- {${if eq {$runrc}{2}{softfail}\
- {${if eq {$runrc}{3}{neutral}\
- {${if eq {$runrc}{4}{permerror}\
- {${if eq {$runrc}{6}{none}{error}}}}}}}}}\
- } client-ip=$sender_host_address; \
- ${if def:sender_address_domain \
- {envelope-from=${sender_address}; }{}}\
- helo=$sender_helo_name
-
- warn
- log_message = Unexpected error in SPF check.
- condition = ${if >{$runrc}{6}{yes}{no}}
- .endif
-
-
- # Check against classic DNS "black" lists (DNSBLs) which list
- # sender IP addresses
- .ifdef CHECK_RCPT_IP_DNSBLS
- warn
- dnslists = CHECK_RCPT_IP_DNSBLS
- add_header = X-Warning: $sender_host_address is listed at $dnslist_domain ($dnslist_value: $dnslist_text)
- log_message = $sender_host_address is listed at $dnslist_domain ($dnslist_value: $dnslist_text)
- .endif
-
-
- # Check against DNSBLs which list sender domains, with an option to locally
- # whitelist certain domains that might be blacklisted.
- #
- # Note: If you define CHECK_RCPT_DOMAIN_DNSBLS, you must append
- # "/$sender_address_domain" after each domain. For example:
- # CHECK_RCPT_DOMAIN_DNSBLS = rhsbl.foo.org/$sender_address_domain \
- # : rhsbl.bar.org/$sender_address_domain
- .ifdef CHECK_RCPT_DOMAIN_DNSBLS
- warn
- !senders = ${if exists{CONFDIR/local_domain_dnsbl_whitelist}\
- {CONFDIR/local_domain_dnsbl_whitelist}\
- {}}
- dnslists = CHECK_RCPT_DOMAIN_DNSBLS
- add_header = X-Warning: $sender_address_domain is listed at $dnslist_domain ($dnslist_value: $dnslist_text)
- log_message = $sender_address_domain is listed at $dnslist_domain ($dnslist_value: $dnslist_text)
- .endif
-
-
- # This hook allows you to hook in your own ACLs without having to
- # modify this file. If you do it like we suggest, you'll end up with
- # a small performance penalty since there is an additional file being
- # accessed. This doesn't happen if you leave the macro unset.
- .ifdef CHECK_RCPT_LOCAL_ACL_FILE
- .include CHECK_RCPT_LOCAL_ACL_FILE
- .endif
-
-
- # disable relaying from foreign hosts
- deny
- hosts = <; fc00::/8
- !domains = <; ${if match_ip{${sg{$domain}{\\[|\\]}{}}}{<;{{cjdns_ipv6}}}{*}{}}
-
-
- #############################################################################
- # This check is commented out because it is recognized that not every
- # sysadmin will want to do it. If you enable it, the check performs
- # Client SMTP Authorization (csa) checks on the sending host. These checks
- # do DNS lookups for SRV records. The CSA proposal is currently (May 2005)
- # an Internet draft. You can, of course, add additional conditions to this
- # ACL statement to restrict the CSA checks to certain hosts only.
- #
- # require verify = csa
- #############################################################################
-
-
- # Accept if the address is in a domain for which we are an incoming relay,
- # but again, only if the recipient can be verified.
-
- accept
- domains = +relay_to_domains
- endpass
- verify = recipient
-
-
- # At this point, the address has passed all the checks that have been
- # configured, so we accept it unconditionally.
-
- accept
-#####################################################
-### end acl/30_exim4-config_check_rcpt
-#####################################################
-#####################################################
-### acl/40_exim4-config_check_data
-#####################################################
-
-### acl/40_exim4-config_check_data
-#################################
-
-# This ACL is used after the contents of a message have been received. This
-# is the ACL in which you can test a message's headers or body, and in
-# particular, this is where you can invoke external virus or spam scanners.
-
-acl_check_data:
-
- # Deny unless the address list headers are syntactically correct.
- #
- # If you enable this, you might reject legitimate mail.
- .ifdef CHECK_DATA_VERIFY_HEADER_SYNTAX
- deny
- message = Message headers fail syntax check
- !acl = acl_local_deny_exceptions
- !verify = header_syntax
- .endif
-
-
- # require that there is a verifiable sender address in at least
- # one of the "Sender:", "Reply-To:", or "From:" header lines.
- .ifdef CHECK_DATA_VERIFY_HEADER_SENDER
- deny
- message = No verifiable sender address in message headers
- !acl = acl_local_deny_exceptions
- !verify = header_sender
- .endif
-
-
- # Deny if the message contains malware. Before enabling this check, you
- # must install a virus scanner and set the av_scanner option in the
- # main configuration.
- #
- # exim4-daemon-heavy must be used for this section to work.
- #
- # deny
- # malware = *
- # message = This message was detected as possible malware ($malware_name).
-
-
- # Add headers to a message if it is judged to be spam. Before enabling this,
- # you must install SpamAssassin. You also need to set the spamd_address
- # option in the main configuration.
- #
- # exim4-daemon-heavy must be used for this section to work.
- #
- # Please note that this is only suiteable as an example. There are
- # multiple issues with this configuration method. For example, if you go
- # this way, you'll give your spamassassin daemon write access to the
- # entire exim spool which might be a security issue in case of a
- # spamassassin exploit.
- #
- # See the exim docs and the exim wiki for more suitable examples.
- #
- # warn
- # spam = Debian-exim:true
- # add_header = X-Spam_score: $spam_score\n\
- # X-Spam_score_int: $spam_score_int\n\
- # X-Spam_bar: $spam_bar\n\
- # X-Spam_report: $spam_report
-
-
- # This hook allows you to hook in your own ACLs without having to
- # modify this file. If you do it like we suggest, you'll end up with
- # a small performance penalty since there is an additional file being
- # accessed. This doesn't happen if you leave the macro unset.
- .ifdef CHECK_DATA_LOCAL_ACL_FILE
- .include CHECK_DATA_LOCAL_ACL_FILE
- .endif
-
-
- # accept otherwise
- accept
-#####################################################
-### end acl/40_exim4-config_check_data
-#####################################################
-#####################################################
-### router/00_exim4-config_header
-#####################################################
-
-######################################################################
-# ROUTERS CONFIGURATION #
-# Specifies how addresses are handled #
-######################################################################
-# THE ORDER IN WHICH THE ROUTERS ARE DEFINED IS IMPORTANT! #
-# An address is passed to each router in turn until it is accepted. #
-######################################################################
-
-begin routers
-
-#####################################################
-### end router/00_exim4-config_header
-#####################################################
-#####################################################
-### router/100_exim4-config_domain_literal
-#####################################################
-
-### router/100_exim4-config_domain_literal
-#################################
-
-# This router handles e-mail addresses in "domain literal" form like
-# <user@[10.11.12.13]>. The RFCs require this facility, but it is disabled
-# in the default config since it is seldomly used and frequently abused.
-# Domain literal support also needs to be enabled in the main config,
-# which is automatically done if you use the enable macro
-# MAIN_ALLOW_DOMAIN_LITERALS.
-
-.ifdef MAIN_ALLOW_DOMAIN_LITERALS
-domain_literal:
- debug_print = "R: domain_literal for $local_part@$domain"
- driver = ipliteral
- domains = ! +local_domains
- transport = remote_smtp
-.endif
-#####################################################
-### end router/100_exim4-config_domain_literal
-#####################################################
-
-route_friends:
- driver = redirect
- data = mail@[${lookup dnsdb{aaaa=$domain}}]
-
-my_domains:
- driver = accept
- transport = my_mailboxes
- no_more
-
-#####################################################
-### router/150_exim4-config_hubbed_hosts
-#####################################################
-
-# router/150_exim4-config_hubbed_hosts
-#################################
-
-# route specific domains manually.
-#
-# see exim4-config_files(5) and spec.txt chapter 20.3 through 20.7 for
-# more detailed documentation.
-
-hubbed_hosts:
- debug_print = "R: hubbed_hosts for $domain"
- driver = manualroute
- domains = "${if exists{CONFDIR/hubbed_hosts}\
- {partial-lsearch;CONFDIR/hubbed_hosts}\
- fail}"
- same_domain_copy_routing = yes
- route_data = ${lookup{$domain}partial-lsearch{CONFDIR/hubbed_hosts}}
- transport = remote_smtp
-#####################################################
-### end router/150_exim4-config_hubbed_hosts
-#####################################################
-#####################################################
-### router/200_exim4-config_primary
-#####################################################
-
-### router/200_exim4-config_primary
-#################################
-# This file holds the primary router, responsible for nonlocal mails
-
-.ifdef DCconfig_internet
-# configtype=internet
-#
-# deliver mail to the recipient if recipient domain is a domain we
-# relay for. We do not ignore any target hosts here since delivering to
-# a site local or even a link local address might be wanted here, and if
-# such an address has found its way into the MX record of such a domain,
-# the local admin is probably in a place where that broken MX record
-# could be fixed.
-
-dnslookup_relay_to_domains:
- debug_print = "R: dnslookup_relay_to_domains for $local_part@$domain"
- driver = dnslookup
- domains = ! +local_domains : +relay_to_domains
- transport = remote_smtp
- same_domain_copy_routing = yes
- no_more
-
-# deliver mail directly to the recipient. This router is only reached
-# for domains that we do not relay for. Since we most probably can't
-# have broken MX records pointing to site local or link local IP
-# addresses fixed, we ignore target hosts pointing to these addresses.
-
-dnslookup:
- debug_print = "R: dnslookup for $local_part@$domain"
- driver = dnslookup
- domains = ! +local_domains
- transport = remote_smtp
- same_domain_copy_routing = yes
- # ignore private rfc1918 and APIPA addresses
- ignore_target_hosts = 0.0.0.0 : 127.0.0.0/8 : 192.168.0.0/16 :\
- 172.16.0.0/12 : 10.0.0.0/8 : 169.254.0.0/16 :\
- 255.255.255.255
- no_more
-
-.endif
-
-
-.ifdef DCconfig_local
-# configtype=local
-#
-# Stand-alone system, so generate an error for mail to a non-local domain
-nonlocal:
- debug_print = "R: nonlocal for $local_part@$domain"
- driver = redirect
- domains = ! +local_domains
- allow_fail
- data = :fail: Mailing to remote domains not supported
- no_more
-
-.endif
-
-
-.ifdef DCconfig_smarthost DCconfig_satellite
-# configtype=smarthost or configtype=satellite
-#
-# Send all non-local mail to a single other machine (smarthost).
-#
-# This means _ALL_ non-local mail goes to the smarthost. This will most
-# probably not do what you want for domains that are listed in
-# relay_domains. The most typical use for relay_domains is to control
-# relaying for incoming e-mail on secondary MX hosts. In that case,
-# it doesn't make sense to send the mail to the smarthost since the
-# smarthost will probably send the message right back here, causing a
-# loop.
-#
-# If you want to use a smarthost while being secondary MX for some
-# domains, you'll need to copy the dnslookup_relay_to_domains router
-# here so that mail to relay_domains is handled separately.
-
-smarthost:
- debug_print = "R: smarthost for $local_part@$domain"
- driver = manualroute
- domains = ! +local_domains
- transport = remote_smtp_smarthost
- route_list = * DCsmarthost byname
- host_find_failed = defer
- same_domain_copy_routing = yes
- no_more
-
-.endif
-
-
-# The "no_more" above means that all later routers are for
-# domains in the local_domains list, i.e. just like Exim 3 directors.
-#####################################################
-### end router/200_exim4-config_primary
-#####################################################
-#####################################################
-### router/300_exim4-config_real_local
-#####################################################
-
-### router/300_exim4-config_real_local
-#################################
-
-# This router allows reaching a local user while avoiding local
-# processing. This can be used to inform a user of a broken .forward
-# file, for example. The userforward router does this.
-
-COND_LOCAL_SUBMITTER = "\
- ${if match_ip{$sender_host_address}{:@[]}\
- {1}{0}\
- }"
-
-real_local:
- debug_print = "R: real_local for $local_part@$domain"
- driver = accept
- domains = +local_domains
- condition = COND_LOCAL_SUBMITTER
- local_part_prefix = real-
- check_local_user
- transport = LOCAL_DELIVERY
-
-#####################################################
-### end router/300_exim4-config_real_local
-#####################################################
-#####################################################
-### router/400_exim4-config_system_aliases
-#####################################################
-
-### router/400_exim4-config_system_aliases
-#################################
-
-# This router handles aliasing using a traditional /etc/aliases file.
-#
-##### NB You must ensure that /etc/aliases exists. It used to be the case
-##### NB that every Unix had that file, because it was the Sendmail default.
-##### NB These days, there are systems that don't have it. Your aliases
-##### NB file should at least contain an alias for "postmaster".
-#
-# This router handles the local part in a case-insensitive way which
-# satisfies the RFCs requirement that postmaster be reachable regardless
-# of case. If you decide to handle /etc/aliases in a caseful way, you
-# need to make arrangements for a caseless postmaster.
-#
-# Delivery to arbitrary directories, files, and piping to programs in
-# /etc/aliases is disabled per default.
-# If that is a problem for you, see
-# /usr/share/doc/exim4-base/README.Debian.gz
-# for explanation and some workarounds.
-
-system_aliases:
- debug_print = "R: system_aliases for $local_part@$domain"
- driver = redirect
- domains = +local_domains
- allow_fail
- allow_defer
- data = ${lookup{$local_part}lsearch{/etc/aliases}}
- .ifdef SYSTEM_ALIASES_USER
- user = SYSTEM_ALIASES_USER
- .endif
- .ifdef SYSTEM_ALIASES_GROUP
- group = SYSTEM_ALIASES_GROUP
- .endif
- .ifdef SYSTEM_ALIASES_FILE_TRANSPORT
- file_transport = SYSTEM_ALIASES_FILE_TRANSPORT
- .endif
- .ifdef SYSTEM_ALIASES_PIPE_TRANSPORT
- pipe_transport = SYSTEM_ALIASES_PIPE_TRANSPORT
- .endif
- .ifdef SYSTEM_ALIASES_DIRECTORY_TRANSPORT
- directory_transport = SYSTEM_ALIASES_DIRECTORY_TRANSPORT
- .endif
-#####################################################
-### end router/400_exim4-config_system_aliases
-#####################################################
-#####################################################
-### router/500_exim4-config_hubuser
-#####################################################
-
-### router/500_exim4-config_hubuser
-#################################
-
-.ifdef DCconfig_satellite
-# This router is only used for configtype=satellite.
-# It takes care to route all mail targetted to <somelocaluser@this.machine>
-# to the host where we read our mail
-#
-hub_user:
- debug_print = "R: hub_user for $local_part@$domain"
- driver = redirect
- domains = +local_domains
- data = ${local_part}@DCreadhost
- check_local_user
-
-# Grab the redirected mail and deliver it.
-# This is a duplicate of the smarthost router, needed because
-# DCreadhost might end up as part of +local_domains
-hub_user_smarthost:
- debug_print = "R: hub_user_smarthost for $local_part@$domain"
- driver = manualroute
- domains = DCreadhost
- transport = remote_smtp_smarthost
- route_list = * DCsmarthost byname
- host_find_failed = defer
- same_domain_copy_routing = yes
- check_local_user
-.endif
-
-
-#####################################################
-### end router/500_exim4-config_hubuser
-#####################################################
-#####################################################
-### router/600_exim4-config_userforward
-#####################################################
-
-### router/600_exim4-config_userforward
-#################################
-
-# This router handles forwarding using traditional .forward files in users'
-# home directories. It also allows mail filtering with a forward file
-# starting with the string "# Exim filter" or "# Sieve filter".
-#
-# The no_verify setting means that this router is skipped when Exim is
-# verifying addresses. Similarly, no_expn means that this router is skipped if
-# Exim is processing an EXPN command.
-#
-# The check_ancestor option means that if the forward file generates an
-# address that is an ancestor of the current one, the current one gets
-# passed on instead. This covers the case where A is aliased to B and B
-# has a .forward file pointing to A.
-#
-# The four transports specified at the end are those that are used when
-# forwarding generates a direct delivery to a directory, or a file, or to a
-# pipe, or sets up an auto-reply, respectively.
-#
-userforward:
- debug_print = "R: userforward for $local_part@$domain"
- driver = redirect
- domains = +local_domains
- check_local_user
- file = $home/.forward
- require_files = $local_part:$home/.forward
- no_verify
- no_expn
- check_ancestor
- allow_filter
- forbid_smtp_code = true
- directory_transport = address_directory
- file_transport = address_file
- pipe_transport = address_pipe
- reply_transport = address_reply
- skip_syntax_errors
- syntax_errors_to = real-$local_part@$domain
- syntax_errors_text = \
- This is an automatically generated message. An error has\n\
- been found in your .forward file. Details of the error are\n\
- reported below. While this error persists, you will receive\n\
- a copy of this message for every message that is addressed\n\
- to you. If your .forward file is a filter file, or if it is\n\
- a non-filter file containing no valid forwarding addresses,\n\
- a copy of each incoming message will be put in your normal\n\
- mailbox. If a non-filter file contains at least one valid\n\
- forwarding address, forwarding to the valid addresses will\n\
- happen, and those will be the only deliveries that occur.
-
-#####################################################
-### end router/600_exim4-config_userforward
-#####################################################
-#####################################################
-### router/700_exim4-config_procmail
-#####################################################
-
-procmail:
- debug_print = "R: procmail for $local_part@$domain"
- driver = accept
- domains = +local_domains
- check_local_user
- transport = procmail_pipe
- # emulate OR with "if exists"-expansion
- require_files = ${local_part}:\
- ${if exists{/etc/procmailrc}\
- {/etc/procmailrc}{${home}/.procmailrc}}:\
- +/usr/bin/procmail
- no_verify
- no_expn
-
-#####################################################
-### end router/700_exim4-config_procmail
-#####################################################
-#####################################################
-### router/800_exim4-config_maildrop
-#####################################################
-
-### router/800_exim4-config_maildrop
-#################################
-
-maildrop:
- debug_print = "R: maildrop for $local_part@$domain"
- driver = accept
- domains = +local_domains
- check_local_user
- transport = maildrop_pipe
- require_files = ${local_part}:${home}/.mailfilter:+/usr/bin/maildrop
- no_verify
- no_expn
-
-#####################################################
-### end router/800_exim4-config_maildrop
-#####################################################
-#####################################################
-### router/850_exim4-config_lowuid
-#####################################################
-
-### router/850_exim4-config_lowuid
-#################################
-
-.ifndef FIRST_USER_ACCOUNT_UID
-FIRST_USER_ACCOUNT_UID = 0
-.endif
-
-.ifndef DEFAULT_SYSTEM_ACCOUNT_ALIAS
-DEFAULT_SYSTEM_ACCOUNT_ALIAS = :fail: no mail to system accounts
-.endif
-
-COND_SYSTEM_USER_AND_REMOTE_SUBMITTER = "\
- ${if and{{! match_ip{$sender_host_address}{:@[]}}\
- {<{$local_user_uid}{FIRST_USER_ACCOUNT_UID}}}\
- {1}{0}\
- }"
-
-lowuid_aliases:
- debug_print = "R: lowuid_aliases for $local_part@$domain (UID $local_user_uid)"
- check_local_user
- driver = redirect
- allow_fail
- domains = +local_domains
- condition = COND_SYSTEM_USER_AND_REMOTE_SUBMITTER
- data = ${if exists{CONFDIR/lowuid-aliases}\
- {${lookup{$local_part}lsearch{CONFDIR/lowuid-aliases}\
- {$value}{DEFAULT_SYSTEM_ACCOUNT_ALIAS}}}\
- {DEFAULT_SYSTEM_ACCOUNT_ALIAS}}
-#####################################################
-### end router/850_exim4-config_lowuid
-#####################################################
-#####################################################
-### router/900_exim4-config_local_user
-#####################################################
-
-### router/900_exim4-config_local_user
-#################################
-
-# This router matches local user mailboxes. If the router fails, the error
-# message is "Unknown user".
-
-local_user:
- debug_print = "R: local_user for $local_part@$domain"
- driver = accept
- domains = +local_domains
- check_local_user
- local_parts = ! root
- transport = LOCAL_DELIVERY
- cannot_route_message = Unknown user
-#####################################################
-### end router/900_exim4-config_local_user
-#####################################################
-#####################################################
-### router/mmm_mail4root
-#####################################################
-
-### router/mmm_mail4root
-#################################
-# deliver mail addressed to root to /var/mail/mail as user mail:mail
-# if it was not redirected in /etc/aliases or by other means
-# Exim cannot deliver as root since 4.24 (FIXED_NEVER_USERS)
-
-mail4root:
- debug_print = "R: mail4root for $local_part@$domain"
- driver = redirect
- domains = +local_domains
- data = /var/mail/mail
- file_transport = address_file
- local_parts = root
- user = mail
- group = mail
-
-#####################################################
-### end router/mmm_mail4root
-#####################################################
-#####################################################
-### transport/00_exim4-config_header
-#####################################################
-
-######################################################################
-# TRANSPORTS CONFIGURATION #
-######################################################################
-# ORDER DOES NOT MATTER #
-# Only one appropriate transport is called for each delivery. #
-######################################################################
-
-# A transport is used only when referenced from a router that successfully
-# handles an address.
-
-begin transports
-
-#####################################################
-### end transport/00_exim4-config_header
-#####################################################
-#####################################################
-### transport/10_exim4-config_transport-macros
-#####################################################
-
-### transport/10_exim4-config_transport-macros
-#################################
-
-.ifdef HIDE_MAILNAME
-REMOTE_SMTP_HEADERS_REWRITE=*@+local_domains $1@DCreadhost frs : *@ETC_MAILNAME $1@DCreadhost frs
-REMOTE_SMTP_RETURN_PATH=${if match_domain{$sender_address_domain}{+local_domains}{${sender_address_local_part}@DCreadhost}{${if match_domain{$sender_address_domain}{ETC_MAILNAME}{${sender_address_local_part}@DCreadhost}fail}}}
-.endif
-
-.ifdef REMOTE_SMTP_HELO_FROM_DNS
-.ifdef REMOTE_SMTP_HELO_DATA
-REMOTE_SMTP_HELO_DATA==${lookup dnsdb {ptr=$sending_ip_address}{$value}{$primary_hostname}}
-.else
-REMOTE_SMTP_HELO_DATA=${lookup dnsdb {ptr=$sending_ip_address}{$value}{$primary_hostname}}
-.endif
-.endif
-#####################################################
-### end transport/10_exim4-config_transport-macros
-#####################################################
-#####################################################
-### transport/30_exim4-config_address_file
-#####################################################
-
-# This transport is used for handling deliveries directly to files that are
-# generated by aliasing or forwarding.
-#
-address_file:
- debug_print = "T: address_file for $local_part@$domain"
- driver = appendfile
- delivery_date_add
- envelope_to_add
- return_path_add
-
-#####################################################
-### end transport/30_exim4-config_address_file
-#####################################################
-#####################################################
-### transport/30_exim4-config_address_pipe
-#####################################################
-
-# This transport is used for handling pipe deliveries generated by
-# .forward files. If the commands fails and produces any output on standard
-# output or standard error streams, the output is returned to the sender
-# of the message as a delivery error.
-address_pipe:
- debug_print = "T: address_pipe for $local_part@$domain"
- driver = pipe
- return_fail_output
-
-#####################################################
-### end transport/30_exim4-config_address_pipe
-#####################################################
-#####################################################
-### transport/30_exim4-config_address_reply
-#####################################################
-
-# This transport is used for handling autoreplies generated by the filtering
-# option of the userforward router.
-#
-address_reply:
- debug_print = "T: autoreply for $local_part@$domain"
- driver = autoreply
-
-#####################################################
-### end transport/30_exim4-config_address_reply
-#####################################################
-#####################################################
-### transport/30_exim4-config_mail_spool
-#####################################################
-
-### transport/30_exim4-config_mail_spool
-
-# This transport is used for local delivery to user mailboxes in traditional
-# BSD mailbox format.
-#
-mail_spool:
- debug_print = "T: appendfile for $local_part@$domain"
- driver = appendfile
- file = /var/mail/$local_part
- delivery_date_add
- envelope_to_add
- return_path_add
- group = mail
- mode = 0660
- mode_fail_narrower = false
-
-#####################################################
-### end transport/30_exim4-config_mail_spool
-#####################################################
-#####################################################
-### transport/30_exim4-config_maildir_home
-#####################################################
-
-### transport/30_exim4-config_maildir_home
-#################################
-
-# Use this instead of mail_spool if you want to to deliver to Maildir in
-# home-directory - change the definition of LOCAL_DELIVERY
-#
-maildir_home:
- debug_print = "T: maildir_home for $local_part@$domain"
- driver = appendfile
- .ifdef MAILDIR_HOME_MAILDIR_LOCATION
- directory = MAILDIR_HOME_MAILDIR_LOCATION
- .else
- directory = $home/Maildir
- .endif
- .ifdef MAILDIR_HOME_CREATE_DIRECTORY
- create_directory
- .endif
- .ifdef MAILDIR_HOME_CREATE_FILE
- create_file = MAILDIR_HOME_CREATE_FILE
- .endif
- delivery_date_add
- envelope_to_add
- return_path_add
- maildir_format
- .ifdef MAILDIR_HOME_DIRECTORY_MODE
- directory_mode = MAILDIR_HOME_DIRECTORY_MODE
- .else
- directory_mode = 0700
- .endif
- .ifdef MAILDIR_HOME_MODE
- mode = MAILDIR_HOME_MODE
- .else
- mode = 0600
- .endif
- mode_fail_narrower = false
- # This transport always chdirs to $home before trying to deliver. If
- # $home is not accessible, this chdir fails and prevents delivery.
- # If you are in a setup where home directories might not be
- # accessible, uncomment the current_directory line below.
- # current_directory = /
-#####################################################
-### end transport/30_exim4-config_maildir_home
-#####################################################
-#####################################################
-### transport/30_exim4-config_maildrop_pipe
-#####################################################
-
-maildrop_pipe:
- debug_print = "T: maildrop_pipe for $local_part@$domain"
- driver = pipe
- path = "/bin:/usr/bin:/usr/local/bin"
- command = "/usr/bin/maildrop"
- return_path_add
- delivery_date_add
- envelope_to_add
-
-#####################################################
-### end transport/30_exim4-config_maildrop_pipe
-#####################################################
-#####################################################
-### transport/30_exim4-config_procmail_pipe
-#####################################################
-
-procmail_pipe:
- debug_print = "T: procmail_pipe for $local_part@$domain"
- driver = pipe
- path = "/bin:/usr/bin:/usr/local/bin"
- command = "/usr/bin/procmail"
- return_path_add
- delivery_date_add
- envelope_to_add
-
-#####################################################
-### end transport/30_exim4-config_procmail_pipe
-#####################################################
-#####################################################
-### transport/30_exim4-config_remote_smtp
-#####################################################
-
-### transport/30_exim4-config_remote_smtp
-#################################
-# This transport is used for delivering messages over SMTP connections.
-
-remote_smtp:
- debug_print = "T: remote_smtp for $local_part@$domain"
- driver = smtp
-.ifdef REMOTE_SMTP_HOSTS_AVOID_TLS
- hosts_avoid_tls = REMOTE_SMTP_HOSTS_AVOID_TLS
-.endif
-.ifdef REMOTE_SMTP_HEADERS_REWRITE
- headers_rewrite = REMOTE_SMTP_HEADERS_REWRITE
-.endif
-.ifdef REMOTE_SMTP_RETURN_PATH
- return_path = REMOTE_SMTP_RETURN_PATH
-.endif
-.ifdef REMOTE_SMTP_HELO_DATA
- helo_data=REMOTE_SMTP_HELO_DATA
-.endif
-.ifdef DKIM_DOMAIN
-dkim_domain = DKIM_DOMAIN
-.endif
-.ifdef DKIM_SELECTOR
-dkim_selector = DKIM_SELECTOR
-.endif
-.ifdef DKIM_PRIVATE_KEY
-dkim_private_key = DKIM_PRIVATE_KEY
-.endif
-.ifdef DKIM_CANON
-dkim_canon = DKIM_CANON
-.endif
-.ifdef DKIM_STRICT
-dkim_strict = DKIM_STRICT
-.endif
-.ifdef DKIM_SIGN_HEADERS
-dkim_sign_headers = DKIM_SIGN_HEADERS
-.endif
-.ifdef TLS_DH_MIN_BITS
-tls_dh_min_bits = TLS_DH_MIN_BITS
-.endif
-#####################################################
-### end transport/30_exim4-config_remote_smtp
-#####################################################
-#####################################################
-### transport/30_exim4-config_remote_smtp_smarthost
-#####################################################
-
-### transport/30_exim4-config_remote_smtp_smarthost
-#################################
-
-# This transport is used for delivering messages over SMTP connections
-# to a smarthost. The local host tries to authenticate.
-# This transport is used for smarthost and satellite configurations.
-
-remote_smtp_smarthost:
- debug_print = "T: remote_smtp_smarthost for $local_part@$domain"
- driver = smtp
- hosts_try_auth = <; ${if exists{CONFDIR/passwd.client} \
- {\
- ${lookup{$host}nwildlsearch{CONFDIR/passwd.client}{$host_address}}\
- }\
- {} \
- }
-.ifdef REMOTE_SMTP_SMARTHOST_HOSTS_AVOID_TLS
- hosts_avoid_tls = REMOTE_SMTP_SMARTHOST_HOSTS_AVOID_TLS
-.endif
-.ifdef REMOTE_SMTP_HEADERS_REWRITE
- headers_rewrite = REMOTE_SMTP_HEADERS_REWRITE
-.endif
-.ifdef REMOTE_SMTP_RETURN_PATH
- return_path = REMOTE_SMTP_RETURN_PATH
-.endif
-.ifdef REMOTE_SMTP_HELO_DATA
- helo_data=REMOTE_SMTP_HELO_DATA
-.endif
-.ifdef TLS_DH_MIN_BITS
-tls_dh_min_bits = TLS_DH_MIN_BITS
-.endif
-#####################################################
-### end transport/30_exim4-config_remote_smtp_smarthost
-#####################################################
-#####################################################
-### transport/35_exim4-config_address_directory
-#####################################################
-# This transport is used for handling file addresses generated by alias
-# or .forward files if the path ends in "/", which causes it to be treated
-# as a directory name rather than a file name.
-
-address_directory:
- debug_print = "T: address_directory for $local_part@$domain"
- driver = appendfile
- delivery_date_add
- envelope_to_add
- return_path_add
- check_string = ""
- escape_string = ""
- maildir_format
-
-#####################################################
-### end transport/35_exim4-config_address_directory
-#####################################################
-#####################################################
-### retry/00_exim4-config_header
-#####################################################
-
-my_mailboxes:
- driver = appendfile
- user = exim
- maildir_format = true
- directory = /box/vmail/$local_part/Maildir
- create_directory
- delivery_date_add
- envelope_to_add
- return_path_add
- group = exim
- mode = 0600
- headers_rewrite = * "${sg{$sender_host_name}{\\\\.box}{}} <mail@${sg{$sender_host_name}{\\\\.box}{}}>" fw :\
- * "Enigmabox <mail@box>" tcb
- headers_remove = ${if eq{$sender_host_name}{}{From}{}}
- headers_add = ${if eq{$sender_host_name}{}{From: mail@${sg{$sender_rcvhost}{\\].*}{]}}\n}{}}
-
-
-######################################################################
-# RETRY CONFIGURATION #
-######################################################################
-
-begin retry
-
-#####################################################
-### end retry/00_exim4-config_header
-#####################################################
-#####################################################
-### retry/30_exim4-config
-#####################################################
-
-### retry/30_exim4-config
-#################################
-
-# This single retry rule applies to all domains and all errors. It specifies
-# retries every 15 minutes for 2 hours, then increasing retry intervals,
-# starting at 1 hour and increasing each time by a factor of 1.5, up to 16
-# hours, then retries every 6 hours until 4 days have passed since the first
-# failed delivery.
-
-# Please note that these rules only limit the frequency of retries, the
-# effective retry-time depends on the frequency of queue-running, too.
-# See QUEUEINTERVAL in /etc/default/exim4.
-
-# Address or Domain Error Retries
-# ----------------- ----- -------
-
-#* * F,2h,15m; G,16h,1h,1.5; F,4d,6h
-* * F,1h,1m; F,1d,1h; F,30d,4h
-
-#####################################################
-### end retry/30_exim4-config
-#####################################################
-#####################################################
-### rewrite/00_exim4-config_header
-#####################################################
-
-######################################################################
-# REWRITE CONFIGURATION #
-######################################################################
-
-begin rewrite
-
-#####################################################
-### end rewrite/00_exim4-config_header
-#####################################################
-#####################################################
-### rewrite/31_exim4-config_rewriting
-#####################################################
-
-### rewrite/31_exim4-config_rewriting
-#################################
-
-# This rewriting rule is particularily useful for dialup users who
-# don't have their own domain, but could be useful for anyone.
-# It looks up the real address of all local users in a file
-.ifndef NO_EAA_REWRITE_REWRITE
-*@+local_domains "${lookup{${local_part}}lsearch{/etc/email-addresses}\
- {$value}fail}" Ffrs
-# identical rewriting rule for /etc/mailname
-*@ETC_MAILNAME "${lookup{${local_part}}lsearch{/etc/email-addresses}\
- {$value}fail}" Ffrs
-.endif
-
-
-
-#####################################################
-### end rewrite/31_exim4-config_rewriting
-#####################################################
-#####################################################
-### auth/00_exim4-config_header
-#####################################################
-
-######################################################################
-# AUTHENTICATION CONFIGURATION #
-######################################################################
-
-begin authenticators
-
-
-#####################################################
-### end auth/00_exim4-config_header
-#####################################################
-#####################################################
-### auth/30_exim4-config_examples
-#####################################################
-
-### auth/30_exim4-config_examples
-#################################
-
-# The examples below are for server side authentication, when the
-# local exim is SMTP server and clients authenticate to the local exim.
-
-# They allow two styles of plain-text authentication against an
-# CONFDIR/passwd file whose syntax is described in exim4_passwd(5).
-
-# Hosts that are allowed to use AUTH are defined by the
-# auth_advertise_hosts option in the main configuration. The default is
-# "*", which allows authentication to all hosts over all kinds of
-# connections if there is at least one authenticator defined here.
-# Authenticators which rely on unencrypted clear text passwords don't
-# advertise on unencrypted connections by default. Thus, it might be
-# wise to set up TLS to allow encrypted connections. If TLS cannot be
-# used for some reason, you can set AUTH_SERVER_ALLOW_NOTLS_PASSWORDS to
-# advertise unencrypted clear text password based authenticators on all
-# connections. As this is severely reducing security, using TLS is
-# preferred over allowing clear text password based authenticators on
-# unencrypted connections.
-
-# PLAIN authentication has no server prompts. The client sends its
-# credentials in one lump, containing an authorization ID (which we do not
-# use), an authentication ID, and a password. The latter two appear as
-# $auth2 and $auth3 in the configuration and should be checked against a
-# valid username and password. In a real configuration you would typically
-# use $auth2 as a lookup key, and compare $auth3 against the result of the
-# lookup, perhaps using the crypteq{}{} condition.
-
-# plain_server:
-# driver = plaintext
-# public_name = PLAIN
-# server_condition = "${if crypteq{$auth3}{${extract{1}{:}{${lookup{$auth2}lsearch{CONFDIR/passwd}{$value}{*:*}}}}}{1}{0}}"
-# server_set_id = $auth2
-# server_prompts = :
-# .ifndef AUTH_SERVER_ALLOW_NOTLS_PASSWORDS
-# server_advertise_condition = ${if eq{$tls_cipher}{}{}{*}}
-# .endif
-
-# LOGIN authentication has traditional prompts and responses. There is no
-# authorization ID in this mechanism, so unlike PLAIN the username and
-# password are $auth1 and $auth2. Apart from that you can use the same
-# server_condition setting for both authenticators.
-
-# login_server:
-# driver = plaintext
-# public_name = LOGIN
-# server_prompts = "Username:: : Password::"
-# server_condition = "${if crypteq{$auth2}{${extract{1}{:}{${lookup{$auth1}lsearch{CONFDIR/passwd}{$value}{*:*}}}}}{1}{0}}"
-# server_set_id = $auth1
-# .ifndef AUTH_SERVER_ALLOW_NOTLS_PASSWORDS
-# server_advertise_condition = ${if eq{$tls_cipher}{}{}{*}}
-# .endif
-#
-# cram_md5_server:
-# driver = cram_md5
-# public_name = CRAM-MD5
-# server_secret = ${extract{2}{:}{${lookup{$auth1}lsearch{CONFDIR/passwd}{$value}fail}}}
-# server_set_id = $auth1
-
-# Here is an example of CRAM-MD5 authentication against PostgreSQL:
-#
-# psqldb_auth_server:
-# driver = cram_md5
-# public_name = CRAM-MD5
-# server_secret = ${lookup pgsql{SELECT pw FROM users WHERE username = '${quote_pgsql:$auth1}'}{$value}fail}
-# server_set_id = $auth1
-
-# Authenticate against local passwords using sasl2-bin
-# Requires exim_uid to be a member of sasl group, see README.Debian.gz
-# plain_saslauthd_server:
-# driver = plaintext
-# public_name = PLAIN
-# server_condition = ${if saslauthd{{$auth2}{$auth3}}{1}{0}}
-# server_set_id = $auth2
-# server_prompts = :
-# .ifndef AUTH_SERVER_ALLOW_NOTLS_PASSWORDS
-# server_advertise_condition = ${if eq{$tls_cipher}{}{}{*}}
-# .endif
-#
-# login_saslauthd_server:
-# driver = plaintext
-# public_name = LOGIN
-# server_prompts = "Username:: : Password::"
-# # don't send system passwords over unencrypted connections
-# server_condition = ${if saslauthd{{$auth1}{$auth2}}{1}{0}}
-# server_set_id = $auth1
-# .ifndef AUTH_SERVER_ALLOW_NOTLS_PASSWORDS
-# server_advertise_condition = ${if eq{$tls_cipher}{}{}{*}}
-# .endif
-#
-# ntlm_sasl_server:
-# driver = cyrus_sasl
-# public_name = NTLM
-# server_realm = <short main hostname>
-# server_set_id = $auth1
-# .ifndef AUTH_SERVER_ALLOW_NOTLS_PASSWORDS
-# server_advertise_condition = ${if eq{$tls_cipher}{}{}{*}}
-# .endif
-#
-# digest_md5_sasl_server:
-# driver = cyrus_sasl
-# public_name = DIGEST-MD5
-# server_realm = <short main hostname>
-# server_set_id = $auth1
-# .ifndef AUTH_SERVER_ALLOW_NOTLS_PASSWORDS
-# server_advertise_condition = ${if eq{$tls_cipher}{}{}{*}}
-# .endif
-
-# Authentcate against cyrus-sasl
-# This is mainly untested, please report any problems to
-# pkg-exim4-users@lists.alioth.debian.org.
-# cram_md5_sasl_server:
-# driver = cyrus_sasl
-# public_name = CRAM-MD5
-# server_realm = <short main hostname>
-# server_set_id = $auth1
-#
-# plain_sasl_server:
-# driver = cyrus_sasl
-# public_name = PLAIN
-# server_realm = <short main hostname>
-# server_set_id = $auth1
-# .ifndef AUTH_SERVER_ALLOW_NOTLS_PASSWORDS
-# server_advertise_condition = ${if eq{$tls_cipher}{}{}{*}}
-# .endif
-#
-# login_sasl_server:
-# driver = cyrus_sasl
-# public_name = LOGIN
-# server_realm = <short main hostname>
-# server_set_id = $auth1
-# .ifndef AUTH_SERVER_ALLOW_NOTLS_PASSWORDS
-# server_advertise_condition = ${if eq{$tls_cipher}{}{}{*}}
-# .endif
-
-# Authenticate against courier authdaemon
-
-# This is now the (working!) example from
-# http://www.exim.org/eximwiki/FAQ/Policy_controls/Q0730
-# Possible pitfall: access rights on /var/run/courier/authdaemon/socket.
-# plain_courier_authdaemon:
-# driver = plaintext
-# public_name = PLAIN
-# server_condition = \
-# ${extract {ADDRESS} \
-# {${readsocket{/var/run/courier/authdaemon/socket} \
-# {AUTH ${strlen:exim\nlogin\n$auth2\n$auth3\n}\nexim\nlogin\n$auth2\n$auth3\n} }} \
-# {yes} \
-# fail}
-# server_set_id = $auth2
-# .ifndef AUTH_SERVER_ALLOW_NOTLS_PASSWORDS
-# server_advertise_condition = ${if eq{$tls_cipher}{}{}{*}}
-# .endif
-
-# login_courier_authdaemon:
-# driver = plaintext
-# public_name = LOGIN
-# server_prompts = Username:: : Password::
-# server_condition = \
-# ${extract {ADDRESS} \
-# {${readsocket{/var/run/courier/authdaemon/socket} \
-# {AUTH ${strlen:exim\nlogin\n$auth1\n$auth2\n}\nexim\nlogin\n$auth1\n$auth2\n} }} \
-# {yes} \
-# fail}
-# server_set_id = $auth1
-# .ifndef AUTH_SERVER_ALLOW_NOTLS_PASSWORDS
-# server_advertise_condition = ${if eq{$tls_cipher}{}{}{*}}
-# .endif
-
-# This one is a bad hack to support the broken version 4.xx of
-# Microsoft Outlook Express which violates the RFCs by demanding
-# "250-AUTH=" instead of "250-AUTH ".
-# If your list of offered authenticators is other than PLAIN and LOGIN,
-# you need to adapt the public_name line manually.
-# It has to be the last authenticator to work and has not been tested
-# well. Use at your own risk.
-# See the thread entry point from
-# http://www.exim.org/mail-archives/exim-users/Week-of-Mon-20050214/msg00213.html
-# for the related discussion on the exim-users mailing list.
-# Thanks to Fred Viles for this great work.
-
-# support_broken_outlook_express_4_server:
-# driver = plaintext
-# public_name = "\r\n250-AUTH=PLAIN LOGIN"
-# server_prompts = User Name : Password
-# server_condition = no
-# .ifndef AUTH_SERVER_ALLOW_NOTLS_PASSWORDS
-# server_advertise_condition = ${if eq{$tls_cipher}{}{}{*}}
-# .endif
-
-##############
-# See /usr/share/doc/exim4-base/README.Debian.gz
-##############
-
-# These examples below are the equivalent for client side authentication.
-# They get the passwords from CONFDIR/passwd.client, whose format is
-# defined in exim4_passwd_client(5)
-
-# Because AUTH PLAIN and AUTH LOGIN send the password in clear, we
-# only allow these mechanisms over encrypted connections by default.
-# You can set AUTH_CLIENT_ALLOW_NOTLS_PASSWORDS to allow unencrypted
-# clear text password authentication on all connections.
-
-cram_md5:
- driver = cram_md5
- public_name = CRAM-MD5
- client_name = ${extract{1}{:}{${lookup{$host}nwildlsearch{CONFDIR/passwd.client}{$value}fail}}}
- client_secret = ${extract{2}{:}{${lookup{$host}nwildlsearch{CONFDIR/passwd.client}{$value}fail}}}
-
-# this returns the matching line from passwd.client and doubles all ^
-PASSWDLINE=${sg{\
- ${lookup{$host}nwildlsearch{CONFDIR/passwd.client}{$value}fail}\
- }\
- {\\N[\\^]\\N}\
- {^^}\
- }
-
-plain:
- driver = plaintext
- public_name = PLAIN
-.ifndef AUTH_CLIENT_ALLOW_NOTLS_PASSWORDS
- client_send = "<; ${if !eq{$tls_cipher}{}\
- {^${extract{1}{:}{PASSWDLINE}}\
- ^${sg{PASSWDLINE}{\\N([^:]+:)(.*)\\N}{\\$2}}\
- }fail}"
-.else
- client_send = "<; ^${extract{1}{:}{PASSWDLINE}}\
- ^${sg{PASSWDLINE}{\\N([^:]+:)(.*)\\N}{\\$2}}"
-.endif
-
-login:
- driver = plaintext
- public_name = LOGIN
-.ifndef AUTH_CLIENT_ALLOW_NOTLS_PASSWORDS
- # Return empty string if not non-TLS AND looking up $host in passwd-file
- # yields a non-empty string; fail otherwise.
- client_send = "<; ${if and{\
- {!eq{$tls_cipher}{}}\
- {!eq{PASSWDLINE}{}}\
- }\
- {}fail}\
- ; ${extract{1}{::}{PASSWDLINE}}\
- ; ${sg{PASSWDLINE}{\\N([^:]+:)(.*)\\N}{\\$2}}"
-.else
- # Return empty string if looking up $host in passwd-file yields a
- # non-empty string; fail otherwise.
- client_send = "<; ${if !eq{PASSWDLINE}{}\
- {}fail}\
- ; ${extract{1}{::}{PASSWDLINE}}\
- ; ${sg{PASSWDLINE}{\\N([^:]+:)(.*)\\N}{\\$2}}"
-.endif
-#####################################################
-### end auth/30_exim4-config_examples
-#####################################################
+++ /dev/null
-[PHP]
-
-zend.ze1_compatibility_mode = Off
-
-; Language Options
-
-engine = On
-;short_open_tag = Off
-precision = 12
-y2k_compliance = On
-output_buffering = Off
-;output_handler =
-zlib.output_compression = Off
-;zlib.output_compression_level = -1
-;zlib.output_handler =
-implicit_flush = Off
-unserialize_callback_func =
-serialize_precision = 100
-
-;open_basedir =
-disable_functions =
-disable_classes =
-
-; Colors for Syntax Highlighting mode. Anything that's acceptable in
-; <span style="color: ???????"> would work.
-;highlight.string = #DD0000
-;highlight.comment = #FF9900
-;highlight.keyword = #007700
-;highlight.bg = #FFFFFF
-;highlight.default = #0000BB
-;highlight.html = #000000
-
-;ignore_user_abort = On
-;realpath_cache_size = 16k
-;realpath_cache_ttl = 120
-
-; Miscellaneous
-
-expose_php = On
-
-; Resource Limits
-
-max_execution_time = 600 ; Maximum execution time of each script, in seconds.
-max_input_time = 600 ; Maximum amount of time each script may spend parsing request data.
-;max_input_nesting_level = 64
-memory_limit = 16M ; Maximum amount of memory a script may consume.
-
-; Error handling and logging
-
-; Error Level Constants:
-; E_ALL - All errors and warnings (includes E_STRICT as of PHP 6.0.0)
-; E_ERROR - fatal run-time errors
-; E_RECOVERABLE_ERROR - almost fatal run-time errors
-; E_WARNING - run-time warnings (non-fatal errors)
-; E_PARSE - compile-time parse errors
-; E_NOTICE - run-time notices (these are warnings which often result
-; from a bug in your code, but it's possible that it was
-; intentional (e.g., using an uninitialized variable and
-; relying on the fact it's automatically initialized to an
-; empty string)
-; E_STRICT - run-time notices, enable to have PHP suggest changes
-; to your code which will ensure the best interoperability
-; and forward compatibility of your code
-; E_CORE_ERROR - fatal errors that occur during PHP's initial startup
-; E_CORE_WARNING - warnings (non-fatal errors) that occur during PHP's
-; initial startup
-; E_COMPILE_ERROR - fatal compile-time errors
-; E_COMPILE_WARNING - compile-time warnings (non-fatal errors)
-; E_USER_ERROR - user-generated error message
-; E_USER_WARNING - user-generated warning message
-; E_USER_NOTICE - user-generated notice message
-; E_DEPRECATED - warn about code that will not work in future versions
-; of PHP
-; E_USER_DEPRECATED - user-generated deprecation warnings
-;
-; Common Values:
-; E_ALL & ~E_NOTICE (Show all errors, except for notices and coding standards warnings.)
-; E_ALL & ~E_NOTICE | E_STRICT (Show all errors, except for notices)
-; E_COMPILE_ERROR|E_RECOVERABLE_ERROR|E_ERROR|E_CORE_ERROR (Show only errors)
-; E_ALL | E_STRICT (Show all errors, warnings and notices including coding standards.)
-; Default Value: E_ALL & ~E_NOTICE
-error_reporting = E_ALL & ~E_NOTICE & ~E_STRICT
-
-display_errors = On
-display_startup_errors = Off
-log_errors = Off
-log_errors_max_len = 1024
-ignore_repeated_errors = Off
-ignore_repeated_source = Off
-report_memleaks = On
-;report_zend_debug = 0
-track_errors = Off
-;html_errors = Off
-;docref_root = "/phpmanual/"
-;docref_ext = .html
-;error_prepend_string = "<font color=#ff0000>"
-;error_append_string = "</font>"
-; Log errors to specified file.
-;error_log = /var/log/php_errors.log
-; Log errors to syslog.
-;error_log = syslog
-
-; Data Handling
-
-;arg_separator.output = "&"
-;arg_separator.input = ";&"
-variables_order = "EGPCS"
-request_order = "GP"
-register_globals = Off
-register_long_arrays = Off
-register_argc_argv = On
-auto_globals_jit = On
-post_max_size = 100M
-;magic_quotes_gpc = Off
-magic_quotes_runtime = Off
-magic_quotes_sybase = Off
-auto_prepend_file =
-auto_append_file =
-default_mimetype = "text/html"
-;default_charset = "iso-8859-1"
-always_populate_raw_post_data = -1
-
-; Paths and Directories
-
-; UNIX: "/path1:/path2"
-;include_path = ".:/php/includes"
-;doc_root = "/www"
-user_dir =
-extension_dir = "/usr/lib/php"
-enable_dl = On
-cgi.force_redirect = 1
-;cgi.nph = 1
-cgi.redirect_status_env = "yes";
-cgi.fix_pathinfo=1
-;fastcgi.impersonate = 1;
-;fastcgi.logging = 0
-;cgi.rfc2616_headers = 0
-
-; File Uploads
-
-file_uploads = On
-upload_tmp_dir = "/tmp"
-upload_max_filesize = 100M
-max_file_uploads = 20
-
-; Fopen wrappers
-
-allow_url_fopen = On
-allow_url_include = Off
-;from="john@doe.com"
-;user_agent="PHP"
-default_socket_timeout = 60
-;auto_detect_line_endings = Off
-
-; Dynamic Extensions
-
-;extension=ctype.so
-;extension=curl.so
-;extension=dom.so
-;extension=exif.so
-;extension=ftp.so
-;extension=gd.so
-;extension=gmp.so
-;extension=hash.so
-;extension=iconv.so
-;extension=json.so
-;extension=ldap.so
-;extension=mbstring.so
-;extension=mcrypt.so
-;extension=mysql.so
-;extension=openssl.so
-;extension=pcre.so
-;extension=pdo.so
-;extension=pdo-mysql.so
-;extension=pdo-pgsql.so
-;extension=pdo_sqlite.so
-;extension=pgsql.so
-;extension=session.so
-;extension=soap.so
-;extension=sockets.so
-;extension=sqlite.so
-;extension=sqlite3.so
-;extension=tokenizer.so
-;extension=xml.so
-;extension=xmlreader.so
-;extension=xmlwriter.so
-
-; Module Settings
-
-[APC]
-apc.enabled = 1
-apc.shm_segments = 1 ;The number of shared memory segments to allocate for the compiler cache.
-apc.shm_size = 4M ;The size of each shared memory segment.
-
-[Date]
-date.timezone = UTC
-;date.default_latitude = 31.7667
-;date.default_longitude = 35.2333
-;date.sunrise_zenith = 90.583333
-;date.sunset_zenith = 90.583333
-
-[filter]
-;filter.default = unsafe_raw
-;filter.default_flags =
-
-[iconv]
-;iconv.input_encoding = ISO-8859-1
-;iconv.internal_encoding = ISO-8859-1
-;iconv.output_encoding = ISO-8859-1
-
-[sqlite]
-;sqlite.assoc_case = 0
-
-[sqlite3]
-;sqlite3.extension_dir =
-
-[Pdo_mysql]
-pdo_mysql.cache_size = 2000
-pdo_mysql.default_socket=
-
-[MySQL]
-mysql.allow_local_infile = On
-mysql.allow_persistent = On
-mysql.cache_size = 2000
-mysql.max_persistent = -1
-mysql.max_links = -1
-mysql.default_port =
-mysql.default_socket =
-mysql.default_host =
-mysql.default_user =
-mysql.default_password =
-mysql.connect_timeout = 60
-mysql.trace_mode = Off
-
-[PostgresSQL]
-pgsql.allow_persistent = On
-pgsql.auto_reset_persistent = Off
-pgsql.max_persistent = -1
-pgsql.max_links = -1
-pgsql.ignore_notice = 0
-pgsql.log_notice = 0
-
-[Session]
-session.save_handler = files
-session.save_path = "/tmp"
-session.use_cookies = 1
-;session.cookie_secure =
-session.use_only_cookies = 1
-session.name = PHPSESSID
-session.auto_start = 0
-session.cookie_lifetime = 0
-session.cookie_path = /
-session.cookie_domain =
-session.cookie_httponly =
-session.serialize_handler = php
-session.gc_probability = 1
-session.gc_divisor = 100
-session.gc_maxlifetime = 1440
-session.bug_compat_42 = On
-session.bug_compat_warn = On
-session.referer_check =
-session.entropy_length = 0
-;session.entropy_file = /dev/urandom
-session.entropy_file =
-;session.entropy_length = 16
-session.cache_limiter = nocache
-session.cache_expire = 180
-session.use_trans_sid = 0
-session.hash_function = 0
-session.hash_bits_per_character = 4
-url_rewriter.tags = "a=href,area=href,frame=src,input=src,form=,fieldset="
-
-[mbstring]
-;mbstring.language = Japanese
-;mbstring.internal_encoding = EUC-JP
-;mbstring.http_input = auto
-;mbstring.http_output = SJIS
-;mbstring.encoding_translation = Off
-;mbstring.detect_order = auto
-;mbstring.substitute_character = none;
-;mbstring.func_overload = 0
-;mbstring.strict_detection = Off
-;mbstring.http_output_conv_mimetype=
-;mbstring.script_encoding=
-
-[gd]
-;gd.jpeg_ignore_warning = 0
-
-[exif]
-;exif.encode_unicode = ISO-8859-15
-;exif.decode_unicode_motorola = UCS-2BE
-;exif.decode_unicode_intel = UCS-2LE
-;exif.encode_jis =
-;exif.decode_jis_motorola = JIS
-;exif.decode_jis_intel = JIS
-
-[soap]
-soap.wsdl_cache_enabled=1
-soap.wsdl_cache_dir="/tmp"
-soap.wsdl_cache_ttl=86400
-soap.wsdl_cache_limit = 5
-
-[sysvshm]
-;sysvshm.init_mem = 10000
-
-[ldap]
-ldap.max_links = -1
-
-[mcrypt]
-;mcrypt.algorithms_dir=
-;mcrypt.modes_dir=
+++ /dev/null
-mail@box:{SHA1}{{mailbox_password}}
+++ /dev/null
-
-bundle agent app_security
-{
- vars:
- "site" data => readjson("$(g.site)", 64000);
-
- classes:
- "webinterface_password" expression => strcmp("$(site[if_webinterface_password])", "true");
-
- files:
- "/etc/lighttpd/auth/."
- create => "true";
-
- webinterface_password::
- "/etc/lighttpd/auth/webinterface.conf"
- create => "true",
- template_method => "mustache",
- template_data => readjson("$(g.site)", 64000),
- edit_template => "$(this.promise_dirname)/templates/webinterface.conf.mustache",
- edit_defaults => no_backup,
- classes => if_repaired("restart_lighttpd");
-
- "/etc/lighttpd/auth/webinterface.htpasswd"
- create => "true",
- template_method => "mustache",
- template_data => readjson("$(g.site)", 64000),
- edit_template => "$(this.promise_dirname)/templates/webinterface.htpasswd.mustache",
- edit_defaults => no_backup,
- perms => wwwdata,
- classes => if_repaired("restart_lighttpd");
-
- !webinterface_password::
- "/etc/lighttpd/auth/webinterface.conf"
- delete => tidy,
- classes => if_repaired("restart_lighttpd");
-
- commands:
- restart_lighttpd::
- "/etc/init.d/lighttpd restart";
-
- reports:
- "checking security: done";
-}
-
-body perms wwwdata
-{
- mode => "600";
- owners => { "nobody" };
- groups => { "nogroup" };
-}
-
+++ /dev/null
-auth.backend = "plain"
-auth.backend.plain.userfile = "/etc/lighttpd/auth/webinterface.htpasswd"
-
-auth.require = ("" =>
- (
- "method" => "basic",
-{{#if_hostid}}
- "realm" => "Enigmabox Webinterface (Hostid: {{hostid}})",
-{{/if_hostid}}
-{{^if_hostid}}
- "realm" => "Enigmabox Webinterface",
-{{/if_hostid}}
- "require" => "valid-user"
- )
-)
+++ /dev/null
-admin:{{webinterface_password}}
+++ /dev/null
-
-bundle agent app_telephony
-{
- files:
- "/etc/asterisk/sip.conf"
- create => "true",
- template_method => "mustache",
- template_data => readjson("$(g.site)", 64000),
- edit_template => "$(this.promise_dirname)/templates/sip.conf.mustache",
- edit_defaults => no_backup,
- classes => if_repaired("restart_asterisk");
-
- "/etc/asterisk/extensions.conf"
- create => "true",
- template_method => "mustache",
- template_data => readjson("$(g.site)", 64000),
- edit_template => "$(this.promise_dirname)/templates/extensions.conf.mustache",
- edit_defaults => no_backup,
- classes => if_repaired("restart_asterisk");
-
- "/etc/asterisk/sip_notify.conf"
- create => "true",
- edit_template => "$(this.promise_dirname)/templates/sip_notify.conf",
- edit_defaults => no_backup,
- classes => if_repaired("restart_asterisk");
-
- commands:
- restart_asterisk::
- "/etc/init.d/asterisk restart";
-
- reports:
- "checking telephony: done";
-}
-
+++ /dev/null
-; extensions.conf - the Asterisk dial plan
-
-[incoming]
-exten => _X.,1,Answer()
-exten => _X.,n,Playback(ascending-2tone)
-exten => _X.,n,Read(get,"silence/1",,,,1)
-exten => _X.,n,GotoIf($[ 1${get} = 18 ]?confcall:dial)
-exten => _X.,n(confcall),ConfBridge(8)
-exten => _X.,n(dial),Dial(SIP/100,30)
-exten => _X.,n,Hangup()
-
-[friends]
-{{#addresses}}
-exten => {{phone}},1,Dial(SIP/100@{{hostname}})
-{{/addresses}}
-
-;global addresses
-{{#global_addresses}}
-exten => 01{{phone}},1,Dial(SIP/100@{{hostname}}.eb)
-{{/global_addresses}}
-
-;echo test
-exten => 1,1,Answer()
-;exten => 1,n,Playback(tt-somethingwrong)
-exten => 1,n,Playback(tt-weasels)
-exten => 1,n,Playback(tt-monkeysintro)
-exten => 1,n,Playback(tt-monkeys)
-exten => 1,n,Echo()
-exten => 1,n,Playback(vm-goodbye)
-exten => 1,n,Hangup()
-
-;confcall
-exten => 8,1,ConfBridge(8)
-
+++ /dev/null
-; SIP Configuration
-
-[general]
-bindaddr=::
-transport=tcp
-tcpenable=yes
-canreinvite=no
-context=incoming
-disallow=all
-allow=gsm
-allow=ulaw
-allow=alaw
-allow=h263
-;jbenable=yes
-;jbforce=yes
-
-; this settings work well when the net is fucked up and laggy
-;jbmaxsize=100
-;jbresyncthreshold=500
-
-; little less treshold
-;jbmaxsize=50
-;jbresyncthreshold=250
-
-; this settings work well when the net is ok
-;jbmaxsize=25
-;jbresyncthreshold=200
-
-
-
-; my own phone
-
-[100]
-type=peer
-qualify=yes
-secret=100
-host=dynamic
-context=friends
-transport=udp
-
-
-
-; my addresses
-
-[basic-options](!)
- type=peer
- qualify=5000
- qualifyfreq=10
- context=incoming
- encryption=yes
-
-{{#addresses}}
-[{{hostname}}](basic-options)
- host={{ipv6}}
- callerid="{{display_name}} <{{hostname}}>"
-
-{{/addresses}}
-
-
-
-; global addresses
-
-[global-addresses](!)
- type=peer
- context=incoming
- encryption=yes
-
-{{#global_addresses}}
-[{{hostname}}.eb](global-addresses)
- host={{ipv6}}
- callerid="{{hostname}}.eb <01{{phone}}>"
-
-{{/global_addresses}}
-
+++ /dev/null
-; rfc3842
-; put empty "Content=>" at the end to have CRLF after last body line
-
-[clear-mwi]
-Event=>message-summary
-Content-type=>application/simple-message-summary
-Content=>Messages-Waiting: no
-Content=>Message-Account: sip:asterisk@127.0.0.1
-Content=>Voice-Message: 0/0 (0/0)
-Content=>
-
-; Aastra
-
-[aastra-check-cfg]
-Event=>check-sync
-
-[aastra-xml]
-Event=>aastra-xml
-
-; Digium
-
-[digium-check-cfg]
-Event=>check-sync
-
-; Linksys
-
-[linksys-cold-restart]
-Event=>reboot_now
-
-[linksys-warm-restart]
-Event=>restart_now
-
-; Polycom
-
-[polycom-check-cfg]
-Event=>check-sync
-
-; Sipura
-
-[sipura-check-cfg]
-Event=>resync
-
-[sipura-get-report]
-Event=>report
-
-; snom
-
-[snom-check-cfg]
-Event=>check-sync\;reboot=false
-
-[snom-reboot]
-Event=>check-sync\;reboot=true
-
-; Cisco
-
-[cisco-check-cfg]
-Event=>check-sync
-
-; Grandstream
-[gsreboot]
-Event=>check-sync
-
+++ /dev/null
-
-bundle agent app_webfilter
-{
- files:
- "/etc/config/privoxy"
- create => "true",
- template_method => "mustache",
- template_data => readjson("$(g.site)", 64000),
- edit_template => "$(this.promise_dirname)/templates/etc-config-privoxy.mustache",
- edit_defaults => no_backup,
- classes => if_repaired("restart_privoxy");
-
- "/etc/privoxy/match-all.action"
- create => "true",
- edit_template => "$(this.promise_dirname)/templates/match-all.action",
- edit_defaults => no_backup,
- classes => if_repaired("restart_privoxy");
-
- "/etc/privoxy/user.action"
- create => "true",
- template_method => "mustache",
- template_data => readjson("$(g.site)", 64000),
- edit_template => "$(this.promise_dirname)/templates/user.action.mustache",
- edit_defaults => no_backup,
- classes => if_repaired("restart_privoxy");
-
- commands:
- restart_privoxy::
- "/etc/init.d/privoxy restart";
-
- reports:
- "checking webfilter: done";
-}
-
+++ /dev/null
-config privoxy 'privoxy'
- option confdir '/etc/privoxy'
- option logdir '/var/log'
- option logfile 'privoxy'
-{{#if_webfilter_filter_ads}}
- list filterfile 'default.filter'
- list actionsfile 'default.action'
-{{/if_webfilter_filter_ads}}
- list actionsfile 'user.action'
- list actionsfile 'match-all.action'
- list listen_address '0.0.0.0:8888'
- option toggle '1'
- option enable_remote_toggle '1'
- option enable_remote_http_toggle '0'
- option enable_edit_actions '1'
- option enforce_blocks '0'
- option buffer_limit '4096'
- option forwarded_connect_retries '0'
- option accept_intercepted_requests '1'
- option allow_cgi_request_crunching '0'
- option split_large_forms '0'
- option keep_alive_timeout '300'
- option socket_timeout '300'
- list permit_access '192.168.100.0/24'
- list permit_access '192.168.101.0/24'
- option debug '0'
-
+++ /dev/null
-#############################################################################
-# Id: match-all.action,v
-#
-# This file contains the actions that are applied to all requests and
-# may be overruled later on by other actions files. Less experienced
-# users should only edit this file through the actions file editor.
-#
-#############################################################################
-{ \
-+change-x-forwarded-for{block} \
-+client-header-tagger{css-requests} \
-+client-header-tagger{image-requests} \
-#+deanimate-gifs{last} \
-+filter{refresh-tags} \
-+filter{img-reorder} \
-+filter{banners-by-size} \
-+filter{webbugs} \
-+filter{jumping-windows} \
-+filter{ie-exploits} \
-+hide-from-header{block} \
-+hide-referrer{conditional-block} \
-+session-cookies-only \
-+set-image-blocker{pattern} \
-+hide-user-agent{Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/38.0.2125.101 Safari/537.36} \
-}
-/ # Match all URLs
+++ /dev/null
-######################################################################
-#
-# File : Source: /cvsroot/ijbswa/current/user.action,v
-#
-# Id: user.action,v
-#
-# Purpose : User-maintained actions file, see
-# http://www.privoxy.org/user-manual/actions-file.html
-#
-######################################################################
-
-# This is the place to add your personal exceptions and additions to
-# the general policies as defined in default.action. (Here they will be
-# safe from updates to default.action.) Later defined actions always
-# take precedence, so anything defined here should have the last word.
-
-# See http://www.privoxy.org/user-manual/actions-file.html, or the
-# comments in default.action, for an explanation of what an "action" is
-# and what each action does.
-
-# The examples included here either use bogus sites, or have the actual
-# rules commented out (with the '#' character). Useful aliases are
-# included in the top section as a convenience.
-
-#############################################################################
-# Aliases
-#############################################################################
-{{=<% %>=}}
-{{alias}}
-<%={{ }}=%>
-#############################################################################
-#
-# You can define a short form for a list of permissions - e.g., instead
-# of "-crunch-incoming-cookies -crunch-outgoing-cookies -filter -fast-redirects",
-# you can just write "shop". This is called an alias.
-#
-# Currently, an alias can contain any character except space, tab, '=', '{'
-# or '}'.
-# But please use only 'a'-'z', '0'-'9', '+', and '-'.
-#
-# Alias names are not case sensitive.
-#
-# Aliases beginning with '+' or '-' may be used for system action names
-# in future releases - so try to avoid alias names like this. (e.g.
-# "+crunch-all-cookies" below is not a good name)
-#
-# Aliases must be defined before they are used.
-#
-# These aliases just save typing later:
-#
-+crunch-all-cookies = +crunch-incoming-cookies +crunch-outgoing-cookies
--crunch-all-cookies = -crunch-incoming-cookies -crunch-outgoing-cookies
- allow-all-cookies = -crunch-all-cookies -session-cookies-only -filter{content-cookies}
- allow-popups = -filter{all-popups} -filter{unsolicited-popups}
-+block-as-image = +block{Blocked image request.} +handle-as-image
--block-as-image = -block
-
-# These aliases define combinations of actions
-# that are useful for certain types of sites:
-#
-fragile = -block -crunch-all-cookies -filter -fast-redirects -hide-referer -prevent-compression
-shop = -crunch-all-cookies allow-popups
-
-# Your favourite blend of filters:
-#
-myfilters = +filter{html-annoyances} +filter{js-annoyances} +filter{all-popups}\
- +filter{webbugs} +filter{banners-by-size}
-
-# Allow ads for selected useful free sites:
-#
-allow-ads = -block -filter{banners-by-size} -filter{banners-by-link}
-#... etc. Customize to your heart's content.
-
-## end aliases ########################################################
-#######################################################################
-
-# Begin examples: #####################################################
-
-# Say you have accounts on some sites that you visit regularly, and you
-# don't want to have to log in manually each time. So you'd like to allow
-# persistent cookies for these sites. The allow-all-cookies alias defined
-# above does exactly that, i.e. it disables crunching of cookies in any
-# direction, and the processing of cookies to make them only temporary.
-#
-{ allow-all-cookies }
-#.sourceforge.net
-#sunsolve.sun.com
-#slashdot.org
-#.yahoo.com
-#.msdn.microsoft.com
-#.redhat.com
-
-# Say the site where you do your homebanking needs to open popup
-# windows, but you have chosen to kill popups uncoditionally by default.
-# This will allow it for your-example-bank.com:
-#
-{ -filter{all-popups} }
-.banking.example.com
-
-# Some hosts and some file types you may not want to filter for
-# various reasons:
-#
-{ -filter }
-
-# Technical documentation is likely to contain strings that might
-# erroneously get altered by the JavaScript-oriented filters:
-#
-#.tldp.org
-#/(.*/)?selfhtml/
-
-# And this stupid host sends streaming video with a wrong MIME type,
-# so that Privoxy thinks it is getting HTML and starts filtering:
-#
-stupid-server.example.com/
-
-
-# Example of a simple "block" action. Say you've seen an ad on your
-# favourite page on example.com that you want to get rid of. You have
-# right-clicked the image, selected "copy image location" and pasted
-# the URL below while removing the leading http://, into a { +block{reason} }
-# section. Note that { +handle-as-image } need not be specified, since
-# all URLs ending in .gif will be tagged as images by the general rules
-# as set in default.action anyway:
-#
-{ +block{Nasty ads.} }
-www.example.com/nasty-ads/sponsor.gif
-
-# The URLs of dynamically generated banners, especially from large banner
-# farms, often don't use the well-known image file name extensions, which
-# makes it impossible for Privoxy to guess the file type just by looking
-# at the URL.
-# You can use the +block-as-image alias defined above for these cases.
-# Note that objects which match this rule but then turn out NOT to be an
-# image are typically rendered as a "broken image" icon by the browser.
-# Use cautiously.
-#
-{ +block-as-image }
-#.doubleclick.net
-#/Realmedia/ads/
-#ar.atwola.com/
-
-# Now you noticed that the default configuration breaks Forbes
-# Magazine, but you were too lazy to find out which action is the
-# culprit, and you were again too lazy to give feedback, so you just
-# used the fragile alias on the site, and -- whoa! -- it worked. The
-# 'fragile' aliases disables those actions that are most likely to break
-# a site. Also, good for testing purposes to see if it is Privoxy that
-# is causing the problem or not.
-#
-{ fragile }
-#.forbes.com
-
-# Here are some sites we wish to support, and we will allow their ads
-# through.
-#
-{ allow-ads }
-#.sourceforge.net
-#.slashdot.org
-#.osdn.net
-
-# user.action is generally the best place to define exceptions and
-# additions to the default policies of default.action. Some actions are
-# safe to have their default policies set here though. So let's set a
-# default policy to have a 'blank' image as opposed to the checkerboard
-# pattern for ALL sites. '/' of course matches all URLs.
-# patterns:
-#
-{ +set-image-blocker{blank} }
-#/
-
-# Enable the following section (not the regression-test directives)
-# to rewrite and redirect click-tracking URLs on news.google.com.
-# Disabling JavaScript should work as well and probably works more reliably.
-#
-# Redirected URL = http://news.google.com/news/url?ct2=us%2F0_0_s_1_1_a&sa=t&usg=AFQjCNHJWPc7ffoSXPSqBRz55jDA0KgxOQ&cid=8797762374160&url=http%3A%2F%2Fonline.wsj.com%2Farticle%2FSB10001424052970204485304576640791304008536.html&ei=YcqeTsymCIjxggf8uQE&rt=HOMEPAGE&vm=STANDARD&bvm=section&did=-6537064229385238098
-# Redirect Destination = http://online.wsj.com/article/SB10001424052970204485304576640791304008536.html
-# Ignore = Yes
-#
-#{+fast-redirects{check-decoded-url}}
-#news.google.com/news/url.*&url=http.*&
-
-# Enable the following section (not the regression-test directives)
-# to block various Facebook "like" and similar tracking URLs. At the
-# time this section was added it was reported to not break Facebook
-# itself but this may have changed by the time you read this. This URL
-# list is probably incomplete and if you don't have an account anyway,
-# you may prefer to block the whole domain.
-#
-# Blocked URL = http://www.facebook.com/plugins/likebox.php?href=http%3A%2F%2Ffacebook.com%2Farstechnica&width=300&colorscheme=light&show_faces=false&stream=false&header=false&height=62&border_color=%23FFFFFF
-# Ignore = Yes
-# Blocked URL = http://www.facebook.com/plugins/activity.php?site=arstechnica.com&width=300&height=370&header=false&colorscheme=light&recommendations=false&border_color=%23FFFFFF
-# Ignore = Yes
-# Blocked URL = http://www.facebook.com/plugins/fan.php?api_key=368513495882&connections=10&height=250&id=8304333127&locale=en_US&sdk=joey&stream=false&width=377
-# Ignore = Yes
-# Blocked URL = http://www.facebook.com/plugins/like.php?api_key=368513495882&channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df13997452c%26origin%3Dhttp%253A%252F%252Fonline.wsj.com%252Ff1b037e354%26relation%3Dparent.parent%26transport%3Dpostmessage&extended_social_context=false&href=http%3A%2F%2Fonline.wsj.com%2Farticle%2FSB10001424052970204485304576640791304008536.html&layout=button_count&locale=en_US&node_type=link&ref=wsj_share_FB&sdk=joey&send=false&show_faces=false&width=90
-# Ignore = Yes
-#
-{+block{Facebook "like" and similar tracking URLs.}}
-www.facebook.com/(extern|plugins)/(login_status|like(box)?|activity|fan)\.php
-
-{{#if_webfilter_block_google}}
-{+block{Block all google}}
-.*google.*
-{{/if_webfilter_block_google}}
-
-{{#if_webfilter_block_facebook}}
-{+block{Block all facebook}}
-.*facebook.*
-{{/if_webfilter_block_facebook}}
-
-{{#if_webfilter_block_twitter}}
-{+block{Block all twitter}}
-.*twitter.*
-{{/if_webfilter_block_twitter}}
-
-{{#if_webfilter_custom_rules}}
-{+block{Block custom rules}}
-{{#webfilter_custom_rules_text}}
-.*{{rule}}.*
-{{/webfilter_custom_rules_text}}
-{{/if_webfilter_custom_rules}}
+++ /dev/null
-#!/opt/cfengine/bin/cf-agent --no-lock
-
-bundle common g
-{
- vars:
- "workdir" string => "/opt/enigmabox/cfengine-promises";
- "network_profile" string => readfile("/etc/enigmabox/network-profile" , "33");
-}
-
-
-
-body common control
-{
- inputs => {
- "$(g.workdir)/lib/files.cf",
- "$(g.workdir)/lib/services.cf",
- "$(g.workdir)/system_base/bundle.cf",
- };
-
- bundlesequence => {
- "system_base",
- };
-}
-
-body perms script
-{
- mode => "755";
-}
-
+++ /dev/null
-############################################################################
-# Copyright (C) CFEngine AS
-#
-# This program is free software; you can redistribute it and/or modify it
-# under the terms of the GNU Lesser General Public License LGPL as published by the
-# Free Software Foundation; version 3.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU General Public License for more details.
-#
-# To the extent this program is licensed as part of the Enterprise
-# versions of CFEngine, the applicable Commercial Open Source License
-# (COSL) may apply to this file if you as a licensee so wish it. See
-# included file COSL.txt.
-###########################################################################
-#
-# CFEngine Community Open Promise-Body Library
-#
-# This initiative started by CFEngine promotes a
-# standardized set of names and promise specifications
-# for template functionality within CFEngine 3.
-#
-# The aim is to promote an industry standard for
-# naming of configuration patterns, leading to a
-# de facto middleware of standardized syntax.
-#
-# Names should be intuitive and parameters should be
-# minimal to assist readability and comprehensibility.
-
-# Contributions to this file are voluntarily given to
-# the cfengine community, and are moderated by CFEngine.
-# No liability or warranty for misuse is implied.
-#
-# If you add to this file, please try to make the
-# contributions "self-documenting". Comments made
-# after the bundle/body statement are retained in
-# the online docs
-#
-
-# For CFEngine Core: 3.6.0 to 3.6.x
-# Bundles
-
-###################################################
-# If you find CFEngine useful, please consider #
-# purchasing a commercial version of the software.#
-###################################################
-
-bundle common bundles_common
-# @ignore
-{
- vars:
- "inputs" slist => { "$(this.promise_dirname)/files.cf" };
-}
-
-body file control
-# @ignore
-{
- inputs => { @(bundles_common.inputs) };
-}
-
-###################################################
-# agent bundles
-###################################################
-
-bundle agent cronjob(commands,user,hours,mins)
-# @brief Defines a cron job for `user`
-#
-# Adds a line to crontab, if necessary.
-#
-# @param commands The commands that should be run
-# @param user The owner of crontab
-# @param hours The hours at which the job should run
-# @param mins The minutes at which the job should run
-#
-# **Example:**
-#
-# ```cf3
-# methods:
-# "cron" usebundle => cronjob("/bin/ls","mark","*","5,10");
-# ```
-{
- vars:
- SuSE::
- "crontab" string => "/var/spool/cron/tabs";
- redhat|fedora::
- "crontab" string => "/var/spool/cron";
- freebsd::
- "crontab" string => "/var/cron/tabs";
- !(SuSE|redhat|fedora|freebsd)::
- "crontab" string => "/var/spool/cron/crontabs";
-
- files:
-
- !windows::
- "$(crontab)/$(user)"
-
- comment => "A user's regular batch jobs are added to this file",
- create => "true",
- edit_line => append_if_no_line("$(mins) $(hours) * * * $(commands)"),
- perms => mo("600","$(user)"),
- classes => if_repaired("changed_crontab");
-
- processes:
-
- changed_crontab::
- "cron"
- comment => "Most crons need to be huped after file changes",
- signals => { "hup" };
-
-}
-
-bundle agent rm_rf(name)
-# @brief recursively remove `name` to any depth, including base
-# @depends rm_rf_depth
-# @param name the file or directory name
-#
-# This bundle will remove `name` to any depth, including `name` itself.
-#
-# **Example:**
-#
-# ```cf3
-# methods:
-# "bye" usebundle => rm_rf("/var/tmp/oldstuff");
-# ```
-{
- methods:
- "rm" usebundle => rm_rf_depth($(name),"inf");
-
-}
-
-bundle agent rm_rf_depth(name,depth)
-# @brief recursively remove `name` to depth `depth`, including base
-# @depends recurse_with_base tidy all
-# @param name the file or directory name
-# @param depth how far to descend
-#
-# This bundle will remove `name` to depth `depth`, including `name` itself.
-#
-# **Example:**
-#
-# ```cf3
-# methods:
-# "bye" usebundle => rm_rf_depth("/var/tmp/oldstuff", "100");
-# ```
-{
- classes:
- "isdir" expression => isdir($(name));
- files:
- isdir::
- "$(name)"
- file_select => all,
- depth_search => recurse_with_base($(depth)),
- delete => tidy;
-
- !isdir::
- "$(name)" delete => tidy;
-}
-
-bundle agent fileinfo(f)
-# @brief provide access to file stat fields from the bundle caller and report
-# file stat info for file "f" if "verbose_mode" class is defined
-# @param f file or files to stat
-#
-# **Example:**
-#
-# ```cf3
-# bundle agent example
-# {
-# vars:
-# "files" slist => { "/tmp/example1", "/tmp/example2" };
-#
-# files:
-# "$(files)"
-# create => "true",
-# classes => if_ok("verbose_mode"),
-# comment => "verbose_mode is defined because the fileinfo bundle restricts the report of the file info to verbose mode";
-#
-# "/tmp/example3"
-# create => "true",
-# classes => if_ok("verbose_mode"),
-# comment => "verbose_mode is defined because the fileinfo bundle restricts the report of the file info to verbose mode";
-#
-#
-# methods:
-# "fileinfo" usebundle => fileinfo( @(files) );
-# "fileinfo" usebundle => fileinfo( "/tmp/example3" );
-#
-# reports:
-# "$(this.bundle): $(files): $(fileinfo.fields) = '$(fileinfo.stat[$(files)][$(fileinfo.fields)])'";
-# "$(this.bundle): $(fileinfo.stat[/tmp/example3][size])";
-# "$(this.bundle): $(fileinfo.stat[/tmp/example3][gid])";
-# "$(this.bundle): $(fileinfo.stat[/tmp/example3][uid])";
-# "$(this.bundle): $(fileinfo.stat[/tmp/example3][ino])";
-# "$(this.bundle): $(fileinfo.stat[/tmp/example3][nlink])";
-# "$(this.bundle): $(fileinfo.stat[/tmp/example3][ctime])";
-# "$(this.bundle): $(fileinfo.stat[/tmp/example3][atime])";
-# "$(this.bundle): $(fileinfo.stat[/tmp/example3][mtime])";
-# "$(this.bundle): $(fileinfo.stat[/tmp/example3][mode])";
-# "$(this.bundle): $(fileinfo.stat[/tmp/example3][modeoct])";
-# "$(this.bundle): $(fileinfo.stat[/tmp/example3][permstr])";
-# "$(this.bundle): $(fileinfo.stat[/tmp/example3][permoct])";
-# "$(this.bundle): $(fileinfo.stat[/tmp/example3][type])";
-# "$(this.bundle): $(fileinfo.stat[/tmp/example3][devno])";
-# "$(this.bundle): $(fileinfo.stat[/tmp/example3][dev_minor])";
-# "$(this.bundle): $(fileinfo.stat[/tmp/example3][dev_major])";
-# "$(this.bundle): $(fileinfo.stat[/tmp/example3][basename])";
-# "$(this.bundle): $(fileinfo.stat[/tmp/example3][dirname])";
-# }
-# ```
-{
- vars:
- "fields" slist => splitstring("size,gid,uid,ino,nlink,ctime,atime,mtime,mode,modeoct,permstr,permoct,type,devno,dev_minor,dev_major,basename,dirname,linktarget,linktarget_shallow", ",", 999);
-
- "stat[$(f)][$(fields)]" string => filestat($(f), $(fields));
-
- reports:
- verbose_mode::
- "$(this.bundle): file $(f) has $(fields) = $(stat[$(f)][$(fields)])";
-}
-
-bundle agent logrotate(log_files, max_size, rotate_levels)
-# @brief rotate specified "log_files" larger than "max_size". Keep
-# "rotate_levels" versions of the files before overwriting the oldest one
-# @depends rotate
-# @depends bigger_than
-# @param log_files single file or list of files to evaluate for rotation
-# @param max_size minimum size in bytes that the file will grow to before being rotated
-# @param rotate_levels number of rotations to keep before overwriting the oldest one
-#
-# **Example:**
-#
-# ```cf3
-# bundle agent example
-# {
-# vars:
-# "logdirs" slist => { "/var/log/syslog", "/var/log/maillog"};
-#
-# methods:
-# "logrotate" usebundle => logrotate( @(logdirs), "1M", "2" );
-# "logrotate" usebundle => logrotate( "/var/log/mylog, "1", "5" );
-# "logrotate" usebundle => logrotate( "/var/log/alog, "500k", "7" );
-# }
-# ```
-{
- files:
- "$(log_files)"
- comment => "Rotate file if above specified size",
- rename => rotate("$(rotate_levels)"),
- file_select => bigger_than("$(max_size)");
-}
-
-bundle agent probabilistic_usebundle(probability, bundlename)
-# @brief activate named bundle probabilistically
-# @param probability probability that the named bundle will be activated during
-# a given agent execution
-# @param bundlename the bundle to activate based on the probability
-#
-# **Example:**
-#
-# ```cf3
-# bundle agent example
-# {
-# methods:
-# "Toss Coin"
-# usebundle => probabilistic_usebundle("50", "heads"),
-# comment => "Call bundle heads ~ 50% of the time";
-#
-# "Trick Coin"
-# usebundle => probabilistic_usebundle("75", "heads"),
-# comment => "Call bundle heads ~ 75% of the time";
-# }
-# ```
-{
- classes:
- "fifty_fifty"
- expression => strcmp("$(probability)", "50"),
- comment => "We have to special case 50 because of the way dist classes
- work you would always get 50 defined";
- "not_fifty_fifty" expression => "!fifty_fifty";
- "have_remainder" expression => isvariable("remainder");
-
- fifty_fifty.have_remainder::
- "activate_bundle"
- dist => { "$(probability)000", "$(remainder)"};
-
- not_fifty_fifty.have_remainder::
- "activate_bundle"
- dist => { "$(probability)", "$(remainder)"};
-
- vars:
- fifty_fifty::
- "remainder"
- string => format("%d", eval("((100 - $(probability)) * 1000) +1", "math", "infix"));
-
- not_fifty_fifty::
- "remainder"
- string => format("%d", eval("100 - $(probability)", "math", "infix"));
-
- methods:
- fifty_fifty::
- "Activate bundle probabilistically"
- handle => "probabilistic_usebundle_methods_special_case_fifty_fifty_activate_bundle",
- usebundle => $(bundlename),
- ifvarclass => "activate_bundle_$(probability)000",
- comment => "Activate $(bundlename) $(probability)%ish of the time";
-
- not_fifty_fifty::
- "Activate bundle probabilistically"
- handle => "probabilistic_usebundle_methods_activate_bundle",
- usebundle => $(bundlename),
- ifvarclass => "activate_bundle_$(probability)",
- comment => "Activate $(bundlename) $(probability)% of the time";
-
-
- reports:
- DEBUG.fifty_fifty::
- "$(this.bundle) Special case for 50/50";
-
- "$(this.bundle) activate_bundle_$(probability)000"
- ifvarclass => "activate_bundle_$(probability)000";
-
- "$(this.bundle) activate_bundle_$(probability)001"
- ifvarclass => "activate_bundle_$(probability)001";
-}
-
-bundle agent prunedir(dir, max_days)
-# @brief delete plain files inside "dir" older than "max_days" (not recursively).
-# @depends tidy
-# @depends recurse
-# @depends filetype_older_than
-# @param dir directory to examine for files
-# @param max_days maximum number of days old a files mtime is allowed to before deletion
-#
-# **Example:**
-#
-# ```cf3
-# bundle agent example
-# {
-# vars:
-# "dirs" slist => { "/tmp/logs", "/tmp/logs2" };
-#
-# methods:
-# "prunedir" usebundle => prunedir( @(dirs), "1" );
-# }
-# ```
-{
- files:
- "$(dir)"
- comment => "Delete plain files inside directory older than max_days",
- delete => tidy,
- file_select => filetype_older_than("plain", "$(max_days)"),
- depth_search => recurse("1");
-}
-
-bundle agent tcdb_fix
-# @brief Optimize tcdb and repair tcdb corruption
-#
-# **Example**:
-# ```cf3
-# methods:
-# "Manage Tokyo Cabinet Corruption"
-# usebundle => tcdb_fix,
-# handle => "main_methods_tcdb_fix",
-# comment => "Optimize/Repair or regenerate corrupt tcdb files";
-# ```
-# This bundle works around corruption issues with Tokyo Cabinet database files
-# in CFEngine 3.5. Find all tcdb files in $(sys.workdir) and run tchmgr
-# optimize on them. If any invalid record headers are found we remove the
-# affected database so that it can be re-created. This occurs hourly based on
-# `splayclass` and assumes a 5 minute agent execution interval.
-{
- vars:
-
- linux::
- "db" slist => splitstring( execresult("/usr/bin/find $(sys.workdir) -name '*.tcdb' 2>/dev/null", "useshell"), "\n", "1000");
-
-
- classes:
-
- # NOTE: assumes that CFEngine is set to run every 5 minutes
- "hourly_class" expression => splayclass("$(sys.host)$(sys.ipv4)", "hourly");
-
- hourly_class.linux::
- "detected_invalid_record_$(db)" expression => returnszero("/var/cfengine/bin/tchmgr optimize $(db) 2>&1 | grep -q 'invalid record header'", "useshell");
-
-
- commands:
-
- "$(paths.rm)"
- args => "-f $(db)",
- ifvarclass => canonify("detected_invalid_record_$(db)"),
- classes => scoped_classes_generic("bundle", "absent_$(db)"),
- handle => "fix_tcdb_commands_detected_invalid_record_rm_$(db)",
- comment => "Invalid record headers indicate that the database corruption is beyond repair. It will be automatically re-created.";
-
-
- reports:
-
- "$(this.bundle) $(sys.fqhost): Detected invalid record header in $(db) - tried to repair"
- ifvarclass => canonify("detected_invalid_record_$(db)");
-
- "$(this.bundle) $(sys.fqhost): Repair failed, removed corrupt database: $(db)"
- ifvarclass => canonify("absent_$(db)_repaired");
-}
-
-bundle agent url_ping(host, method, port, uri)
-# @brief ping HOST:PORT/URI using METHOD
-# @param host the host name
-# @param method the HTTP method (HEAD or GET)
-# @param port the port number, e.g. 80
-# @param uri the URI, e.g. /path/to/resource
-#
-# This bundle will send a simple HTTP request and read 20 bytes back,
-# then compare them to `200 OK.*` (ignoring leading spaces).
-#
-# If the data matches, the global class "url_ok_HOST" will be set, where
-# HOST is the canonified host name, i.e. `canonify($(host))`
-#
-# **Example:**
-#
-# ```cf3
-# methods:
-# "check" usebundle => url_ping("cfengine.com", "HEAD", "80", "/bill/was/here");
-# reports:
-# url_ok_cfengine_com::
-# "CFEngine's web site is up";
-# url_not_ok_cfengine_com::
-# "CFEngine's web site *may* be down. Or you're offline.";
-# ```
-{
- vars:
- "url_check" string => readtcp($(host),
- $(port),
- "$(method) $(uri) HTTP/1.1$(const.r)$(const.n)Host:$(host)$(const.r)$(const.n)$(const.r)$(const.n)",
- 20);
-
- "chost" string => canonify($(host));
-
- classes:
- "url_ok_$(chost)"
- scope => "namespace",
- expression => regcmp("[^\n]*200 OK.*\n.*",
- $(url_check));
-
- "url_not_ok_$(chost)"
- scope => "namespace",
- not => regcmp("[^\n]*200 OK.*\n.*",
- $(url_check));
-
- reports:
- verbose_mode::
- "$(this.bundle): $(method) $(host):$(port)/$(uri) got 200 OK"
- ifvarclass => "url_ok_$(chost)";
- "$(this.bundle): $(method) $(host):$(port)/$(uri) did *not* get 200 OK"
- ifvarclass => "url_not_ok_$(chost)";
-}
-
-bundle agent git_init(repo_path)
-# @brief initializes a new git repository if it does not already exist
-# @depends git
-# @param repo_path absolute path of where to initialize a git repository
-#
-# **Example:**
-#
-# ```cf3
-# bundle agent my_git_repositories
-# {
-# vars:
-# "basedir" string => "/var/git";
-# "repos" slist => { "myrepo", "myproject", "myPlugForMoreHaskell" };
-#
-# files:
-# "$(basedir)/$(repos)/."
-# create => "true";
-#
-# methods:
-# "git_init" usebundle => git_init("$(basedir)/$(repos)");
-# }
-# ```
-{
- classes:
- "ok_norepo" not => fileexists("$(repo_path)/.git");
-
- methods:
- ok_norepo::
- "git_init" usebundle => git("$(repo_path)", "init", "");
-}
-
-bundle agent git_add(repo_path, file)
-# @brief adds files to the supplied repository's index
-# @depends git
-# @param repo_path absolute path to a git repository
-# @param file a file to stage in the index
-#
-# **Example:**
-#
-# ```cf3
-# bundle agent add_files_to_git_index
-# {
-# vars:
-# "repo" string => "/var/git/myrepo";
-# "files" slist => { "fileA", "fileB", "fileC" };
-#
-# methods:
-# "git_add" usebundle => git_add("$(repo)", "$(files)");
-# }
-# ```
-{
- classes:
- "ok_repo" expression => fileexists("$(repo_path)/.git");
-
- methods:
- ok_repo::
- "git_add" usebundle => git("$(repo_path)", "add", "$(file)");
-}
-
-bundle agent git_checkout(repo_path, branch)
-# @brief checks out an existing branch in the supplied git repository
-# @depends git
-# @param repo_path absolute path to a git repository
-# @param branch the name of an existing git branch to checkout
-#
-# **Example:**
-#
-# ```cf3
-# bundle agent git_checkout_some_existing_branch
-# {
-# vars:
-# "repo" string => "/var/git/myrepo";
-# "branch" string => "dev/some-topic-branch";
-#
-# methods:
-# "git_checkout" usebundle => git_checkout("$(repo)", "$(branch)");
-# }
-# ```
-{
- classes:
- "ok_repo" expression => fileexists("$(repo_path)/.git");
-
- methods:
- ok_repo::
- "git_checkout" usebundle => git("$(repo_path)", "checkout", "$(branch)");
-}
-
-bundle agent git_checkout_new_branch(repo_path, new_branch)
-# @brief checks out and creates a new branch in the supplied git repository
-# @depends git
-# @param repo_path absolute path to a git repository
-# @param new_branch the name of the git branch to create and checkout
-#
-# **Example:**
-#
-# ```cf3
-# bundle agent git_checkout_new_branches
-# {
-# vars:
-# "repo[myrepo]" string => "/var/git/myrepo";
-# "branch[myrepo]" string => "dev/some-new-topic-branch";
-#
-# "repo[myproject]" string => "/var/git/myproject";
-# "branch[myproject]" string => "dev/another-new-topic-branch";
-#
-# "repo_names" slist => getindices("repo");
-#
-# methods:
-# "git_checkout_new_branch" usebundle => git_checkout_new_branch("$(repo[$(repo_names)])", "$(branch[$(repo_names)])");
-# }
-# ```
-{
- classes:
- "ok_repo" expression => fileexists("$(repo_path)/.git");
-
- methods:
- ok_repo::
- "git_checkout" usebundle => git("$(repo_path)", "checkout -b", "$(branch)");
-}
-
-bundle agent git_commit(repo_path, message)
-# @brief executes a commit to the specificed git repository
-# @depends git
-# @param repo_path absolute path to a git repository
-# @param message the message to associate to the commmit
-#
-# **Example:**
-#
-# ```cf3
-# bundle agent make_git_commit
-# {
-# vars:
-# "repo" string => "/var/git/myrepo";
-# "msg" string => "dituri added some bundles for common git operations";
-#
-# methods:
-# "git_commit" usebundle => git_commit("$(repo)", "$(msg)");
-# }
-# ```
-{
- classes:
- "ok_repo" expression => fileexists("$(repo_path)/.git");
-
- methods:
- ok_repo::
- "git_commit" usebundle => git("$(repo_path)", "commit", '-m "$(message)"');
-}
-
-bundle agent git(repo_path, subcmd, args)
-# @brief generic interface to git
-# @param repo_path absolute path to a new or existing git repository
-# @param subcmd any valid git sub-command
-# @param args a single string of arguments to pass
-#
-# **Example:**
-#
-# ```cf3
-# bundle agent git_rm_files_from_staging
-# {
-# vars:
-# "repo" string => "/var/git/myrepo";
-# "git_cmd" string => "reset --soft";
-# "files" slist => { "fileA", "fileB", "fileC" };
-#
-# methods:
-# "git_reset" usebundle => git("$(repo)", "$(git_cmd)", "HEAD -- $(files)");
-# }
-# ```
-{
- commands:
- "$(paths.path[git])"
- args => "$(subcmd) $(args)",
- contain => in_dir("$(repo_path)");
-}
-
-bundle agent cmerge(varlist)
-# @brief bundle to merge many data containers into one
-# @param varlist a list of variable names (**MUST** be a list)
-#
-# The result will be in `cmerge.all`. You can also use
-# `cmerge.all_str` for a string version of the merged containers.
-#
-# If you merge a key-value map into an array or vice versa, the map
-# always wins. So this example will result in a key-value map even
-# though `cmerge.all` starts as an array.
-#
-# **Example:**
-#
-# ```cf3
-# bundle agent run
-# {
-# vars:
-# # the "mymerge" tag is user-defined
-# "a" data => parsejson('{ "a": "1" }'), meta => { "mymerge" };
-# "b" data => parsejson('{ "b": "2" }'), meta => { "mymerge" };
-# "c" data => parsejson('{ "c": "3" }'), meta => { "mymerge" };
-# "d" data => parsejson('{ "d": "4" }'), meta => { "mymerge" };
-#
-# # you can list them explicitly: "default:run.a" through "default:run.d"
-# "todo" slist => variablesmatching(".*", "mymerge");
-#
-# # you can use cmerge.all_str, but this is how you access the result
-# "merged_str" string => format("%S", "cmerge.all");
-#
-# methods:
-# "go" usebundle => cmerge(@(todo)); # a, b, c, d
-#
-# reports:
-# "merged = $(cmerge.all_str)";
-# }
-# ```
-{
- vars:
- "all" data => parsejson('[]'), policy => "free";
- "all" data => mergedata(all, $(varlist)), policy => "free"; # iterates!
- "all_str" string => format("%S", all), policy => "free";
-}
+++ /dev/null
-############################################################################
-# Copyright (C) CFEngine AS
-#
-# This program is free software; you can redistribute it and/or modify it
-# under the terms of the GNU Lesser General Public License LGPL as published by the
-# Free Software Foundation; version 3.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU General Public License for more details.
-#
-# To the extent this program is licensed as part of the Enterprise
-# versions of CFEngine, the applicable Commercial Open Source License
-# (COSL) may apply to this file if you as a licensee so wish it. See
-# included file COSL.txt.
-###########################################################################
-#
-# CFEngine Community Open Promise-Body Library
-#
-# This initiative started by CFEngine promotes a
-# standardized set of names and promise specifications
-# for template functionality within CFEngine 3.
-#
-# The aim is to promote an industry standard for
-# naming of configuration patterns, leading to a
-# de facto middleware of standardized syntax.
-#
-# Names should be intuitive and parameters should be
-# minimal to assist readability and comprehensibility.
-
-# Contributions to this file are voluntarily given to
-# the cfengine community, and are moderated by CFEngine.
-# No liability or warranty for misuse is implied.
-#
-# If you add to this file, please try to make the
-# contributions "self-documenting". Comments made
-# after the bundle/body statement are retained in
-# the online docs
-#
-
-# For CFEngine Core: 3.6.0 to 3.6.x
-# Commands bodies
-
-###################################################
-# If you find CFEngine useful, please consider #
-# purchasing a commercial version of the software.#
-###################################################
-
-##-------------------------------------------------------
-## contain
-##-------------------------------------------------------
-
-body contain silent
-# @brief suppress command output
-{
- no_output => "true";
-}
-
-##
-
-body contain in_dir(dir)
-# @brief run command after switching to directory "dir"
-# @param dir directory to change into
-#
-# **Example:**
-#
-# ```cf3
-# commands:
-# "/bin/pwd"
-# contain => in_dir("/tmp");
-# ```
-{
- chdir => "$(dir)";
-}
-
-##
-
-body contain in_dir_shell(dir)
-# @brief run command after switching to directory "dir" with full shell
-# @param dir directory to change into
-#
-# **Example:**
-#
-# ```cf3
-# commands:
-# "/bin/pwd | /bin/cat"
-# contain => in_dir_shell("/tmp");
-# ```
-{
- chdir => "$(dir)";
- useshell => "true"; # canonical "useshell" but this is backwards-compatible
-}
-
-##
-
-body contain silent_in_dir(dir)
-# @brief run command after switching to directory and suppress output
-# @param dir directory to change into
-#
-# **Example:**
-#
-# ```cf3
-# "/bin/pwd"
-# contain => silent_in_dir("/tmp");
-# ```
-{
- chdir => "$(dir)";
- no_output => "true";
-}
-
-##
-
-body contain in_shell
-# @brief run command in shell
-#
-# **Example:**
-#
-# ```cf3
-# commands:
-# "/bin/pwd | /bin/cat"
-# contain => in_shell;
-# ```
-{
- useshell => "true"; # canonical "useshell" but this is backwards-compatible
-}
-
-##
-
-body contain in_shell_bg
-# @brief deprecated
-# This bundle previously had an invalid background attribute that was caught by
-# parser strictness enhancements. Backgrounding is handeled by the body action
-# background attribute.
-{
- useshell => "true"; # canonical "useshell" but this is backwards-compatible
-}
-
-##
-
-body contain in_shell_and_silent
-# @brief run command in shell and suppress output
-#
-# **Example:**
-#
-# ```cf3
-# commands:
-# "/bin/pwd | /bin/cat"
-# contain => in_shell_and_silent,
-# comment => "Silently run command in shell";
-# ```
-{
- useshell => "true"; # canonical "useshell" but this is backwards-compatible
- no_output => "true";
-}
-
-##
-
-body contain in_dir_shell_and_silent(dir)
-# @brief run command in shell after switching to 'dir' and suppress output
-# @param dir directory to change into
-#
-# **Example:**
-#
-# ```cf3
-# commands:
-# "/bin/pwd | /bin/cat"
-# contain => in_dir_shell_and_silent("/tmp"),
-# comment => "Silently run command in shell";
-# ```
-
-{
- useshell => "true"; # canonical "useshell" but this is backwards-compatible
- no_output => "true";
- chdir => "$(dir)";
-}
-
-##
-
-body contain setuid(owner)
-# @brief run command as specified user
-# @param owner username or uid to run command as
-#
-# **Example:**
-#
-# ```cf3
-# commands:
-# "/usr/bin/id"
-# contain => setuid("apache");
-# "/usr/bin/id"
-# contain => setuid("503");
-# ```
-{
- exec_owner => "$(owner)";
-}
-
-##
-
-body contain setuid_sh(owner)
-# @brief run command as specified user in shell
-# @param owner username or uid to run command as
-#
-# **Example:**
-#
-# ```cf3
-# commands:
-# "/usr/bin/id | /bin/cat"
-# contain => setuid("apache");
-# "/usr/bin/id | /bin/cat"
-# contain => setuid("503");
-# ```
-{
- exec_owner => "$(owner)";
- useshell => "true"; # canonical "useshell" but this is backwards-compatible
-}
-
-##
-
-body contain setuidgid_sh(owner,group)
-# @brief run command as specified owner and group in shell
-# @param owner username or uid to run command as
-# @param group groupname or gid to run command as
-{
- exec_owner => "$(owner)";
- exec_group => "$(group)";
- useshell => "true"; # canonical "useshell" but this is backwards-compatible
-}
-
-##
-
-body contain jail(owner,jail_root,dir)
-# @brief run command as specified user in specified directory of jail
-# @param owner username or uid to run command as
-# @param jail_root path that will be the root directory for the process
-# @param dir directory to change to before running command (must be within 'jail_root')
-{
- exec_owner => "$(owner)";
- useshell => "true"; # canonical "useshell" but this is backwards-compatible
- chdir => "$(dir)";
- chroot => "$(jail_root)";
-}
-
-##
-
-body contain setuid_umask(owner, umask)
-# @brief run command as specified user with umask
-#
-#
-# | Valid Values | Umask | Octal (files) | Symbolic (files) | Octal (dirs) | Symbolic (dirs) |
-# |--------------|-------|-------|-------------|-------|-------------|
-# | `0` | `000` | `666` | `(rw-rw-rw-)` | `777` | `(rwxrwxrwx)` |
-# | `002` | `002` | `664` | `(rw-rw-r--)` | `775` | `(rwxrwxr-x)` |
-# | `22`, `022` | `022` | `644` | `(rw-r--r--)` | `755` | `(rwxr-xr-x)` |
-# | `27`, `027` | `027` | `640` | `(rw-r-----)` | `750` | `(rwxr-x---)` |
-# | `77`, `077` | `077` | `600` | `(rw-------)` | `700` | `(rwx------)` |
-# | `72`, `072` | `072` | `604` | `(rw----r--)` | `705` | `(rwx---r-x)` |
-#
-# @param owner username or uid to run command as
-# @param umask controls permissions of created files and directories
-#
-# **Example:**
-#
-# ```cf3
-# commands:
-# "/usr/bin/git pull"
-# contain => setuid_umask("git", "022");
-# ```
-{
- exec_owner => "$(owner)";
- umask => "$(umask)";
-}
-
-# temporarily adding the "_dc_" prefix
-body contain _dc_setuid_gid_umask(uid, gid, umask)
-# @brief run command as specified user with umask
-#
-#
-# | Valid Values | Umask | Octal (files) | Symbolic (files) | Octal (dirs) | Symbolic (dirs) |
-# |--------------|-------|-------|-------------|-------|-------------|
-# | `0` | `000` | `666` | `(rw-rw-rw-)` | `777` | `(rwxrwxrwx)` |
-# | `002` | `002` | `664` | `(rw-rw-r--)` | `775` | `(rwxrwxr-x)` |
-# | `22`, `022` | `022` | `644` | `(rw-r--r--)` | `755` | `(rwxr-xr-x)` |
-# | `27`, `027` | `027` | `640` | `(rw-r-----)` | `750` | `(rwxr-x---)` |
-# | `77`, `077` | `077` | `600` | `(rw-------)` | `700` | `(rwx------)` |
-# | `72`, `072` | `072` | `604` | `(rw----r--)` | `705` | `(rwx---r-x)` |
-#
-# @param uid username or uid to run command as
-# @param gid group name or gid to run command as
-# @param umask controls permissions of created files and directories
-#
-# **Example:**
-#
-# ```cf3
-# commands:
-# "/usr/bin/git pull"
-# contain => setuid_gid_umask("git", "minions", "022");
-# ```
-{
- exec_owner => "$(uid)";
- exec_group => "$(uid)";
- umask => "$(umask)";
-}
+++ /dev/null
-############################################################################
-# Copyright (C) CFEngine AS
-#
-# This program is free software; you can redistribute it and/or modify it
-# under the terms of the GNU Lesser General Public License LGPL as published by the
-# Free Software Foundation; version 3.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU General Public License for more details.
-#
-# To the extent this program is licensed as part of the Enterprise
-# versions of CFEngine, the applicable Commercial Open Source License
-# (COSL) may apply to this file if you as a licensee so wish it. See
-# included file COSL.txt.
-###########################################################################
-#
-# CFEngine Community Open Promise-Body Library
-#
-# This initiative started by CFEngine promotes a
-# standardized set of names and promise specifications
-# for template functionality within CFEngine 3.
-#
-# The aim is to promote an industry standard for
-# naming of configuration patterns, leading to a
-# de facto middleware of standardized syntax.
-#
-# Names should be intuitive and parameters should be
-# minimal to assist readability and comprehensibility.
-
-# Contributions to this file are voluntarily given to
-# the cfengine community, and are moderated by CFEngine.
-# No liability or warranty for misuse is implied.
-#
-# If you add to this file, please try to make the
-# contributions "self-documenting". Comments made
-# after the bundle/body statement are retained in
-# the online docs
-#
-
-# For CFEngine Core: 3.6.0 to 3.6.x
-# Common bodies
-
-###################################################
-# If you find CFEngine useful, please consider #
-# purchasing a commercial version of the software.#
-###################################################
-
-####################################################
-## agent bodyparts
-####################################################
-
-##-------------------------------------------------------
-## action
-##-------------------------------------------------------
-
-body action if_elapsed(x)
-# @brief Evaluate the promise every `x` minutes
-# @param x The time in minutes between promise evaluations
-{
- ifelapsed => "$(x)";
- expireafter => "$(x)";
-}
-
-##
-
-body action if_elapsed_day
-# @brief Evalute the promise once every 24 hours
-{
- ifelapsed => "1440"; # 60 x 24
- expireafter => "1400";
-}
-
-##
-
-body action measure_performance(x)
-# @brief Measure repairs of the promiser every `x` minutes
-#
-# Repair-attempts are cancelled after `x` minutes.
-#
-# @param x The time in minutes between promise evaluations.
-{
- measurement_class => "Detect changes in $(this.promiser)";
- ifelapsed => "$(x)";
- expireafter => "$(x)";
-}
-
-##
-
-body action warn_only
-# @brief Warn once an hour if the promise needs to be repaired
-#
-# The promise does not get repaired.
-{
- action_policy => "warn";
- ifelapsed => "60";
-}
-
-##
-
-body action bg(elapsed,expire)
-# @brief Evaluate the promise in the background every `elapsed` minutes, for at most `expire` minutes
-# @param elapsed The time in minutes between promise evaluations
-# @param expire The time in minutes after which a repair-attempt gets cancelled
-{
- ifelapsed => "$(elapsed)";
- expireafter => "$(expire)";
- background => "true";
-}
-
-##
-
-body action ifwin_bg
-# @brief Evaluate the promise in the background when running on Windows
-{
- windows::
- background => "true";
-}
-
-##
-
-body action immediate
-# @brief Evaluate the promise at every `cf-agent` execution.
-{
- ifelapsed => "0";
-}
-
-##
-
-body action policy(p)
-# @brief Set the `action_policy` to `p`
-# @param p The action policy
-{
- action_policy => "$(p)";
-}
-
-##
-
-body action log_repaired(log,message)
-# @brief Log `message` to a file `log`=[/file|stdout]
-# @param log The log file for repaired messages
-# @param message The log message
-{
- log_string => "$(sys.date), $(message)";
- log_repaired => "$(log)";
-}
-
-###
-
-body action log_verbose
-# @brief Sets the `log_level` attribute to "verbose"
-{
- log_level => "verbose";
-}
-
-##
-
-body action sample_rate(x)
-# @brief Evaluate the promise every `x` minutes,
-# A repair-attempt is cancelled after 10 minutes
-# @param x The time in minutes between promise evaluation
-{
- ifelapsed => "$(x)";
- expireafter => "10";
-}
-
-##-------------------------------------------------------
-## classes
-##-------------------------------------------------------
-
-body classes if_repaired(x)
-# @brief Define class `x` if the promise has been repaired
-# @param x The name of the class
-{
- promise_repaired => { "$(x)" };
-}
-
-##
-
-body classes if_else(yes,no)
-# @brief Define the classes `yes` or `no` depending on promise outcome
-# @param yes The name of the class that should be defined if the promise is kept or repaired
-# @param no The name of the class that should be defined if the promise could not be repaired
-{
- promise_kept => { "$(yes)" };
- promise_repaired => { "$(yes)" };
- repair_failed => { "$(no)" };
- repair_denied => { "$(no)" };
- repair_timeout => { "$(no)" };
-}
-
-##
-
-body classes cf2_if_else(yes,no)
-# @brief Define the classes `yes` or `no`, depending on promise outcome
-#
-# A version of `if_else` that matches CFEngine2 semantics. Neither class is set if the promise
-# does not require any repair.
-#
-# @param yes The name of the class that should be defined if the promise is repaired
-# @param no The name of the class that should be defind if teh promise could not be repaired
-{
- promise_repaired => { "$(yes)" };
- repair_failed => { "$(no)" };
- repair_denied => { "$(no)" };
- repair_timeout => { "$(no)" };
-}
-
-##
-
-body classes if_notkept(x)
-# @brief Define the class `x` if the promise is not kept and cannot be repaired.
-# @param x The name of the class that should be defined
-{
- repair_failed => { "$(x)" };
- repair_denied => { "$(x)" };
- repair_timeout => { "$(x)" };
-}
-
-##
-
-body classes if_ok(x)
-# @brief Define the class `x` if the promise is kept or could be repaired
-# @param x The name of the class that should be defined
-{
- promise_repaired => { "$(x)" };
- promise_kept => { "$(x)" };
-}
-
-##
-
-body classes if_ok_cancel(x)
-# @brief Cancel the class `x` if the promise ks kept or repaired
-# @param x The name of the class that should be cancelled
-{
- cancel_repaired => { "$(x)" };
- cancel_kept => { "$(x)" };
-}
-
-##
-
-body classes cmd_repair(code,cl)
-# @brief Define the class `cl` if an external command in a `commands`, `file` or `packages`
-# promise is executed with return code `code`
-# @param code The return codes that indicate a successful repair
-# @param cl The name of the class that should be defined
-#
-# **See also:** `repaired_returncodes`
-{
- repaired_returncodes => { "$(code)" };
- promise_repaired => { "$(cl)" };
-}
-
-body classes classes_generic(x)
-# @brief Define `x` prefixed/suffixed with promise outcome
-# @param x The unique part of the classes to be defined
-{
- promise_repaired => { "promise_repaired_$(x)", "$(x)_repaired", "$(x)_ok", "$(x)_reached" };
- repair_failed => { "repair_failed_$(x)", "$(x)_failed", "$(x)_not_ok", "$(x)_not_kept", "$(x)_not_repaired", "$(x)_reached" };
- repair_denied => { "repair_denied_$(x)", "$(x)_denied", "$(x)_not_ok", "$(x)_not_kept", "$(x)_not_repaired", "$(x)_reached" };
- repair_timeout => { "repair_timeout_$(x)", "$(x)_timeout", "$(x)_not_ok", "$(x)_not_kept", "$(x)_not_repaired", "$(x)_reached" };
- promise_kept => { "promise_kept_$(x)", "$(x)_kept", "$(x)_ok", "$(x)_not_repaired", "$(x)_reached" };
-}
-
-body classes scoped_classes_generic(scope, x)
-# @brief Define `x` prefixed/suffixed with promise outcome
-# **See also:** `scope`
-#
-# @param scope The scope in which the class should be defined
-# @param x The unique part of the classes to be defined
-{
- scope => "$(scope)";
- promise_repaired => { "promise_repaired_$(x)", "$(x)_repaired", "$(x)_ok", "$(x)_reached" };
- repair_failed => { "repair_failed_$(x)", "$(x)_failed", "$(x)_not_ok", "$(x)_not_kept", "$(x)_not_repaired", "$(x)_reached" };
- repair_denied => { "repair_denied_$(x)", "$(x)_denied", "$(x)_not_ok", "$(x)_not_kept", "$(x)_not_repaired", "$(x)_reached" };
- repair_timeout => { "repair_timeout_$(x)", "$(x)_timeout", "$(x)_not_ok", "$(x)_not_kept", "$(x)_not_repaired", "$(x)_reached" };
- promise_kept => { "promise_kept_$(x)", "$(x)_kept", "$(x)_ok", "$(x)_not_repaired", "$(x)_reached" };
-}
-
-##-------------------------------------------------------
-## Persistent classes
-##-------------------------------------------------------
-
-body classes state_repaired(x)
-# @brief Define `x` for 10 minutes if the promise was repaired
-# @param x The name of the class that should be defined
-{
- promise_repaired => { "$(x)" };
- persist_time => "10";
-}
-
-##
-
-body classes enumerate(x)
-# @brief Define `x` for 15 minutes if the promise is either kept or repaired
-# This is used by commercial editions to count instances of jobs in a cluster
-# @param x The unqiue part of the class that should be defind
-# The class defined is prefixed with `mXC_`
-{
- promise_repaired => { "mXC_$(x)" };
- promise_kept => { "mXC_$(x)" };
- persist_time => "15";
-}
-
-##
-
-body classes always(x)
-# @brief Define class `x` no matter what the outcome of the promise is
-# @param x The name of the class to be defined
-{
- promise_repaired => { "$(x)" };
- promise_kept => { "$(x)" };
- repair_failed => { "$(x)" };
- repair_denied => { "$(x)" };
- repair_timeout => { "$(x)" };
-}
+++ /dev/null
-############################################################################
-# Copyright (C) CFEngine AS
-#
-# This program is free software; you can redistribute it and/or modify it
-# under the terms of the GNU Lesser General Public License LGPL as published by the
-# Free Software Foundation; version 3.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU General Public License for more details.
-#
-# To the extent this program is licensed as part of the Enterprise
-# versions of CFEngine, the applicable Commercial Open Source License
-# (COSL) may apply to this file if you as a licensee so wish it. See
-# included file COSL.txt.
-###########################################################################
-#
-# CFEngine Community Open Promise-Body Library
-#
-# This initiative started by CFEngine promotes a
-# standardized set of names and promise specifications
-# for template functionality within CFEngine 3.
-#
-# The aim is to promote an industry standard for
-# naming of configuration patterns, leading to a
-# de facto middleware of standardized syntax.
-#
-# Names should be intuitive and parameters should be
-# minimal to assist readability and comprehensibility.
-
-# Contributions to this file are voluntarily given to
-# the cfengine community, and are moderated by CFEngine.
-# No liability or warranty for misuse is implied.
-#
-# If you add to this file, please try to make the
-# contributions "self-documenting". Comments made
-# after the bundle/body statement are retained in
-# the online docs
-#
-
-# For CFEngine Core: 3.6.0 to 3.6.x
-# Databases bodies
-
-###################################################
-# If you find CFEngine useful, please consider #
-# purchasing a commercial version of the software.#
-###################################################
-
-##-------------------------------------------------------
-## database promises
-##-------------------------------------------------------
-
-body database_server local_mysql(username, password)
-# @brief Defines a MySQL server running on localhost
-# @param username The username for the server connection
-# @param password The password for the server connection
-#
-# **See also:** `db_server_owner`, `db_server_password`
-{
- db_server_owner => "$(username)";
- db_server_password => "$(password)";
- db_server_host => "localhost";
- db_server_type => "mysql";
- db_server_connection_db => "mysql";
-}
-
-##
-
-body database_server local_postgresql(username, password)
-# @brief Defines a PostgreSQL server running on localhost
-# @param username The username for the server connection
-# @param password The password for the server connection
-#
-# **See also:** `db_server_owner`, `db_server_password`
-{
- db_server_owner => "$(username)";
- db_server_password => "$(password)";
- db_server_host => "localhost";
- db_server_type => "postgres";
- db_server_connection_db => "postgres";
-}
+++ /dev/null
-bundle agent feature
-# @brief Finds feature_set_X and feature_unset_X classes and sets/unsets X persistently
-#
-# Finds all classes named `feature_unset_X` and clear class X.
-#
-# Finds all classes named `feature_set_DURATION_X` and sets class X
-# persistently for DURATION. DURATION can be any digits followed by
-# `k`, `m`, or `g`.
-#
-# In inform mode (`-I`) it will report what it does.
-#
-# **Example:**
-# Set class `xyz` for 10 minutes, class `qpr` for 100 minutes, and
-# `ijk` for 90m minutes. Unset class `abc`.
-# `cf-agent -I -f ./feature.cf -b feature -Dfeature_set_10_xyz,feature_set_100_qpr,feature_set_90m_ijk,feature_unset_abc`
-{
- classes:
- "parsed_$(on)" expression => regextract("feature_set_([0-9]+[kmgKMG]?)_(.*)",
- $(on),
- "extract_$(on)");
-
- "parsed_$(off)" expression => regextract("feature_unset_(.*)",
- $(off),
- "extract_$(off)");
-
- "$(extract_$(on)[2])" expression => "parsed_$(on)",
- persistence => "$(extract_$(on)[1])";
-
- vars:
- "on" slist => classesmatching("feature_set_.*");
- "off" slist => classesmatching("feature_unset_.*");
-
- "_$(off)" string => "off", classes => feature_cancel("$(extract_$(off)[1])");
-
- reports:
- inform_mode::
- "$(this.bundle): $(on) => SET class '$(extract_$(on)[2]) for '$(extract_$(on)[1])'"
- ifvarclass => "parsed_$(on)";
-
- "$(this.bundle): $(off) => UNSET class '$(extract_$(off)[1])'"
- ifvarclass => "parsed_$(off)";
-
- "$(this.bundle): have $(extract_$(on)[2])" ifvarclass => "$(extract_$(on)[2])";
- "$(this.bundle): have no $(extract_$(on)[2])" ifvarclass => "!$(extract_$(on)[2])";
-
- "$(this.bundle): have $(extract_$(off)[1])" ifvarclass => "$(extract_$(off)[1])";
- "$(this.bundle): have no $(extract_$(off)[1])" ifvarclass => "!$(extract_$(off)[1])";
-}
-
-bundle agent feature_test
-# @brief Finds feature_set_X and feature_unset_X classes and reports X
-#
-# Note that this bundle is intended to be used exactly like `feature`
-# and just show what's defined or undefined.
-#
-# **Example:**
-# Check classes `xyz`, `qpr`, `ijk`, and `abc`.
-# `cf-agent -I -f ./feature.cf -b feature_test -Dfeature_set_10_xyz,feature_set_100_qpr,feature_set_90m_ijk,feature_unset_abc`
-{
- classes:
- "parsed_$(on)" expression => regextract("feature_set_([0-9]+[kmgKMG]?)_(.*)",
- $(on),
- "extract_$(on)");
-
- "parsed_$(off)" expression => regextract("feature_unset_(.*)",
- $(off),
- "extract_$(off)");
-
- vars:
- "on" slist => classesmatching("feature_set_.*");
- "off" slist => classesmatching("feature_unset_.*");
-
- reports:
- "$(this.bundle): have $(extract_$(on)[2])" ifvarclass => "$(extract_$(on)[2])";
- "$(this.bundle): have no $(extract_$(on)[2])" ifvarclass => "!$(extract_$(on)[2])";
-
- "$(this.bundle): have $(extract_$(off)[1])" ifvarclass => "$(extract_$(off)[1])";
- "$(this.bundle): have no $(extract_$(off)[1])" ifvarclass => "!$(extract_$(off)[1])";
-}
-
-body classes feature_cancel(x)
-# @ignore
-# Used internally by bundle `feature`
-{
- cancel_kept => { "$(x)" };
- cancel_repaired => { "$(x)" };
-}
+++ /dev/null
-############################################################################
-# Copyright (C) CFEngine AS
-#
-# This program is free software; you can redistribute it and/or modify it
-# under the terms of the GNU Lesser General Public License LGPL as published by the
-# Free Software Foundation; version 3.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU General Public License for more details.
-#
-# To the extent this program is licensed as part of the Enterprise
-# versions of CFEngine, the applicable Commercial Open Source License
-# (COSL) may apply to this file if you as a licensee so wish it. See
-# included file COSL.txt.
-###########################################################################
-#
-# CFEngine Community Open Promise-Body Library
-#
-# This initiative started by CFEngine promotes a
-# standardized set of names and promise specifications
-# for template functionality within CFEngine 3.
-#
-# The aim is to promote an industry standard for
-# naming of configuration patterns, leading to a
-# de facto middleware of standardized syntax.
-#
-# Names should be intuitive and parameters should be
-# minimal to assist readability and comprehensibility.
-
-# Contributions to this file are voluntarily given to
-# the cfengine community, and are moderated by CFEngine.
-# No liability or warranty for misuse is implied.
-#
-# If you add to this file, please try to make the
-# contributions "self-documenting". Comments made
-# after the bundle/body statement are retained in
-# the online docs
-#
-
-# For CFEngine Core: 3.6.0 to 3.6.x
-# Files bodies
-
-###################################################
-# If you find CFEngine useful, please consider #
-# purchasing a commercial version of the software.#
-###################################################
-
-bundle common files_common
-# @ignore
-{
- vars:
- "inputs" slist => { "$(this.promise_dirname)/common.cf" };
-}
-
-body file control
-# @ignore
-{
- inputs => { @(files_common.inputs) };
-}
-
-###################################################
-# edit_line bundles
-###################################################
-
-bundle edit_line insert_lines(lines)
-# @brief Append `lines` if they don't exist in the file
-# @param lines The lines to be appended
-#
-# **See also:** [`insert_lines`][insert_lines] in
-# [`edit_line`][bundle edit_line]
-{
- insert_lines:
-
- "$(lines)"
- comment => "Append lines if they don't exist";
-}
-
-##
-
-bundle edit_line insert_file(templatefile)
-# @brief Reads the lines from `templatefile` and inserts those into the
-# file being edited.
-# @param templatefile The name of the file from which to import lines.
-{
- insert_lines:
-
- "$(templatefile)"
- comment => "Insert the template file into the file being edited",
- insert_type => "file";
-}
-
-##
-
-bundle edit_line comment_lines_matching(regex,comment)
-# @brief Comment lines in the file that matching an [anchored] regex
-# @param regex Anchored regex that the entire line needs to match
-# @param comment A string that is prepended to matching lines
-{
- replace_patterns:
-
- "^($(regex))$"
-
- replace_with => comment("$(comment)"),
- comment => "Search and replace string";
-}
-
-##
-
-bundle edit_line uncomment_lines_matching(regex,comment)
-# @brief Uncomment lines of the file where the regex matches
-# the entire text after the comment string
-# @param regex The regex that lines need to match after `comment`
-# @param comment The prefix of the line that is removed
-{
- replace_patterns:
-
- "^$(comment)\s?($(regex))$"
-
- replace_with => uncomment,
- comment => "Uncomment lines matching a regular expression";
-}
-
-##
-
-bundle edit_line comment_lines_containing(regex,comment)
-# @brief Comment lines of the file matching a regex
-# @param regex A regex that a part of the line needs to match
-# @param comment A string that is prepended to matching lines
-{
- replace_patterns:
-
- "^((?!$(comment)).*$(regex).*)$"
-
- replace_with => comment("$(comment)"),
- comment => "Comment out lines in a file";
-}
-
-##
-
-bundle edit_line uncomment_lines_containing(regex,comment)
-# @brief Uncomment lines of the file where the regex matches
-# parts of the text after the comment string
-# @param regex The regex that lines need to match after `comment`
-# @param comment The prefix of the line that is removed
-{
- replace_patterns:
-
- "^$(comment)\s?(.*$(regex).*)$"
-
- replace_with => uncomment,
- comment => "Uncomment a line containing a fragment";
-}
-
-##
-
-bundle edit_line delete_lines_matching(regex)
-# @brief Delete lines matching a regular expression
-# @param regex The regular expression that the lines need to match
-{
- delete_lines:
-
- "$(regex)"
-
- comment => "Delete lines matching regular expressions";
-}
-
-##
-
-bundle edit_line warn_lines_matching(regex)
-# @brief Warn about lines matching a regular expression
-# @param regex The regular expression that the lines need to match
-{
- delete_lines:
-
- "$(regex)"
-
- comment => "Warn about lines in a file",
- action => warn_only;
-}
-
-##
-
-# temporarily adding the "_dc_" prefix
-bundle edit_line _dc_prepend_if_no_line(string)
-# @brief Prepend `string` if it doesn't exist in the file
-# @param string The string to be prepended
-#
-# **See also:** [`insert_lines`][insert_lines] in
-# [`edit_line`][bundle edit_line]
-{
- insert_lines:
- "$(string)"
- location => start,
- comment => "Prepend a line to the file if it doesn't already exist";
-}
-
-bundle edit_line append_if_no_line(str)
-# @ignore
-# This duplicates the insert_lines bundle
-{
- insert_lines:
-
- "$(str)"
-
- comment => "Append a line to the file if it doesn't already exist";
-}
-
-##
-
-bundle edit_line append_if_no_lines(list)
-# @ignore
-# This duplicates the insert_lines bundle
-{
- insert_lines:
-
- "$(list)"
-
- comment => "Append lines to the file if they don't already exist";
-}
-
-##
-
-bundle edit_line replace_line_end(start,end)
-# @brief Give lines starting with `start` the ending given in `end`
-#
-# Whitespaces will be left unmodified. For example,
-# `replace_line_end("ftp", "2121/tcp")` would replace
-#
-# `"ftp 21/tcp"`
-#
-# with
-#
-# `"ftp 2121/tcp"`
-#
-# @param start The string lines have to start with
-# @param end The string lines should end with
-{
- field_edits:
-
- "\s*$(start)\s.*"
- comment => "Replace lines with $(this.start) and $(this.end)",
- edit_field => line("(^|\s)$(start)\s*", "2", "$(end)","set");
-}
-
-##
-
-bundle edit_line append_to_line_end(start,end)
-# @brief Append `end` to any lines beginning with `start`
-#
-# `end` will be appended to all lines starting with `start` and not
-# already ending with `end`. Whitespaces will be left unmodified.
-#
-# For example, `append_to_line_end("kernel", "vga=791")` would replace
-# `kernel /boot/vmlinuz root=/dev/sda7`
-#
-# with
-#
-# `kernel /boot/vmlinuz root=/dev/sda7 vga=791`
-#
-# **WARNING**: Be careful not to have multiple promises matching the same line, which would result in the line growing indefinitely.
-#
-# @param start pattern to match lines of interest
-# @param end string to append to matched lines
-#
-# **Example:**
-#
-# ```cf3
-# files:
-# "/tmp/boot-options" edit_line => append_to_line_end("kernel", "vga=791");
-# ```
-#
-{
- field_edits:
-
- "\s*$(start)\s.*"
- comment => "Append lines with $(this.start) and $(this.end)",
- edit_field => line("(^|\s)$(start)\s*", "2", "$(end)","append");
-}
-
-##
-
-bundle edit_line regex_replace(find,replace)
-# @brief Find exactly a regular expression and replace exactly the match with a string.
-# You can think of this like a PCRE powered sed.
-# @param find The regular expression
-# @param replace The replacement string
-{
- replace_patterns:
-
- "$(find)"
- replace_with => value("$(replace)"),
- comment => "Search and replace string";
-}
-
-##
-
-bundle edit_line resolvconf(search,list)
-# @brief Adds search domains and name servers to the system
-# resolver configuration.
-#
-# Use this bundle to modify `resolv.conf`. Existing entries for
-# `search` and `nameserver` are replaced.
-#
-# @param search The search domains with space
-# @param list An slist of nameserver addresses
-{
- delete_lines:
-
- "search.*" comment => "Reset search lines from resolver";
- "nameserver.*" comment => "Reset nameservers in resolver";
-
- insert_lines:
-
- "search $(search)" comment => "Add search domains to resolver";
- "nameserver $(list)" comment => "Add name servers to resolver";
-}
-
-##
-
-bundle edit_line resolvconf_o(search,list,options)
-# @brief Adds search domains, name servers and options to the system
-# resolver configuration.
-#
-# Use this bundle to modify `resolv.conf`. Existing entries for
-# `search`, `nameserver` and `options` are replaced.
-#
-# @param search The search domains with space
-# @param list An slist of nameserver addresses
-# @param options is an slist of variables to modify the resolver
-
-{
- delete_lines:
-
- "search.*" comment => "Reset search lines from resolver";
- "nameserver.*" comment => "Reset nameservers in resolver";
- "options.*" comment => "Reset options in resolver";
-
- insert_lines:
-
- "search $(search)" comment => "Add search domains to resolver";
- "nameserver $(list)" comment => "Add name servers to resolver";
- "options $(options)" comment => "Add options to resolver";
-}
-
-##
-
-bundle edit_line manage_variable_values_ini(tab, sectionName)
-# @brief Sets the RHS of configuration items in the file of the form
-# `LHS=RHS`
-#
-# If the line is commented out with `#`, it gets uncommented first.
-# Adds a new line if none exists.
-# Removes any variable value pairs not defined for the ini section.
-#
-# @param tab An associative array containing `tab[sectionName][LHS]="RHS"`.
-# The value is not changed when the `RHS` is "dontchange"
-# @param sectionName The section in the file within which values should be
-# modified
-#
-# **See also:** `set_variable_values_ini()`
-{
- vars:
- "index" slist => getindices("$(tab)[$(sectionName)]");
-
- # Be careful if the index string contains funny chars
- "cindex[$(index)]" string => canonify("$(index)");
-
- classes:
- "edit_$(cindex[$(index)])" not => strcmp("$($(tab)[$(sectionName)][$(index)])","dontchange"),
- comment => "Create conditions to make changes";
-
- field_edits:
-
- # If the line is there, but commented out, first uncomment it
- "#+\s*$(index)\s*=.*"
- select_region => INI_section("$(sectionName)"),
- edit_field => col("=","1","$(index)","set"),
- ifvarclass => "edit_$(cindex[$(index)])";
-
- # match a line starting like the key something
- "$(index)\s*=.*"
- edit_field => col("=","2","$($(tab)[$(sectionName)][$(index)])","set"),
- select_region => INI_section("$(sectionName)"),
- classes => if_ok("manage_variable_values_ini_not_$(cindex[$(index)])"),
- ifvarclass => "edit_$(cindex[$(index)])";
-
- delete_lines:
- ".*"
- select_region => INI_section("$(sectionName)"),
- comment => "Remove all entries in the region so there are no extra entries";
-
- insert_lines:
- "[$(sectionName)]"
- location => start,
- comment => "Insert lines";
-
- "$(index)=$($(tab)[$(sectionName)][$(index)])"
- select_region => INI_section("$(sectionName)"),
- ifvarclass => "!manage_variable_values_ini_not_$(cindex[$(index)]).edit_$(cindex[$(index)])";
-
-}
-
-##
-
-bundle edit_line set_variable_values_ini(tab, sectionName)
-# @brief Sets the RHS of configuration items in the file of the form
-# `LHS=RHS`
-#
-# If the line is commented out with `#`, it gets uncommented first.
-# Adds a new line if none exists.
-#
-# @param tab An associative array containing `tab[sectionName][LHS]="RHS"`.
-# The value is not changed when the `RHS` is "dontchange"
-# @param sectionName The section in the file within which values should be
-# modified
-#
-# **See also:** `set_variable_values_ini()`
-{
- vars:
- "index" slist => getindices("$(tab)[$(sectionName)]");
-
- # Be careful if the index string contains funny chars
- "cindex[$(index)]" string => canonify("$(index)");
-
- classes:
- "edit_$(cindex[$(index)])" not => strcmp("$($(tab)[$(sectionName)][$(index)])","dontchange"),
- comment => "Create conditions to make changes";
-
- field_edits:
-
- # If the line is there, but commented out, first uncomment it
- "#+\s*$(index)\s*=.*"
- select_region => INI_section("$(sectionName)"),
- edit_field => col("=","1","$(index)","set"),
- ifvarclass => "edit_$(cindex[$(index)])";
-
- # match a line starting like the key something
- "$(index)\s*=.*"
- edit_field => col("=","2","$($(tab)[$(sectionName)][$(index)])","set"),
- select_region => INI_section("$(sectionName)"),
- classes => if_ok("set_variable_values_ini_not_$(cindex[$(index)])"),
- ifvarclass => "edit_$(cindex[$(index)])";
-
- insert_lines:
- "[$(sectionName)]"
- location => start,
- comment => "Insert lines";
-
- "$(index)=$($(tab)[$(sectionName)][$(index)])"
- select_region => INI_section("$(sectionName)"),
- ifvarclass => "!set_variable_values_ini_not_$(cindex[$(index)]).edit_$(cindex[$(index)])";
-
-}
-
-# temporarily adding the "_dc_" prefix
-bundle edit_line _dc_insert_ini_section(name, config)
-# @brief Inserts a INI section with content
-#
-# ```
-# # given an array "barray"
-# files:
-# "myfile.ini" edit_line => insert_innit_section("foo", "barray");
-# ```
-#
-# Inserts a section in an INI file with the given configuration
-# key-values from the array `config`.
-#
-# @param name the name of the INI section
-# @param config The fully-qualified name of an associative array containing `v[LHS]="rhs"`
-{
- vars:
- "k" slist => getindices($(config));
-
- insert_lines:
- "[$(name)]"
- location => start,
- comment => "Prepend a line to the file if it doesn't already exist";
-
- "$(k)=$($(config)[$(k)])";
-}
-
-
-bundle edit_line set_quoted_values(v)
-# @brief Sets the RHS of variables in shell-like files of the form:
-#
-# ```
-# LHS="RHS"
-# ```
-#
-# Adds a new line if no LHS exists, and replaces RHS values if one does exist.
-# If the line is commented out with #, it gets uncommented first.
-#
-# @param v The fully-qualified name of an associative array containing `v[LHS]="rhs"`
-#
-# **Example:**
-#
-# ```cf3
-# vars:
-# "stuff[lhs-1]" string => "rhs1";
-# "stuff[lhs-2]" string => "rhs2";
-#
-# files:
-# "myfile"
-# edit_line => set_quoted_values(stuff)
-# ```
-#
-# **See also:** `set_variable_values()`
-{
- meta:
- "tags"
- slist =>
- {
- "deprecated=3.6.0",
- "deprecation-reason=Generic reimplementation",
- "replaced-by=set_line_based"
- };
-
- vars:
- "index" slist => getindices("$(v)");
- # Be careful if the index string contains funny chars
-
- "cindex[$(index)]" string => canonify("$(index)");
-
- field_edits:
- # If the line is there, but commented out, first uncomment it
- "#+\s*$(index)\s*=.*"
- edit_field => col("=","1","$(index)","set");
-
- # match a line starting like the key = something
- "\s*$(index)\s*=.*"
- edit_field => col("=","2",'"$($(v)[$(index)])"',"set"),
- classes => if_ok("$(cindex[$(index)])_in_file"),
- comment => "Match a line starting like key = something";
-
- insert_lines:
- '$(index)="$($(v)[$(index)])"'
- comment => "Insert a variable definition",
- ifvarclass => "!$(cindex[$(index)])_in_file";
-}
-
-##
-
-bundle edit_line set_variable_values(v)
-# @brief Sets the RHS of variables in files of the form:
-#
-# ```
-# LHS=RHS
-# ```
-#
-# Adds a new line if no LHS exists, and replaces RHS values if one does exist.
-# If the line is commented out with #, it gets uncommented first.
-#
-# @param v The fully-qualified name of an associative array containing `v[LHS]="rhs"`
-#
-# **Example:**
-#
-# ```cf3
-# vars:
-# "stuff[lhs-1]" string => "rhs1";
-# "stuff[lhs-2]" string => "rhs2";
-#
-# files:
-# "myfile"
-# edit_line => set_quoted_values(stuff)
-# ```
-#
-# **See also:** `set_quoted_values()`
-{
- meta:
- "tags"
- slist =>
- {
- "deprecated=3.6.0",
- "deprecation-reason=Generic reimplementation",
- "replaced-by=set_line_based"
- };
-
- vars:
-
- "index" slist => getindices("$(v)");
-
- # Be careful if the index string contains funny chars
-
- "cindex[$(index)]" string => canonify("$(index)");
- "cv" string => canonify("$(v)");
-
- field_edits:
-
- # match a line starting like the key = something
-
- "\s*$(index)\s*=.*"
-
- edit_field => col("\s*$(index)\s*=","2","$($(v)[$(index)])","set"),
- classes => if_ok("$(cv)_$(cindex[$(index)])_in_file"),
- comment => "Match a line starting like key = something";
-
- insert_lines:
-
- "$(index)=$($(v)[$(index)])"
-
- comment => "Insert a variable definition",
- ifvarclass => "!$(cv)_$(cindex[$(index)])_in_file";
-}
-
-bundle edit_line set_config_values(v)
-# @brief Sets the RHS of configuration items in the file of the form:
-#
-# ```
-# LHS RHS
-# ```
-#
-# If the line is commented out with `#`, it gets uncommented first.
-#
-# Adds a new line if none exists.
-#
-# @param v The fully-qualified name of an associative array containing `v[LHS]="rhs"`
-{
- meta:
- "tags"
- slist =>
- {
- "deprecated=3.6.0",
- "deprecation-reason=Generic reimplementation",
- "replaced-by=set_line_based"
- };
-
- vars:
- "index" slist => getindices("$(v)");
-
- # Be careful if the index string contains funny chars
- "cindex[$(index)]" string => canonify("$(index)");
-
- # Escape the value (had a problem with special characters and regex's)
- "ev[$(index)]" string => escape("$($(v)[$(index)])");
-
- # Do we have more than one line commented out?
- "index_comment_matches_$(cindex[$(index)])" int => countlinesmatching("^\s*#\s*($(index)\s+.*|$(index))$","$(edit.filename)");
-
-
- classes:
- # Check to see if this line exists
- "line_exists_$(cindex[$(index)])" expression => regline("^\s*($(index)\s.*|$(index))$","$(edit.filename)");
-
- # if there's more than one comment, just add new (don't know who to use)
- "multiple_comments_$(cindex[$(index)])" expression => isgreaterthan("$(index_comment_matches_$(cindex[$(index)]))","1");
-
-
- replace_patterns:
- # If the line is commented out, uncomment and replace with
- # the correct value
- "^\s*#\s*($(index)\s+.*|$(index))$"
- comment => "Uncommented the value $(index)",
- replace_with => value("$(index) $($(v)[$(index)])"),
- ifvarclass => "!line_exists_$(cindex[$(index)]).!replace_attempted_$(cindex[$(index)]).!multiple_comments_$(cindex[$(index)])",
- classes => always("uncommented_$(cindex[$(index)])");
-
- # If the line is there with the wrong value, replace with
- # the correct value
- "^\s*($(index)\s+(?!$(ev[$(index)])$).*|$(index))$"
- comment => "Correct the value $(index)",
- replace_with => value("$(index) $($(v)[$(index)])"),
- classes => always("replace_attempted_$(cindex[$(index)])");
-
- insert_lines:
- # If the line doesn't exist, or there is more than one occurance
- # of the LHS commented out, insert a new line and try to place it
- # after the commented LHS (keep new line with old comments)
- "$(index) $($(v)[$(index)])"
- comment => "Insert the value, marker exists $(index)",
- location => after("^\s*#\s*($(index)\s+.*|$(index))$"),
- ifvarclass => "replace_attempted_$(cindex[$(index)]).multiple_comments_$(cindex[$(index)])";
-
- # If the line doesn't exist and there are no occurances
- # of the LHS commented out, insert a new line at the eof
- "$(index) $($(v)[$(index)])"
- comment => "Insert the value, marker doesn't exist $(index)",
- ifvarclass => "replace_attempted_$(cindex[$(index)]).!multiple_comments_$(cindex[$(index)])";
-
-}
-
-bundle edit_line set_line_based(v, sep, bp, kp, cp)
-# @brief Sets the RHS of configuration items in the file of the form:
-#
-# ```
-# LHS$(sep)RHS
-# ```
-#
-# Example usage for `x=y` lines (e.g. rsyncd.conf):
-#
-# ```cf3
-# "myfile"
-# edit_line => set_line_based("test.config", "=", "\s*=\s*", ".*", "\s*#\s*");
-# ```
-#
-# Example usage for `x y` lines (e.g. sshd_config):
-#
-# ```cf3
-# "myfile"
-# edit_line => set_line_based("test.config", " ", "\s+", ".*", "\s*#\s*");
-# ```
-#
-# If the line is commented out with `$(cp)`, it gets uncommented first.
-#
-# Adds a new line if none exists or if more than one commented-out
-# possible matches exist.
-#
-# Originally `set_config_values` by Ed King.
-#
-# @param v The fully-qualified name of an associative array containing `v[LHS]="rhs"`
-# @param sep The separator to insert, e.g. ` ` for space-separated
-# @param bp The key-value separation regex, e.g. `\s+` for space-separated
-# @param kp The keys to select from v, use `.*` for all
-# @param cp The comment pattern from line-start, e.g. `\s*#\s*`
-{
- meta:
- "tags"
- slist =>
- {
- "replaces=set_config_values",
- "replaces=set_config_values_matching",
- "replaces=set_variable_values",
- "replaces=set_quoted_values",
- "replaces=maintain_key_values",
- };
-
- vars:
- "vkeys" slist => getindices("$(v)");
- "i" slist => grep($(kp), vkeys);
-
- # Be careful if the index string contains funny chars
- "ci[$(i)]" string => canonify("$(i)");
-
- # Escape the value (had a problem with special characters and regex's)
- "ev[$(i)]" string => escape("$($(v)[$(i)])");
-
- # Do we have more than one line commented out?
- "comment_matches_$(ci[$(i)])"
- int => countlinesmatching("^$(cp)($(i)$(bp).*|$(i))$",
- $(edit.filename));
-
-
- classes:
- # Check to see if this line exists
- "exists_$(ci[$(i)])"
- expression => regline("^\s*($(i)$(bp).*|$(i))$",
- $(edit.filename));
-
- # if there's more than one comment, just add new (don't know who to use)
- "multiple_comments_$(ci[$(i)])"
- expression => isgreaterthan("$(comment_matches_$(ci[$(i)]))",
- "1");
-
-
- replace_patterns:
- # If the line is commented out, uncomment and replace with
- # the correct value
- "^$(cp)($(i)$(bp).*|$(i))$"
- comment => "Uncommented the value $(i)",
- replace_with => value("$(i)$(sep)$($(v)[$(i)])"),
- ifvarclass => "!exists_$(ci[$(i)]).!replace_attempted_$(ci[$(i)]).!multiple_comments_$(ci[$(i)])",
- classes => always("uncommented_$(ci[$(i)])");
-
- # If the line is there with the wrong value, replace with
- # the correct value
- "^\s*($(i)$(bp)(?!$(ev[$(i)])$).*|$(i))$"
- comment => "Correct the value $(i)",
- replace_with => value("$(i)$(sep)$($(v)[$(i)])"),
- classes => always("replace_attempted_$(ci[$(i)])");
-
- insert_lines:
- # If the line doesn't exist, or there is more than one occurance
- # of the LHS commented out, insert a new line and try to place it
- # after the commented LHS (keep new line with old comments)
- "$(i)$(sep)$($(v)[$(i)])"
- comment => "Insert the value, marker exists $(i)",
- location => after("^$(cp)($(i)$(bp).*|$(i))$"),
- ifvarclass => "replace_attempted_$(ci[$(i)]).multiple_comments_$(ci[$(i)])";
-
- # If the line doesn't exist and there are no occurances
- # of the LHS commented out, insert a new line at the eof
- "$(i)$(sep)$($(v)[$(i)])"
- comment => "Insert the value, marker doesn't exist $(i)",
- ifvarclass => "replace_attempted_$(ci[$(i)]).!multiple_comments_$(ci[$(i)])";
-}
-
-bundle edit_line set_config_values_matching(v,pat)
-# @brief Sets the RHS of configuration items in the file of the form
-#
-# ```
-# LHS RHS
-# ```
-#
-# If the line is commented out with `#`, it gets uncommented first.
-# Adds a new line if none exists.
-#
-# @param v the fully-qualified name of an associative array containing v[LHS]="rhs"
-# @param pat Only elements of `v` that match the regex `pat` are use
-{
- meta:
- "tags"
- slist =>
- {
- "deprecated=3.6.0",
- "deprecation-reason=Generic reimplementation",
- "replaced-by=set_line_based"
- };
-
- vars:
- "allparams" slist => getindices("$(v)");
- "index" slist => grep("$(pat)", "allparams");
-
- # Be careful if the index string contains funny chars
- "cindex[$(index)]" string => canonify("$(index)");
-
- replace_patterns:
- # If the line is there, maybe commented out, uncomment and replace with
- # the correct value
- "^\s*($(index)\s+(?!$($(v)[$(index)])).*|# ?$(index)\s+.*)$"
- comment => "Correct the value",
- replace_with => value("$(index) $($(v)[$(index)])"),
- classes => always("replace_attempted_$(cindex[$(index)])");
-
- insert_lines:
- "$(index) $($(v)[$(index)])"
- ifvarclass => "replace_attempted_$(cindex[$(index)])";
-
-}
-
-##
-
-bundle edit_line maintain_key_values(v,sep)
-# @ignore
-# @brief Sets the RHS of configuration items with an giving separator
-#
-# Contributed by David Lee
-{
- meta:
- "tags"
- slist =>
- {
- "deprecated=3.6.0",
- "deprecation-reason=Generic reimplementation",
- "replaced-by=set_line_based"
- };
-
- vars:
- "index" slist => getindices("$(v)");
- # Be careful if the index string contains funny chars
- "cindex[$(index)]" string => canonify("$(index)");
- # Matching pattern for line (basically key-and-separator)
- "keypat[$(index)]" string => "\s*$(index)\s*$(sep)\s*";
-
- # Values may contain regexps. Escape them for replace_pattern matching.
- "ve[$(index)]" string => escape("$($(v)[$(index)])");
-
- classes:
- "$(cindex[$(index)])_key_in_file"
- comment => "Dynamic Class created if patterns matching",
- expression => regline("^$(keypat[$(index)]).*", "$(edit.filename)");
-
- replace_patterns:
- # For convergence need to use negative lookahead on value:
- # "key sep (?!value).*"
- "^($(keypat[$(index)]))(?!$(ve[$(index)])$).*"
- comment => "Replace definition of $(index)",
- replace_with => value("$(match.1)$($(v)[$(index)])");
-
- insert_lines:
- "$(index)$(sep)$($(v)[$(index)])"
- comment => "Insert definition of $(index)",
- ifvarclass => "!$(cindex[$(index)])_key_in_file";
-}
-
-##
-
-bundle edit_line append_users_starting(v)
-# @brief For adding to `/etc/passwd` or `etc/shadow`
-# @param v An array `v[username] string => "line..."`
-#
-# **Note:** To manage local users with CFEngine 3.6 and later,
-# consider making `users` promises instead of modifying system files.
-{
- vars:
-
- "index" slist => getindices("$(v)");
-
- classes:
-
- "add_$(index)" not => userexists("$(index)"),
- comment => "Class created if user does not exist";
-
- insert_lines:
-
- "$($(v)[$(index)])"
-
- comment => "Append users into a password file format",
- ifvarclass => "add_$(index)";
-}
-
-##
-
-bundle edit_line append_groups_starting(v)
-# @brief For adding groups to `/etc/group`
-# @param v An array `v[groupname] string => "line..."`
-#
-# **Note:** To manage local users with CFEngine 3.6 and later,
-# consider making `users` promises instead of modifying system files.
-{
- vars:
-
- "index" slist => getindices("$(v)");
-
- classes:
-
- "add_$(index)" not => groupexists("$(index)"),
- comment => "Class created if group does not exist";
-
- insert_lines:
-
- "$($(v)[$(index)])"
-
- comment => "Append users into a group file format",
- ifvarclass => "add_$(index)";
-
-}
-
-##
-
-bundle edit_line set_colon_field(key,field,val)
-# @brief Set the value of field number `field` of the line whose
-# first field is `key` to the value `val`, in a colon-separated file.
-# @param key The value the first field has to match
-# @param field The field to be modified
-# @param val The new value of `field`
-{
- field_edits:
-
- "$(key):.*"
-
- comment => "Edit a colon-separated file, using the first field as a key",
- edit_field => col(":","$(field)","$(val)","set");
-}
-
-##
-
-bundle edit_line set_user_field(user,field,val)
-# @brief Set the value of field number "field" in a `:-field`
-# formatted file like `/etc/passwd`
-# @param user The user to be modified
-# @param field The field that should be modified
-# @param val THe value for `field`
-#
-# **Note:** To manage local users with CFEngine 3.6 and later,
-# consider making `users` promises instead of modifying system files.
-{
- field_edits:
-
- "$(user):.*"
-
- comment => "Edit a user attribute in the password file",
- edit_field => col(":","$(field)","$(val)","set");
-}
-
-##
-
-bundle edit_line append_user_field(group,field,allusers)
-# @brief For adding users to to a file like `/etc/group`
-# at field position `field`, comma separated subfields
-# @param group The group to be modified
-# @param field The field where users should be added
-# @param allusers The list of users to add to `field`
-#
-# **Note:** To manage local users with CFEngine 3.6 and later,
-# consider making `users` promises instead of modifying system files.
-{
- vars:
-
- "val" slist => { @(allusers) };
-
- field_edits:
-
- "$(group):.*"
-
- comment => "Append users into a password file format",
- edit_field => col(":","$(field)","$(val)","alphanum");
-}
-
-##
-
-bundle edit_line expand_template(templatefile)
-# @brief Read in the named text file and expand `$(var)` inside the file
-# @param templatefile The name of the file
-{
- insert_lines:
-
- "$(templatefile)"
-
- insert_type => "file",
- comment => "Expand variables in the template file",
- expand_scalars => "true";
-}
-
-bundle edit_line replace_or_add(pattern,line)
-# @brief Replace a pattern in a file with a single line.
-#
-# If the pattern is not found, add the line to the file.
-#
-# @param pattern The pattern that should be replaced
-# The pattern must match the whole line (it is automatically
-# anchored to the start and end of the line) to avoid
-# ambiguity.
-# @param line The line with which to replace matches of `pattern`
-{
- vars:
- "cline" string => canonify("$(line)");
- "eline" string => escape("$(line)");
-
- replace_patterns:
- "^(?!$(eline)$)$(pattern)$"
- comment => "Replace a pattern here",
- replace_with => value("$(line)"),
- classes => always("replace_done_$(cline)");
-
- insert_lines:
- "$(line)"
- ifvarclass => "replace_done_$(cline)";
-}
-
-# temporarily adding the "_dc_" prefix
-bundle edit_line _dc_converge(marker, lines)
-# @brief Converge `lines` marked with `marker`
-#
-# Any content marked with `marker` is removed, then `lines` are
-# inserted. Every `line` should contain `marker`.
-#
-# @param marker The marker (not a regular expression; will be escaped)
-# @param lines The lines to insert; all must contain `marker`
-{
- vars:
- "regex" string => escape($(marker));
-
- delete_lines:
- "$(regex)" comment => "Delete lines matching the marker";
- insert_lines:
- "$(lines)" comment => "Insert the given lines";
-}
-
-bundle edit_line fstab_option_editor(method, mount, option)
-# @brief Add or remove `/etc/fstab` options for a mount
-#
-# This bundle edits the options field of a mount. The `method` is a
-# `field_operation` which can be `append`, `prepend`, `set`, `delete`,
-# or `alphanum`. The option is OS-specific.
-#
-# @param method `field_operation` to apply
-# @param mount the mount point
-# @param option the option to add or remove
-#
-# **Example:**
-#
-# ```cf3
-# files:
-# "/etc/fstab" edit_line => fstab_option_editor("delete", "/", "acl");
-# "/etc/fstab" edit_line => fstab_option_editor("append", "/", "acl");
-# ```
-{
- field_edits:
- "(?!#)\S+\s+$(mount)\s.+"
- edit_field => fstab_options($(option), $(method));
-}
-
-###################################################
-# edit_xml bundles
-###################################################
-
-bundle edit_xml xml_insert_tree_nopath(treestring)
-# @brief Insert XML tree with no path
-#
-# This `edit_xml` bundle inserts the given XML tree. Use with an
-# empty XML document.
-#
-# @param treestring The XML tree, as a string
-#
-# **Example:**
-#
-# ```cf3
-# files:
-# "/newfile" edit_xml => xml_insert_tree_nopath('<x>y</x>');
-# ```
-{
- insert_tree:
- '$(treestring)';
-}
-
-bundle edit_xml xml_insert_tree(treestring, xpath)
-# @brief Insert XML tree at the given XPath
-#
-# This `edit_xml` bundle inserts the given XML tree at a specific
-# XPath. Uses `insert_tree`.
-#
-# @param treestring The XML tree, as a string
-# @param xpath A valid XPath string
-#
-# **Example:**
-#
-# ```cf3
-# files:
-# "/file.xml" edit_xml => xml_insert_tree('<x>y</x>', '/a/b/c');
-# ```
-{
- insert_tree:
- '$(treestring)';
-}
-
-bundle edit_xml xml_set_value(value, xpath)
-# @brief Sets or replaces a value in XML at the given XPath
-#
-# This `edit_xml` bundle sets or replaces the value at a specific
-# XPath with the given value. Uses `set_text`.
-#
-# @param value The new value
-# @param xpath A valid XPath string
-#
-# **Example:**
-#
-# ```cf3
-# files:
-# "/file.xml" edit_xml => xml_set_value('hello', '/a/b/c');
-# ```
-{
- set_text:
- "$(value)"
- select_xpath => "$(xpath)";
-}
-
-bundle edit_xml xml_set_attribute(attr, value, xpath)
-# @brief Sets or replaces an attribute in XML at the given XPath
-#
-# This `edit_xml` bundle sets or replaces an attribute at a specific
-# XPath with the given value. Uses `set_attribute`.
-#
-# @param attr The attribute name
-# @param value The new attribute value
-# @param xpath A valid XPath string
-#
-# **Example:**
-#
-# ```cf3
-# files:
-# "/file.xml" edit_xml => xml_set_attribute('parameter', 'ha', '/a/b/c');
-# ```
-{
- set_attribute:
- "$(attr)"
- attribute_value => "$(value)",
- select_xpath => "$(xpath)";
-
-}
-
-##-------------------------------------------------------
-## editing bodies
-##-------------------------------------------------------
-
-body edit_field fstab_options(newval, method)
-# @brief Edit the options field in a fstab format
-# @param newval the new option
-# @param method `field_operation` to apply
-#
-# This body edits the options field in the fstab file format. The
-# `method` is a `field_operation` which can be `append`, `prepend`,
-# `set`, `delete`, or `alphanum`. The `newval` option is OS-specific.
-#
-# **Example:**
-#
-# ```cf3
-# # from the `fstab_options_editor`
-# field_edits:
-# "(?!#)\S+\s+$(mount)\s.+"
-# edit_field => fstab_options($(option), $(method));
-# ```
-{
- field_separator => "\s+";
- select_field => "4";
- value_separator => ",";
- field_value => "$(newval)";
- field_operation => "$(method)";
-}
-
-body edit_field quoted_var(newval,method)
-# @brief Edit the quoted value of the matching line
-# @param newval The new value
-# @param method The method by which to edit the field
-{
- field_separator => "\"";
- select_field => "2";
- value_separator => " ";
- field_value => "$(newval)";
- field_operation => "$(method)";
- extend_fields => "false";
- allow_blank_fields => "true";
-}
-
-##
-
-body edit_field col(split,col,newval,method)
-# @brief Edit tabluar data with comma-separated sub-values
-# @param split The separator that defines columns
-# @param col The (1-based) index of the value to change
-# @param newval The new value
-# @param method The method by which to edit the field
-{
- field_separator => "$(split)";
- select_field => "$(col)";
- value_separator => ",";
- field_value => "$(newval)";
- field_operation => "$(method)";
- extend_fields => "true";
- allow_blank_fields => "true";
-}
-
-##
-
-body edit_field line(split,col,newval,method)
-# @brief Edit tabular data with space-separated sub-values
-# @param split The separator that defines columns
-# @param col The (1-based) index of the value to change
-# @param newval The new value
-# @param method The method by which to edit the field
-{
- field_separator => "$(split)";
- select_field => "$(col)";
- value_separator => " ";
- field_value => "$(newval)";
- field_operation => "$(method)";
- extend_fields => "true";
- allow_blank_fields => "true";
-}
-
-##
-
-body replace_with value(x)
-# @brief Replace matching lines
-# @param x The replacement string
-{
- replace_value => "$(x)";
- occurrences => "all";
-}
-
-##
-
-body select_region INI_section(x)
-# @brief Restrict the `edit_line` promise to the lines in section `[x]`
-# @param x The name of the section in an INI-like configuration file
-{
- select_start => "\[$(x)\]\s*";
- select_end => "\[.*\]\s*";
-}
-
-##-------------------------------------------------------
-## edit_defaults
-##-------------------------------------------------------
-
-body edit_defaults std_defs
-# @brief Standard definitions for `edit_defaults`
-# Don't empty the file before editing starts and don't make a backup.
-{
- empty_file_before_editing => "false";
- edit_backup => "false";
- #max_file_size => "300000";
-}
-
-##
-
-body edit_defaults empty
-# @brief Empty the file before editing
-#
-# No backup is made
-{
- empty_file_before_editing => "true";
- edit_backup => "false";
- #max_file_size => "300000";
-}
-
-##
-
-body edit_defaults no_backup
-# @brief Don't make a backup of the file before editing
-{
- edit_backup => "false";
-}
-
-##
-
-body edit_defaults backup_timestamp
-# @brief Make a timestamped backup of the file before editing
-{
- empty_file_before_editing => "false";
- edit_backup => "timestamp";
- #max_file_size => "300000";
-}
-
-##-------------------------------------------------------
-## location
-##-------------------------------------------------------
-
-body location start
-# @brief Editing occurs before the matched line
-{
- before_after => "before";
-}
-
-##
-
-body location after(str)
-# @brief Editing occurs after the line matching `str`
-# @param str Regular expression matching the file line location
-{
- before_after => "after";
- select_line_matching => "$(str)";
-}
-
-##
-
-body location before(str)
-# @brief Editing occurs before the line matching `str`
-# @param str Regular expression matching the file line location
-{
- before_after => "before";
- select_line_matching => "$(str)";
-}
-
-##-------------------------------------------------------
-## replace_with
-##-------------------------------------------------------
-
-##
-
-body replace_with comment(c)
-# @brief Comment all lines matching the pattern by preprending `c`
-# @param c The prefix that comments out lines
-{
- replace_value => "$(c) $(match.1)";
- occurrences => "all";
-}
-
-##
-
-body replace_with uncomment
-# @brief Uncomment all lines matching the pattern by removing
-# anything outside the matching string
-{
- replace_value => "$(match.1)";
- occurrences => "all";
-}
-
-##-------------------------------------------------------
-## copy_from
-##-------------------------------------------------------
-
-body copy_from secure_cp(from,server)
-# @brief Download a file from a remote server over an encrypted channel
-#
-# Only copy the file if it is different from the local copy, and verify
-# that the copy is correct.
-#
-# @param from The location of the file on the remote server
-# @param server The hostname or IP of the server from which to download
-{
- source => "$(from)";
- servers => { "$(server)" };
- compare => "digest";
- encrypt => "true";
- verify => "true";
-}
-
-##
-
-body copy_from remote_cp(from,server)
-# @brief Download a file from a remote server.
-#
-# @param from The location of the file on the remote server
-# @param server The hostname or IP of the server from which to download
-{
- servers => { "$(server)" };
- source => "$(from)";
- compare => "mtime";
-}
-
-##
-
-body copy_from remote_dcp(from,server)
-# @brief Download a file from a remote server if it is different from the local copy.
-#
-# @param from The location of the file on the remote server
-# @param server The hostname or IP of the server from which to download
-{
- servers => { "$(server)" };
- source => "$(from)";
- compare => "digest";
-}
-
-##
-
-body copy_from local_cp(from)
-# @brief Copy a local file.
-#
-# @param from The path to the source file.
-{
- source => "$(from)";
-}
-
-##
-
-body copy_from local_dcp(from)
-# @brief Copy a local file if it is different from the existing copy.
-#
-# @param from The path to the source file.
-{
- source => "$(from)";
- compare => "digest";
-}
-
-##
-
-body copy_from perms_cp(from)
-# @brief Copy a local file and preserve file permissions on the local copy.
-#
-# @param from The path to the source file.
-{
- source => "$(from)";
- preserve => "true";
-}
-
-body copy_from backup_local_cp(from)
-# @brief Copy a local file and keep a backup of old versions.
-#
-# @param from The path to the source file.
-{
- source => "$(from)";
- copy_backup => "timestamp";
-}
-
-##
-
-body copy_from seed_cp(from)
-# @brief Copy a local file if the file does not already exist, i.e. seed the placement
-#
-# @param from The path to the source file.
-{
- source => "$(from)";
- compare => "exists";
-}
-
-##
-
-body copy_from sync_cp(from,server)
-# @brief Download a file if the local copy does not already exist, i.e. seed the placement
-#
-# @param from The location of the file on the remote server
-# @param server The hostname or IP of the server from which to download
-{
- servers => { "$(server)" };
- source => "$(from)";
- purge => "true";
- preserve => "true";
- type_check => "false";
-}
-
-##
-
-body copy_from no_backup_cp(from)
-# @brief Copy a local file and don't make any backup of the previous version
-#
-# @param from The path to the source file.
-{
- source => "$(from)";
- copy_backup => "false";
-}
-
-##
-
-body copy_from no_backup_dcp(from)
-# @brief Copy a local file if contents have changed, and don't make any backup
-# of the previous version
-#
-# @param from The path to the source file.
-{
- source => "$(from)";
- copy_backup => "false";
- compare => "digest";
-}
-
-##
-
-body copy_from no_backup_rcp(from,server)
-# @brief Download a file if it's newer than the local copy, and don't make any
-# backup of the previous version
-#
-# @param from The location of the file on the remote server
-# @param server The hostname or IP of the server from which to download
-{
- servers => { "$(server)" };
- source => "$(from)";
- compare => "mtime";
- copy_backup => "false";
-}
-
-##-------------------------------------------------------
-## link_from
-##-------------------------------------------------------
-
-body link_from ln_s(x)
-# @brief Create a symbolink link to `x`
-# The link is created even if the source of the link does not exist.
-# @param x The source of the link
-{
- link_type => "symlink";
- source => "$(x)";
- when_no_source => "force";
-}
-
-##
-
-body link_from linkchildren(tofile)
-# @brief Create a symbolink link to `tofile`
-# If the promiser is a directory, children are linked to the source, unless
-# entries with identical names already exist.
-# The link is created even if the source of the link does not exist.
-#
-# @param tofile The source of the link
-{
- source => "$(tofile)";
- link_type => "symlink";
- when_no_source => "force";
- link_children => "true";
- when_linking_children => "if_no_such_file"; # "override_file";
-}
-
-##-------------------------------------------------------
-## perms
-##-------------------------------------------------------
-
-body perms m(mode)
-# @brief Set the file mode
-# @param mode The new mode
-{
- mode => "$(mode)";
-}
-
-##
-
-body perms mo(mode,user)
-# @brief Set the file's mode and owners
-# @param mode The new mode
-# @param user The username of the new owner
-{
- owners => { "$(user)" };
- mode => "$(mode)";
-}
-
-##
-
-body perms mog(mode,user,group)
-# @brief Set the file's mode, owner and group
-# @param mode The new mode
-# @param user The username of the new owner
-# @param group The group name
-{
- owners => { "$(user)" };
- groups => { "$(group)" };
- mode => "$(mode)";
-}
-
-##
-
-body perms og(u,g)
-# @brief Set the file's owner and group
-# @param u The username of the new owner
-# @param g The group name
-{
- owners => { "$(u)" };
- groups => { "$(g)" };
-}
-
-##
-
-body perms owner(user)
-# @brief Set the file's owner
-# @param user The username of the new owner
-{
- owners => { "$(user)" };
-}
-
-body perms system_owned(mode)
-# @brief Set the file owner and group to the system default
-# @param mode the access permission in octal format
-#
-# **Example:**
-#
-# ```cf3
-# files:
-# "/etc/passwd" perms => system_owned("0644");
-# ```
-{
- mode => "$(mode)";
- owners => { "root" };
-
- freebsd|openbsd|netbsd|darwin::
- groups => { "wheel" };
-
- linux::
- groups => { "root" };
-
- solaris::
- groups => { "sys" };
-}
-
-##-------------------------------------------------------
-## ACLS (extended Unix perms)
-##-------------------------------------------------------
-
-body acl access_generic(acl)
-# @brief Set the `aces` of the access control as specified
-#
-# Default/inherited ACLs are left unchanged. This body is
-# applicable for both files and directories on all platforms.
-#
-# @param acl The aces to be set
-{
- acl_method => "overwrite";
- aces => { "@(acl)" };
-
- windows::
- acl_type => "ntfs";
-
- !windows::
- acl_type => "posix";
-}
-
-##
-
-body acl ntfs(acl)
-# @brief Set the `aces` on NTFS file systems, and overwrite
-# existing ACLs.
-#
-# This body requires CFEngine Enterprise.
-#
-# @param acl The aces to be set
-{
- acl_type => "ntfs";
- acl_method => "overwrite";
- aces => { "@(acl)" };
-}
-
-##
-
-body acl strict
-# @brief Limit file access via ACLs to users with administrator privileges,
-# overwriting existing ACLs.
-#
-# **Note:** May need to take ownership of file/dir to be sure no-one else is
-# allowed access.
-{
- acl_method => "overwrite";
-
- windows::
- aces => { "user:Administrator:rwx" };
- !windows::
- aces => { "user:root:rwx" };
-}
-
-##-------------------------------------------------------
-## depth_search
-##-------------------------------------------------------
-
-body depth_search recurse(d)
-# @brief Search files and direcories recursively, up to the specified depth
-# Directories on different devices are included.
-#
-# @param d The maximum search depth
-{
- depth => "$(d)";
- xdev => "true";
-}
-
-##
-
-body depth_search recurse_ignore(d,list)
-# @brief Search files and directories recursively,
-# but don't recurse into the specified directories
-#
-# @param d The maximum search depth
-# @param list The list of directories to be excluded
-{
- depth => "$(d)";
- exclude_dirs => { @(list) };
-}
-
-##
-
-body depth_search include_base
-# @brief Search files and directories recursively,
-# starting from the base directory.
-{
- include_basedir => "true";
-}
-
-body depth_search recurse_with_base(d)
-# @brief Search files and directories recursively up to the specified
-# depth, starting from the base directory and including directories on
-# other devices.
-#
-# @param d The maximum search depth
-{
- depth => "$(d)";
- xdev => "true";
- include_basedir => "true";
-}
-
-##-------------------------------------------------------
-## delete
-##-------------------------------------------------------
-
-body delete tidy
-# @brief Delete the file and remove empty directories
-# and links to directories
-{
- dirlinks => "delete";
- rmdirs => "true";
-}
-
-##-------------------------------------------------------
-## rename
-##-------------------------------------------------------
-
-body rename disable
-# @brief Disable the file
-{
- disable => "true";
-}
-
-##
-
-body rename rotate(level)
-# @brief Rotate and store up to `level` backups of the file
-# @param level The number of backups to store
-{
- rotate => "$(level)";
-}
-
-##
-
-body rename to(file)
-# @brief Rename the file to `file`
-# @param file The new name of the file
-{
- newname => "$(file)";
-}
-
-##-------------------------------------------------------
-## file_select
-##-------------------------------------------------------
-
-body file_select name_age(name,days)
-# @brief Select files that have a matching `name` and have not been modified for at least `days`
-# @param name A regex that matches the file name
-# @param days Number of days
-{
- leaf_name => { "$(name)" };
- mtime => irange(0,ago(0,0,"$(days)",0,0,0));
- file_result => "mtime.leaf_name";
-}
-
-##
-
-body file_select days_old(days)
-# @brief Select files that have not been modified for at least `days`
-# @param days Number of days
-{
- mtime => irange(0,ago(0,0,"$(days)",0,0,0));
- file_result => "mtime";
-}
-
-##
-
-body file_select size_range(from,to)
-# @brief Select files that have a size within the specified range
-# @param from The lower bound of the allowed file size
-# @param to The upper bound of the allowed file size
-{
- search_size => irange("$(from)","$(to)");
- file_result => "size";
-}
-
-##
-
-body file_select bigger_than(size)
-# @brief Select files that are above a given size
-# @param size The number of bytes files have
-{
- search_size => irange("0","$(size)");
- file_result => "!size";
-}
-
-##
-
-body file_select exclude(name)
-# @brief Select all files except those that match `name`
-# @param name A regular expression
-{
- leaf_name => { "$(name)"};
- file_result => "!leaf_name";
-}
-
-##
-
-body file_select plain
-# @brief Select plain, regular files
-{
- file_types => { "plain" };
- file_result => "file_types";
-}
-
-body file_select dirs
-# @brief Select directories
-{
- file_types => { "dir" };
- file_result => "file_types";
-}
-
-##
-
-body file_select by_name(names)
-# @brief Select files that match `names`
-# @param names A regular expression
-{
- leaf_name => { @(names)};
- file_result => "leaf_name";
-}
-
-##
-
-body file_select ex_list(names)
-# @brief Select all files except those that match `names`
-# @param names A list of regular expressions
-{
- leaf_name => { @(names)};
- file_result => "!leaf_name";
-}
-
-##
-
-body file_select all
-# @brief Select all file system entries
-{
- leaf_name => { ".*" };
- file_result => "leaf_name";
-}
-
-##
-
-body file_select older_than(years, months, days, hours, minutes, seconds)
-# @brief Select files older than the date-time specified
-# @param years Number of years
-# @param months Number of months
-# @param days Number of days
-# @param hours Number of hours
-# @param minutes Number of minutes
-# @param seconds Number of seconds
-#
-# Generic older_than selection body, aimed to have a common definition handy
-# for every case possible.
-{
- mtime => irange(0,ago("$(years)","$(months)","$(days)","$(hours)","$(minutes)","$(seconds)"));
- file_result => "mtime";
-}
-
-##
-
-body file_select filetype_older_than(filetype, days)
-# @brief Select files of specified type older than specified number of days
-#
-# @param filetype File type to select
-# @param days Number of days
-#
-# This body only takes a single filetype, see `filetypes_older_than()`
-# if you want to select more than one type of file.
-{
- file_types => { "$(filetype)" };
- mtime => irange(0,ago(0,0,"$(days)",0,0,0));
- file_result => "file_types.mtime";
-}
-
-##
-
-body file_select filetypes_older_than(filetypes, days)
-# @brief Select files of specified types older than specified number of days
-#
-# This body only takes a list of filetypes
-#
-# @param filetypes A list of file types
-# @param days Number of days
-#
-# **See also:** `filetype_older_than()`
-{
- file_types => { @(filetypes) };
- mtime => irange(0,ago(0,0,"$(days)",0,0,0));
- file_result => "file_types.mtime";
-}
-
-##-------------------------------------------------------
-## changes
-##-------------------------------------------------------
-
-body changes detect_all_change
-# @brief Detect all file changes using the best hash method
-#
-# This is fierce, and will cost disk cycles
-#
-{
- hash => "best";
- report_changes => "all";
- update_hashes => "yes";
-}
-
-##
-
-body changes detect_all_change_using(hash)
-# @brief Detect all file changes using a given hash method
-#
-# Detect all changes using a configurable hashing algorithm
-# for times when you care about both content and file stats e.g. mtime
-#
-# @param hash supported hashing algorithm (md5, sha1, sha224, sha256, sha384, sha512, best)
-{
- hash => "$(hash)";
- report_changes => "all";
- update_hashes => "yes";
-}
-
-##
-
-body changes detect_content
-# @brief Detect file content changes using md5
-#
-# This is a cheaper alternative
-{
- hash => "md5";
- report_changes => "content";
- update_hashes => "yes";
-}
-
-##
-
-body changes detect_content_using(hash)
-# @brief Detect file content changes using a given hash algorithm.
-#
-# For times when you only care about content, not file stats e.g. mtime
-# @param hash - supported hashing algorithm (md5, sha1, sha224, sha256, sha384,
-# sha512, best)
-{
- hash => "$(hash)";
- report_changes => "content";
- update_hashes => "yes";
-}
-
-##
-
-body changes noupdate
-# @brief Detect content changes in (small) files that should never change
-{
- hash => "sha256";
- report_changes => "content";
- update_hashes => "no";
-}
-
-##
-
-body changes diff
-# @brief Detect file content changes using sha256
-# and report the diff to CFEngine Enterprise
-{
- hash => "sha256";
- report_changes => "content";
- report_diffs => "true";
- update_hashes => "yes";
-}
-
-##
-
-body changes all_changes
-# @brief Detect all file changes using sha256
-# and report the diff to CFEngine Enterprise
-{
- hash => "sha256";
- report_changes => "all";
- report_diffs => "true";
- update_hashes => "yes";
-}
-
-##
-
-body changes diff_noupdate
-# @brief Detect content changes in (small) files
-# and report the diff to CFEngine Enterprise
-{
- hash => "sha256";
- report_changes => "content";
- report_diffs => "true";
- update_hashes => "no";
-}
+++ /dev/null
-############################################################################
-# Copyright (C) CFEngine AS
-#
-# This program is free software; you can redistribute it and/or modify it
-# under the terms of the GNU Lesser General Public License LGPL as published by the
-# Free Software Foundation; version 3.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU General Public License for more details.
-#
-# To the extent this program is licensed as part of the Enterprise
-# versions of CFEngine, the applicable Commercial Open Source License
-# (COSL) may apply to this file if you as a licensee so wish it. See
-# included file COSL.txt.
-###########################################################################
-#
-# CFEngine Community Open Promise-Body Library
-#
-# This initiative started by CFEngine promotes a
-# standardized set of names and promise specifications
-# for template functionality within CFEngine 3.
-#
-# The aim is to promote an industry standard for
-# naming of configuration patterns, leading to a
-# de facto middleware of standardized syntax.
-#
-# Names should be intuitive and parameters should be
-# minimal to assist readability and comprehensibility.
-
-# Contributions to this file are voluntarily given to
-# the cfengine community, and are moderated by CFEngine.
-# No liability or warranty for misuse is implied.
-#
-# If you add to this file, please try to make the
-# contributions "self-documenting". Comments made
-# after the bundle/body statement are retained in
-# the online docs
-#
-
-# For CFEngine Core: 3.6.0 to 3.6.x
-# Guest environments bodies
-
-###################################################
-# If you find CFEngine useful, please consider #
-# purchasing a commercial version of the software.#
-###################################################
-
-##-------------------------------------------------------
-## guest_environment promises
-##-------------------------------------------------------
-
-body environment_resources kvm(name, arch, cpu_count, mem_kb, disk_file)
-# @brief An `environment_resources` body for a KVM virtual machine.
-#
-# The `env_spec` attribute is set to a KVM XML specification.
-#
-# @param name The name of the virtual machine
-# @param arch The architecture
-# @param cpu_count The number of CPUs the virtual machine should have
-# @param mem_kb The amount of RAM in kilobyte
-# @param disk_file The file on the host system for the virtual machine's harddrive
-#
-# **Example:**
-#
-# ```cf3
-# bundle agent manage_vm
-# {
-# guest_environments:
-# am_vm_host::
-# "db_server"
-# environment_host => atlas,
-# environment_type => "kvm",
-# environment_state => "create",
-# environment_resources => kvm("PSQL1, "x86_64", "4", "4096", "/var/lib/libvirt/images/psql1.iso")
-# }
-# ```
-{
- env_spec =>
- "<domain type='kvm'>
- <name>$(name)</name>
- <memory>$(mem_kb)</memory>
- <currentMemory>$(mem_kb)</currentMemory>
- <vcpu>$(cpu_count)</vcpu>
- <os>
- <type arch='$(arch)'>hvm</type>
- </os>
- <features>
- <acpi/>
- <apic/>
- <pae/>
- </features>
- <on_poweroff>destroy</on_poweroff>
- <on_reboot>restart</on_reboot>
- <on_crash>restart</on_crash>
- <devices>
- <emulator>/usr/bin/kvm</emulator>
- <disk type='file' device='disk'>
- <source file='$(disk_file)'/>
- <target dev='vda' bus='virtio'/>
- </disk>
- <interface type='network'>
- <source network='default'/>
- </interface>
- <input type='mouse' bus='ps2'/>
- <graphics type='vnc' port='-1' autoport='yes'/>
- </devices>
-</domain>";
-}
+++ /dev/null
-############################################################################
-# Copyright (C) CFEngine AS
-#
-# This program is free software; you can redistribute it and/or modify it
-# under the terms of the GNU Lesser General Public License LGPL as published by the
-# Free Software Foundation; version 3.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU General Public License for more details.
-#
-# To the extent this program is licensed as part of the Enterprise
-# versions of CFEngine, the applicable Commercial Open Source License
-# (COSL) may apply to this file if you as a licensee so wish it. See
-# included file COSL.txt.
-###########################################################################
-#
-# CFEngine Community Open Promise-Body Library
-#
-# This initiative started by CFEngine promotes a
-# standardized set of names and promise specifications
-# for template functionality within CFEngine 3.
-#
-# The aim is to promote an industry standard for
-# naming of configuration patterns, leading to a
-# de facto middleware of standardized syntax.
-#
-# Names should be intuitive and parameters should be
-# minimal to assist readability and comprehensibility.
-
-# Contributions to this file are voluntarily given to
-# the cfengine community, and are moderated by CFEngine.
-# No liability or warranty for misuse is implied.
-#
-# If you add to this file, please try to make the
-# contributions "self-documenting". Comments made
-# after the bundle/body statement are retained in
-# the online docs
-#
-
-# For CFEngine Core: 3.6.0 to 3.6.x
-# Monitor bodies
-
-###################################################
-# If you find CFEngine useful, please consider #
-# purchasing a commercial version of the software.#
-###################################################
-
-####################################################
-## monitor bodyparts
-####################################################
-
-body match_value scan_log(line)
-# @brief Selects lines matching `line` in a growing file
-# @param line Regular expression for matching lines.
-#
-# **See also:** `select_line_matching`, `track_growing_file`
-{
- select_line_matching => "$(line)";
- track_growing_file => "true";
-}
-
-##
-
-body match_value scan_changing_file(line)
-# @brief Selects lines matching `line` in a changing file
-# @param line Regular expression for matching lines.
-#
-# **See also:** `select_line_matching`, `track_growing_file`
-{
- select_line_matching => "$(line)";
- track_growing_file => "false";
-}
-
-##
-
-body match_value single_value(regex)
-# @brief Extract lines matching `regex` as values
-# @param regex Regular expression matching lines and values
-#
-# **See also:** `select_line_matching`, `extraction_regex`
-{
- select_line_matching => "$(regex)";
- extraction_regex => "($(regex))";
-}
-
-##
-
-body match_value line_match_value(line_match, extract_regex)
-# @brief Find lines matching line_match and extract a value matching extract_regex
-# @param line_match Regular expression matching line where value is found
-# @param extract_regex Regular expression matching value to extract
-#
-# **See also:** `select_line_matching`, `extraction_regex`
-#
-# **Example:**
-#
-# ```cf3
-# bundle monitor example
-# {
-# vars:
-# "regex_vsz" string => "root\s+[0-9]+\s+[0-9]+\s+[0-9]+\s+[0-9.]+\s+[0-9.]+\s+([0-9]+).*";
-# measurements:
-# "/var/cfengine/state/cf_procs"
-# handle => "cf_serverd_vsz",
-# comment => "Tracking the memory consumption of a process can help us identify possible memory leaks",
-# stream_type => "file",
-# data_type => "int",
-# history_type => "weekly",
-# units => "kB",
-# match_value => line_match_value(".*cf-serverd.*", "$(regex_vsz)");
-# }
-# ```
-{
- select_line_matching => "$(line_match)";
- extraction_regex => "$(extract_regex)";
-}
+++ /dev/null
-############################################################################
-# Copyright (C) CFEngine AS
-#
-# This program is free software; you can redistribute it and/or modify it
-# under the terms of the GNU Lesser General Public License LGPL as published by the
-# Free Software Foundation; version 3.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU General Public License for more details.
-#
-# To the extent this program is licensed as part of the Enterprise
-# versions of CFEngine, the applicable Commercial Open Source License
-# (COSL) may apply to this file if you as a licensee so wish it. See
-# included file COSL.txt.
-###########################################################################
-#
-# CFEngine Community Open Promise-Body Library
-#
-# This initiative started by CFEngine promotes a
-# standardized set of names and promise specifications
-# for template functionality within CFEngine 3.
-#
-# The aim is to promote an industry standard for
-# naming of configuration patterns, leading to a
-# de facto middleware of standardized syntax.
-#
-# Names should be intuitive and parameters should be
-# minimal to assist readability and comprehensibility.
-
-# Contributions to this file are voluntarily given to
-# the cfengine community, and are moderated by CFEngine.
-# No liability or warranty for misuse is implied.
-#
-# If you add to this file, please try to make the
-# contributions "self-documenting". Comments made
-# after the bundle/body statement are retained in
-# the online docs
-#
-
-# For CFEngine Core: 3.6.0 to 3.6.x
-# Packages bodies
-
-###################################################
-# If you find CFEngine useful, please consider #
-# purchasing a commercial version of the software.#
-###################################################
-
-bundle common packages_common
-# @ignore
-{
- vars:
- "inputs" slist => { "$(this.promise_dirname)/paths.cf" };
-}
-
-body file control
-# @ignore
-{
- inputs => { @(packages_common.inputs) };
-}
-
-##--------------------------------------------------------------
-## Packages promises
-##--------------------------------------------------------------
-
-bundle common common_knowledge
-# @brief common packages knowledge bundle
-#
-# This common bundle defines general things about platforms.
-{
- vars:
- "list_update_ifelapsed" string => "240";
-}
-
-bundle common debian_knowledge
-# @depends paths
-# @brief common Debian knowledge bundle
-#
-# This common bundle has useful information about Debian.
-{
- vars:
- "apt_prefix" string => "/usr/bin/env DEBIAN_FRONTEND=noninteractive LC_ALL=C PATH=/bin:/sbin/:/usr/bin:/usr/sbin";
- "call_dpkg" string => "$(apt_prefix) $(paths.path[dpkg])";
- "call_apt_get" string => "$(apt_prefix) $(paths.path[apt_get])";
- "call_aptitude" string => "$(apt_prefix) $(paths.path[aptitude])";
- "dpkg_options" string => "-o Dpkg::Options::=--force-confold -o Dpkg::Options::=--force-confdef";
-
- "dpkg_compare_equal" string => "$(call_dpkg) --compare-versions $(v1) eq $(v2)";
- "dpkg_compare_less" string => "$(call_dpkg) --compare-versions $(v1) lt $(v2)";
-
- "list_name_regex" string => "^.i\s+([^\s:]+).*";
- "list_version_regex" string => "^.i\s+[^\s]+\s+([^\s]+).*";
-
- "patch_name_regex" string => "^Inst\s+(\S+)\s+.*";
- "patch_version_regex" string => "^Inst\s+(\S+)\s+.*";
-}
-
-bundle common redhat_knowledge
-# @depends paths
-# @brief common Redhat knowledge bundle
-#
-# This common bundle has useful information about Redhat.
-{
- vars:
- "call_yum" string => "$(paths.path[yum])";
- "call_rpm" string => "$(paths.path[rpm])";
-
- "yum_options" string => "--quiet";
-
- # used with rpm format 'i | repos | %{name} | %{version}-%{release} | %{arch}\n'
-
- "rpm_name_regex" string => "[^|]+\|[^|]+\|\s+([^\s|]+).*";
- "rpm_version_regex" string => "[^|]+\|[^|]+\|[^|]+\|\s+([^\s|]+).*";
- "rpm_arch_regex" string => "[^|]+\|[^|]+\|[^|]+\|[^|]+\|\s+([^\s]+).*";
-
- # used with rpm format '%{name} %{version}-%{release} %{arch}\n'
-
- "rpm2_name_regex" string => "^(\S+?)\s\S+?\s\S+$";
- "rpm2_version_regex" string => "^\S+?\s(\S+?)\s\S+$";
- "rpm2_arch_regex" string => "^\S+?\s\S+?\s(\S+)$";
-
- # used with rpm format '%{name}.%{arch} %{version}-%{release}\n'
-
- "rpm3_name_regex" string => "([^.]+).*";
- "rpm3_version_regex" string => "[^\s]\s+([^\s]+).*";
- "rpm3_arch_regex" string => "[^.]+\.([^\s]+).*";
-}
-
-bundle common darwin_knowledge
-# @depends paths
-# @brief common Darwin / Mac OS X knowledge bundle
-#
-# This common bundle has useful information about Darwin / Mac OS X.
-{
- vars:
- "call_brew" string => "$(paths.path[brew])";
- "call_sudo" string => "$(paths.path[sudo])";
-
- # used with brew list --versions format '%{name} %{version}\n'
-
- "brew_name_regex" string => "([\S]+)\s[\S]+";
- "brew_version_regex" string => "[\S]+\s([\S]+)";
-}
-
-bundle common npm_knowledge
-# @depends paths
-# @brief Node.js `npm' knowledge bundle
-#
-# This common bundle has useful information about the Node.js `npm' package manager.
-{
- vars:
- "call_npm" string => "$(paths.path[npm])";
-
- "npm_list_name_regex" string => "^[^ /]+ ([\w\d-._~]+)@[\d.]+";
- "npm_list_version_regex" string => "^[^ /]+ [\w\d-._~]+@([\d.]+)";
- "npm_installed_regex" string => "^[^ /]+ ([\w\d-._~]+@[\d.]+)";
-}
-
-bundle common pip_knowledge
-# @depends paths
-# @brief Python `pip' knowledge bundle
-#
-# This common bundle has useful information about the Python `pip' package manager.
-{
- vars:
- "call_pip" string => "$(paths.path[pip])";
-
- "pip_list_name_regex" string => "^([[:alnum:]-_]+)\s\([\d.]+\)";
- "pip_list_version_regex" string => "^[[:alnum:]-_]+\s\(([\d.]+)\)";
- "pip_installed_regex" string => "^([[:alnum:]-_]+\s\([\d.]+\))";
-}
-
-body package_method pip(flags)
-# @depends common_knowledge pip_knowledge
-# @brief Python `pip' package management
-#
-# `pip' is a package manager for Python
-# http://www.pip-installer.org/en/latest/
-#
-# Available commands : add, delete, (add)update, verify
-#
-# @param flags The command line parameter passed to `pip`
-#
-# Note: "update" command preforms recursive upgrade (of dependencies) by
-# default. Set $flags to "--no-deps" to preform non-recursive upgrade.
-# http://www.pip-installer.org/en/latest/cookbook.html#non-recursive-upgrades
-#
-# **Example:**
-#
-# ```cf3
-# packages:
-# "Django" package_method => pip(""), package_policy => "add";
-# "django-registration" package_method => pip(""), package_policy => "delete";
-# "requests" package_method => pip(""), package_policy => "verify";
-#
-# ```
-#
-# **Note:** "Django" with a capital 'D' in the example above.
-# Explicitly match the name of the package, capitalization does count!
-#
-# ```console
-# $ pip search django | egrep "^Django\s+-"
-# Django - A high-level Python Web framework [..output trimmed..]
-# ```
-{
- package_changes => "individual";
-
- package_noverify_regex => "";
-
- package_list_update_ifelapsed => "$(common_knowledge.list_update_ifelapsed)";
-
- package_list_name_regex => "$(pip_list_name_regex)";
- package_list_version_regex => "$(pip_list_version_regex)";
- package_installed_regex => "$(pip_installed_regex)";
-
- package_name_convention => "$(name)";
- package_delete_convention => "$(name)";
-
- package_list_command => "$(paths.path[pip]) list $(flags)";
- package_verify_command => "$(paths.path[pip]) show $(flags)";
- package_add_command => "$(paths.path[pip]) install $(flags)";
- package_delete_command => "$(paths.path[pip]) uninstall --yes $(flags)";
- package_update_command => "$(paths.path[pip]) install --upgrade $(flags)";
-}
-
-body package_method npm(dir)
-# @depends common_knowledge npm_knowledge
-# @brief Node.js `npm' local-mode package management
-#
-# `npm' is a package manager for Node.js
-# https://npmjs.org/package/npm
-#
-# Available commands : add, delete, (add)update, verify
-#
-# For the difference between local and global install see here:
-# https://npmjs.org/doc/cli/npm-install.html
-#
-# @param dir The prefix path to ./node_modules/
-#
-# **Example:**
-#
-# ```cf3
-# vars:
-# "dirs" slist => { "/root/myproject", "/home/somedev/someproject" };
-#
-# packages:
-# "express" package_method => npm("$(dirs)"), package_policy => "add";
-# "redis" package_method => npm("$(dirs)"), package_policy => "delete";
-# "mongoose-amqp-plugin" package_method => npm("$(dirs)"), package_policy => "verify";
-# ```
-{
- package_changes => "individual";
-
- package_noverify_regex => "";
-
- package_list_update_ifelapsed => "$(common_knowledge.list_update_ifelapsed)";
-
- package_list_name_regex => "$(npm_knowledge.npm_list_name_regex)";
- package_list_version_regex => "$(npm_knowledge.npm_list_version_regex)";
- package_installed_regex => "$(npm_knowledge.npm_installed_regex)";
-
- package_name_convention => "$(name)";
- package_delete_convention => "$(name)";
-
- package_list_command => "$(npm_knowledge.call_npm) list --prefix $(dir)";
- package_verify_command => "$(npm_knowledge.call_npm) list --prefix $(dir)";
- package_add_command => "$(npm_knowledge.call_npm) install --prefix $(dir)";
- package_delete_command => "$(npm_knowledge.call_npm) remove --prefix $(dir)";
- package_update_command => "$(npm_knowledge.call_npm) update --prefix $(dir)";
-}
-
-body package_method npm_g
-# @depends common_knowledge npm_knowledge
-# @brief Node.js `npm' global-mode package management
-#
-# `npm' is a package manager for Node.js
-# https://npmjs.org/package/npm
-#
-# Available commands : add, delete, (add)update, verify
-#
-# For the difference between global and local install see here:
-# https://npmjs.org/doc/cli/npm-install.html
-#
-# **Example:**
-#
-# ```cf3
-# packages:
-# "express" package_method => npm_g, package_policy => "add";
-# "redis" package_method => npm_g, package_policy => "delete";
-# "mongoose-amqp-plugin" package_method => npm_g, package_policy => "verify";
-# ```
-{
- package_changes => "individual";
-
- package_noverify_regex => "";
-
- package_list_update_ifelapsed => "$(common_knowledge.list_update_ifelapsed)";
-
- package_list_name_regex => "$(npm_knowledge.npm_list_name_regex)";
- package_list_version_regex => "$(npm_knowledge.npm_list_version_regex)";
- package_installed_regex => "$(npm_knowledge.npm_installed_regex)";
-
- package_name_convention => "$(name)";
- package_delete_convention => "$(name)";
-
- package_list_command => "$(npm_knowledge.call_npm) list --global";
- package_verify_command => "$(npm_knowledge.call_npm) list --global";
- package_add_command => "$(npm_knowledge.call_npm) install --global";
- package_delete_command => "$(npm_knowledge.call_npm) remove --global";
- package_update_command => "$(npm_knowledge.call_npm) update --global";
-}
-
-body package_method brew(user)
-# @depends common_knowledge darwin_knowledge
-# @brief Darwin/Mac OS X + Homebrew installation method
-#
-# Homebrew is a package manager for OS X -- http://brew.sh
-#
-# Available commands : add, delete, (add)update (with package_version).
-#
-# @param user The user under which to run the commands
-#
-# Homebrew expects a regular (non-root) user to install packages.
-# https://github.com/mxcl/homebrew/wiki/FAQ#why-does-homebrew-say-sudo-is-bad
-# As CFEngine doesn't give the possibility to run package_add_command
-# with a different user, this body uses sudo -u.
-#
-# **Example:**
-#
-# ```cf3
-# packages:
-# "mypackage" package_method => brew("adminuser"), package_policy => "add";
-# "uppackage" package_method => brew("adminuser"), package_policy => "update", package_version => "3.5.2";
-# ```
-{
-
- package_changes => "bulk";
- package_add_command => "$(darwin_knowledge.call_sudo) -u $(user) $(darwin_knowledge.call_brew) install";
- package_delete_command => "$(darwin_knowledge.call_sudo) -u $(user) $(darwin_knowledge.call_brew) uninstall";
- package_delete_convention => "$(name)";
- package_name_convention => "$(name)";
-
- # Homebrew can list only installed packages along versions.
- # for a complete list of packages, we could use `brew search`, but there's no easy
- # way to determine the version or wether it's installed.
- package_installed_regex => ".*";
- package_list_command => "$(darwin_knowledge.call_sudo) -u $(user) $(darwin_knowledge.call_brew) list --versions";
- package_list_name_regex => "$(darwin_knowledge.brew_name_regex)";
- package_list_version_regex => "$(darwin_knowledge.brew_version_regex)";
- package_list_update_command => "$(darwin_knowledge.call_sudo) -u $(user) $(darwin_knowledge.call_brew) update";
- package_list_update_ifelapsed => "$(common_knowledge.list_update_ifelapsed)";
-
- # brew list [package] will print the installed files and return 1 if not found.
- package_verify_command => "$(darwin_knowledge.call_sudo) -u $(user) $(darwin_knowledge.call_brew) list";
- package_noverify_returncode => "1";
-
- # remember to specify the package version
- package_update_command => "$(darwin_knowledge.call_sudo) -u $(user) $(darwin_knowledge.call_brew) upgrade";
-
-}
-
-body package_method apt
-# @depends common_knowledge debian_knowledge
-# @brief APT installation package method
-#
-# This package method interacts with the APT package manager through `aptitude`.
-#
-# **Example:**
-#
-# ```cf3
-# packages:
-# "mypackage" package_method => apt, package_policy => "add";
-# ```
-{
- package_changes => "bulk";
- package_list_command => "$(debian_knowledge.call_dpkg) -l";
- package_list_name_regex => "$(debian_knowledge.list_name_regex)";
- package_list_version_regex => "$(debian_knowledge.list_version_regex)";
- package_installed_regex => ".i.*"; # packages that have been uninstalled may be listed
- package_name_convention => "$(name)";
-
- # set it to "0" to avoid caching of list during upgrade
- package_list_update_ifelapsed => "$(common_knowledge.list_update_ifelapsed)";
-
- # make correct version comparisons
- package_version_less_command => "$(debian_knowledge.dpkg_compare_less)";
- package_version_equal_command => "$(debian_knowledge.dpkg_compare_equal)";
-
- have_aptitude::
- package_add_command => "$(debian_knowledge.call_aptitude) $(debian_knowledge.dpkg_options) --assume-yes install";
- package_list_update_command => "$(debian_knowledge.call_aptitude) update";
- package_delete_command => "$(debian_knowledge.call_aptitude) $(debian_knowledge.dpkg_options) --assume-yes -q remove";
- package_update_command => "$(debian_knowledge.call_aptitude) $(debian_knowledge.dpkg_options) --assume-yes install";
- package_patch_command => "$(debian_knowledge.call_aptitude) $(debian_knowledge.dpkg_options) --assume-yes install";
- package_verify_command => "$(debian_knowledge.call_aptitude) show";
- package_noverify_regex => "(State: not installed|E: Unable to locate package .*)";
-
- package_patch_list_command => "$(debian_knowledge.call_aptitude) --assume-yes --simulate --verbose full-upgrade";
- package_patch_name_regex => "$(debian_knowledge.patch_name_regex)";
- package_patch_version_regex => "$(debian_knowledge.patch_version_regex)";
-
- !have_aptitude::
- package_add_command => "$(debian_knowledge.call_apt_get) $(debian_knowledge.dpkg_options) --yes install";
- package_list_update_command => "$(debian_knowledge.call_apt_get) update";
- package_delete_command => "$(debian_knowledge.call_apt_get) $(debian_knowledge.dpkg_options) --yes -q remove";
- package_update_command => "$(debian_knowledge.call_apt_get) $(debian_knowledge.dpkg_options) --yes install";
- package_patch_command => "$(debian_knowledge.call_apt_get) $(debian_knowledge.dpkg_options) --yes install";
- package_verify_command => "$(debian_knowledge.call_dpkg) -s";
- package_noverify_returncode => "1";
-
- package_patch_list_command => "$(debian_knowledge.call_apt_get) --just-print dist-upgrade";
- package_patch_name_regex => "$(debian_knowledge.patch_name_regex)";
- package_patch_version_regex => "$(debian_knowledge.patch_version_regex)";
-
-}
-
-# Ignore aptitude because:
-# 1) aptitude will remove "unneeded" packages unexpectly
-# 2) aptitude return codes are useless
-# 3) aptitude is a high level interface
-# 4) aptitude provides little benefit
-# 5) have_aptitude is a hard class and thus cannot be unset
-body package_method apt_get
-# @depends common_knowledge debian_knowledge
-# @brief APT installation package method
-#
-# This package method interacts with the APT package manager through `apt-get`.
-#
-# **Example:**
-#
-# ```cf3
-# packages:
-# "mypackage" package_method => apt_get, package_policy => "add";
-# ```
-{
- package_changes => "bulk";
- package_list_command => "$(debian_knowledge.call_dpkg) -l";
- package_list_name_regex => "$(debian_knowledge.list_name_regex)";
- package_list_version_regex => "$(debian_knowledge.list_version_regex)";
- package_installed_regex => ".i.*"; # packages that have been uninstalled may be listed
- package_name_convention => "$(name)=$(version)";
-
- # set it to "0" to avoid caching of list during upgrade
- package_list_update_ifelapsed => "$(common_knowledge.list_update_ifelapsed)";
-
- # Target a specific release, such as backports
- package_add_command => "$(debian_knowledge.call_apt_get) $(debian_knowledge.dpkg_options) --yes install";
- package_list_update_command => "$(debian_knowledge.call_apt_get) update";
- package_delete_command => "$(debian_knowledge.call_apt_get) $(debian_knowledge.dpkg_options) --yes -q remove";
- package_update_command => "$(debian_knowledge.call_apt_get) $(debian_knowledge.dpkg_options) --yes install";
- package_patch_command => "$(debian_knowledge.call_apt_get) $(debian_knowledge.dpkg_options) --yes install";
- package_verify_command => "$(debian_knowledge.call_dpkg) -s";
- package_noverify_returncode => "1";
-
- package_patch_list_command => "$(debian_knowledge.call_apt_get) --just-print dist-upgrade";
- package_patch_name_regex => "$(debian_knowledge.patch_name_regex)";
- package_patch_version_regex => "$(debian_knowledge.patch_version_regex)";
-
- # make correct version comparisons
- package_version_less_command => "$(debian_knowledge.dpkg_compare_less)";
- package_version_equal_command => "$(debian_knowledge.dpkg_compare_equal)";
-
-}
-
-# This is a great use case for CFEngine body inheritance.
-
-body package_method apt_get_noupdate
-# @depends debian_knowledge
-# @brief APT installation package method without updates
-#
-# This package method interacts with the APT package manager through
-# `apt-get`. It will never run "apt-get update" but is otherwise
-# exactly like the `apt_get` package method and *may* use the network
-# to install packages, as APT may decide.
-#
-# It doesn't work to use a class.
-#
-# **Example:**
-#
-# ```cf3
-# packages:
-# "mypackage" package_method => apt_get_noupdate, package_policy => "add";
-# ```
-{
- package_changes => "bulk";
- package_list_command => "$(debian_knowledge.call_dpkg) -l";
- package_list_name_regex => "$(debian_knowledge.list_name_regex)";
- package_list_version_regex => "$(debian_knowledge.list_version_regex)";
- package_installed_regex => ".i.*"; # packages that have been uninstalled may be listed
- package_name_convention => "$(name)=$(version)";
-
- # Target a specific release, such as backports
- package_add_command => "$(debian_knowledge.call_apt_get) $(debian_knowledge.dpkg_options) --yes install";
- package_delete_command => "$(debian_knowledge.call_apt_get) $(debian_knowledge.dpkg_options) --yes -q remove";
- package_update_command => "$(debian_knowledge.call_apt_get) $(debian_knowledge.dpkg_options) --yes install";
- package_patch_command => "$(debian_knowledge.call_apt_get) $(debian_knowledge.dpkg_options) --yes install";
- package_verify_command => "$(debian_knowledge.call_dpkg) -s";
- package_noverify_returncode => "1";
-
- package_patch_list_command => "$(debian_knowledge.call_apt_get) --just-print dist-upgrade";
- package_patch_name_regex => "$(debian_knowledge.patch_name_regex)";
- package_patch_version_regex => "$(debian_knowledge.patch_version_regex)";
-
- # make correct version comparisons
- package_version_less_command => "$(debian_knowledge.dpkg_compare_less)";
- package_version_equal_command => "$(debian_knowledge.dpkg_compare_equal)";
-
-}
-
-body package_method apt_get_release(release)
-# @depends common_knowledge debian_knowledge
-# @brief APT installation package method
-# @param release specific release to use
-#
-# This package method interacts with the APT package manager through `apt-get` but sets a specific target release.
-#
-# **Example:**
-#
-# ```cf3
-# packages:
-# "mypackage" package_method => apt_get_release("xyz"), package_policy => "add";
-# ```
-{
- package_changes => "bulk";
- package_list_command => "$(debian_knowledge.call_dpkg) -l";
- package_list_name_regex => "$(debian_knowledge.list_name_regex)";
- package_list_version_regex => "$(debian_knowledge.list_version_regex)";
- package_installed_regex => ".i.*"; # packages that have been uninstalled may be listed
- package_name_convention => "$(name)";
-
- # set it to "0" to avoid caching of list during upgrade
- package_list_update_ifelapsed => "$(common_knowledge.list_update_ifelapsed)";
-
- # Target a specific release, such as backports
- package_add_command => "$(debian_knowledge.call_apt_get) $(debian_knowledge.dpkg_options) --yes --target-release $(release) install";
- package_list_update_command => "$(debian_knowledge.call_apt_get) update";
- package_delete_command => "$(debian_knowledge.call_apt_get) $(debian_knowledge.dpkg_options) --yes -q remove";
- package_update_command => "$(debian_knowledge.call_apt_get) $(debian_knowledge.dpkg_options) --yes --target-release $(release) install";
- package_patch_command => "$(debian_knowledge.call_apt_get) $(debian_knowledge.dpkg_options) --yes --target-release $(release) install";
- package_verify_command => "$(debian_knowledge.call_dpkg) -s";
- package_noverify_returncode => "1";
-
- package_patch_list_command => "$(debian_knowledge.call_apt_get) --just-print dist-upgrade";
- package_patch_name_regex => "$(debian_knowledge.patch_name_regex)";
- package_patch_version_regex => "$(debian_knowledge.patch_version_regex)";
-
- # make correct version comparisons
- package_version_less_command => "$(debian_knowledge.dpkg_compare_less)";
- package_version_equal_command => "$(debian_knowledge.dpkg_compare_equal)";
-
-}
-
-##
-
-body package_method dpkg_version(repo)
-# @depends common_knowledge debian_knowledge
-# @brief dpkg installation package method
-# @param repo specific repo to use
-#
-# This package method interacts with `dpkg`.
-#
-# **Example:**
-#
-# ```cf3
-# packages:
-# "mypackage" package_method => dpkg_version("xyz"), package_policy => "add";
-# ```
-{
- package_changes => "individual";
- package_list_command => "$(debian_knowledge.call_dpkg) -l";
-
- # set it to "0" to avoid caching of list during upgrade
- package_list_update_command => "$(debian_knowledge.call_apt_get) update";
- package_list_update_ifelapsed => "$(common_knowledge.list_update_ifelapsed)";
-
- package_list_name_regex => "$(debian_knowledge.list_name_regex)";
- package_list_version_regex => "$(debian_knowledge.list_version_regex)";
-
- package_installed_regex => ".i.*"; # packages that have been uninstalled may be listed
-
- package_file_repositories => { "$(repo)" };
-
- debian.x86_64::
- package_name_convention => "$(name)_$(version)_amd64.deb";
-
- debian.i686::
- package_name_convention => "$(name)_$(version)_i386.deb";
-
- have_aptitude::
- package_patch_list_command => "$(debian_knowledge.call_aptitude) --assume-yes --simulate --verbose full-upgrade";
- package_patch_name_regex => "$(debian_knowledge.patch_name_regex)";
- package_patch_version_regex => "$(debian_knowledge.patch_version_regex)";
-
- !have_aptitude::
- package_patch_list_command => "$(debian_knowledge.call_apt_get) --just-print dist-upgrade";
- package_patch_name_regex => "$(debian_knowledge.patch_name_regex)";
- package_patch_version_regex => "$(debian_knowledge.patch_version_regex)";
-
- debian::
- package_add_command => "$(debian_knowledge.call_dpkg) --install";
- package_delete_command => "$(debian_knowledge.call_dpkg) --purge";
- package_update_command => "$(debian_knowledge.call_dpkg) --install";
- package_patch_command => "$(debian_knowledge.call_dpkg) --install";
-
- # make correct version comparisons
- package_version_less_command => "$(debian_knowledge.dpkg_compare_less)";
- package_version_equal_command => "$(debian_knowledge.dpkg_compare_equal)";
-}
-
-##
-
-body package_method rpm_version(repo)
-# @depends common_knowledge redhat_knowledge
-# @brief RPM direct installation method
-# @param repo the specific repository for `package_file_repositories`
-#
-# This package method interacts with the RPM package manager for a specific repo.
-#
-# **Example:**
-#
-# ```cf3
-# packages:
-# "mypackage" package_method => rpm_version("myrepo"), package_policy => "add";
-# ```
-{
- package_changes => "individual";
-
- package_list_command => "$(redhat_knowledge.call_rpm) -qa --queryformat \"i | repos | %{name} | %{version}-%{release} | %{arch}\n\"";
-
- # set it to "0" to avoid caching of list during upgrade
- package_list_update_command => "$(redhat_knowledge.call_yum) $(redhat_knowledge.yum_options) check-update";
- package_list_update_ifelapsed => "$(common_knowledge.list_update_ifelapsed)";
-
- package_list_name_regex => "$(redhat_knowledge.rpm_name_regex)";
- package_list_version_regex => "$(redhat_knowledge.rpm_version_regex)";
- package_list_arch_regex => "$(redhat_knowledge.rpm_arch_regex)";
-
- package_installed_regex => "i.*";
-
- package_file_repositories => { "$(repo)" };
-
- package_name_convention => "$(name)-$(version).$(arch).rpm";
-
- package_add_command => "$(redhat_knowledge.call_rpm) -ivh ";
- package_update_command => "$(redhat_knowledge.call_rpm) -Uvh ";
- package_patch_command => "$(redhat_knowledge.call_rpm) -Uvh ";
- package_delete_command => "$(redhat_knowledge.call_rpm) -e --nodeps";
- package_verify_command => "$(redhat_knowledge.call_rpm) -V";
- package_noverify_regex => ".*[^\s].*";
-}
-
-##
-
-body package_method windows_feature
-# @brief Method for managing Windows features
-{
- package_changes => "individual";
-
- package_name_convention => "$(name)";
- package_delete_convention => "$(name)";
-
- package_installed_regex => ".*";
- package_list_name_regex => "(.*)";
- package_list_version_regex => "(.*)"; # FIXME: the listing does not give version, so takes name for version too now
-
- package_add_command => "$(sys.winsysdir)\\WindowsPowerShell\\v1.0\\powershell.exe -Command \"Import-Module ServerManager; Add-WindowsFeature -Name\"";
- package_delete_command => "$(sys.winsysdir)\\WindowsPowerShell\\v1.0\\powershell.exe -Command \"Import-Module ServerManager; Remove-WindowsFeature -confirm:$false -Name\"";
- package_list_command => "$(sys.winsysdir)\\WindowsPowerShell\\v1.0\\powershell.exe -Command \"Import-Module ServerManager; Get-WindowsFeature | where {$_.installed -eq $True} |foreach {$_.Name}\"";
-}
-
-##
-
-body package_method msi_implicit(repo)
-# @brief Windows MSI method
-# @param repo The package file repository
-#
-# Uses the whole file name as promiser, e.g. "7-Zip-4.50-x86_64.msi".
-# The name, version and arch is then deduced from the promiser.
-#
-# **See also:** `msi_explicit()`
-{
- package_changes => "individual";
- package_file_repositories => { "$(repo)" };
-
- package_installed_regex => ".*";
-
- package_name_convention => "$(name)-$(version)-$(arch).msi";
- package_delete_convention => "$(firstrepo)$(name)-$(version)-$(arch).msi";
-
- package_name_regex => "^(\S+)-(\d+\.?)+";
- package_version_regex => "^\S+-((\d+\.?)+)";
- package_arch_regex => "^\S+-[\d\.]+-(.*).msi";
-
- package_add_command => "\"$(sys.winsysdir)\msiexec.exe\" /qn /i";
- package_update_command => "\"$(sys.winsysdir)\msiexec.exe\" /qn /i";
- package_delete_command => "\"$(sys.winsysdir)\msiexec.exe\" /qn /x";
-}
-
-##
-
-body package_method msi_explicit(repo)
-# @brief Windows MSI method
-# @param repo The package file repository
-#
-# Uses software name as promiser, e.g. "7-Zip", and explicitly
-# specify any `package_version` and `package_arch`.
-#
-# **See also:** `msi_implicit()`
-{
- package_changes => "individual";
- package_file_repositories => { "$(repo)" };
-
- package_installed_regex => ".*";
-
- package_name_convention => "$(name)-$(version)-$(arch).msi";
- package_delete_convention => "$(firstrepo)$(name)-$(version)-$(arch).msi";
-
- package_add_command => "\"$(sys.winsysdir)\msiexec.exe\" /qn /i";
- package_update_command => "\"$(sys.winsysdir)\msiexec.exe\" /qn /i";
- package_delete_command => "\"$(sys.winsysdir)\msiexec.exe\" /qn /x";
-}
-
-##
-
-body package_method yum
-# @depends common_knowledge redhat_knowledge
-# @brief Yum+RPM installation method
-#
-# This package method interacts with the Yum and RPM package managers.
-# It is a copy of `yum_rpm()`, which was contributed by Trond Hasle
-# Amundsen. The old `yum` package method has been removed.
-#
-# This is an efficient package method for RPM-based systems - uses `rpm`
-# instead of `yum` to list installed packages.
-#
-# It will use `rpm -e` to remove packages. Please note that if several packages
-# with the same name but varying versions or architectures are installed,
-# `rpm -e` will return an error and not delete any of them.
-#
-# **Example:**
-#
-# ```cf3
-# packages:
-# "mypackage" package_method => yum, package_policy => "add";
-# ```
-{
- package_changes => "bulk";
- package_list_command => "$(redhat_knowledge.call_rpm) -qa --qf '%{name}.%{arch} %{version}-%{release}\n'";
- package_patch_list_command => "$(redhat_knowledge.call_yum) $(redhat_knowledge.yum_options) check-update";
-
- package_list_name_regex => "$(redhat_knowledge.rpm3_name_regex)";
- package_list_version_regex => "$(redhat_knowledge.rpm3_version_regex)";
- package_list_arch_regex => "$(redhat_knowledge.rpm3_arch_regex)";
-
- package_installed_regex => ".*";
- package_name_convention => "$(name)-$(version).$(arch)";
-
- # just give the package name to rpm to delete, otherwise it gets "name.*" (from package_name_convention above)
- package_delete_convention => "$(name)";
-
- # set it to "0" to avoid caching of list during upgrade
- package_list_update_command => "$(redhat_knowledge.call_yum) $(redhat_knowledge.yum_options) check-update";
- package_list_update_ifelapsed => "$(common_knowledge.list_update_ifelapsed)";
-
- package_patch_name_regex => "([^.]+).*";
- package_patch_version_regex => "[^\s]\s+([^\s]+).*";
- package_patch_arch_regex => "[^.]+\.([^\s]+).*";
-
- package_add_command => "$(redhat_knowledge.call_yum) $(redhat_knowledge.yum_options) -y install";
- package_update_command => "$(redhat_knowledge.call_yum) $(redhat_knowledge.yum_options) -y update";
- package_patch_command => "$(redhat_knowledge.call_yum) $(redhat_knowledge.yum_options) -y update";
- package_delete_command => "$(redhat_knowledge.call_rpm) -e --nodeps";
- package_verify_command => "$(redhat_knowledge.call_rpm) -V";
-}
-
-##
-
-body package_method yum_rpm
-# @depends common_knowledge redhat_knowledge
-# @brief Yum+RPM installation method
-#
-# This package method interacts with the Yum and RPM package managers.
-#
-# Contributed by Trond Hasle Amundsen
-#
-# This is an efficient package method for RPM-based systems - uses `rpm`
-# instead of `yum` to list installed packages.
-#
-# It will use `rpm -e` to remove packages. Please note that if several packages
-# with the same name but varying versions or architectures are installed,
-# `rpm -e` will return an error and not delete any of them.
-#
-# **Example:**
-#
-# ```cf3
-# packages:
-# "mypackage" package_method => yum_rpm, package_policy => "add";
-# ```
-{
- package_changes => "bulk";
- package_list_command => "$(redhat_knowledge.call_rpm) -qa --qf '%{name}.%{arch} %{version}-%{release}\n'";
- package_patch_list_command => "$(redhat_knowledge.call_yum) $(redhat_knowledge.yum_options) check-update";
-
- package_list_name_regex => "$(redhat_knowledge.rpm3_name_regex)";
- package_list_version_regex => "$(redhat_knowledge.rpm3_version_regex)";
- package_list_arch_regex => "$(redhat_knowledge.rpm3_arch_regex)";
-
- package_installed_regex => ".*";
- package_name_convention => "$(name)-$(version).$(arch)";
-
- # just give the package name to rpm to delete, otherwise it gets "name.*" (from package_name_convention above)
- package_delete_convention => "$(name)";
-
- # set it to "0" to avoid caching of list during upgrade
- package_list_update_command => "$(redhat_knowledge.call_yum) $(redhat_knowledge.yum_options) check-update";
- package_list_update_ifelapsed => "$(common_knowledge.list_update_ifelapsed)";
-
- package_patch_name_regex => "([^.]+).*";
- package_patch_version_regex => "[^\s]\s+([^\s]+).*";
- package_patch_arch_regex => "[^.]+\.([^\s]+).*";
-
- package_add_command => "$(redhat_knowledge.call_yum) $(redhat_knowledge.yum_options) -y install";
- package_update_command => "$(redhat_knowledge.call_yum) $(redhat_knowledge.yum_options) -y update";
- package_patch_command => "$(redhat_knowledge.call_yum) $(redhat_knowledge.yum_options) -y update";
- package_delete_command => "$(redhat_knowledge.call_rpm) -e --nodeps";
- package_verify_command => "$(redhat_knowledge.call_rpm) -V";
-}
-
-# This is a great use case for CFEngine body inheritance.
-# It doesn't work to use a class.
-
-body package_method yum_rpm_noupdate
-# @depends common_knowledge redhat_knowledge
-# @brief Yum+RPM installation method without updates
-#
-# This package method interacts with the Yum and RPM package managers.
-#
-# Contributed by Trond Hasle Amundsen
-#
-# This is an efficient package method for RPM-based systems - uses `rpm`
-# instead of `yum` to list installed packages.
-#
-# It will never run "yum update" but is otherwise exactly like the
-# `yum_rpm()` package method and *may* use the network to install
-# packages, as Yum may decide.
-#
-# It will use `rpm -e` to remove packages. Please note that if several
-# packages with the same name but varying versions or architectures
-# are installed, `rpm -e` will return an error and not delete any of
-# them.
-#
-# **Example:**
-#
-# ```cf3
-# packages:
-# "mypackage" package_method => yum_rpm, package_policy => "add";
-# ```
-{
- package_changes => "bulk";
- package_list_command => "$(redhat_knowledge.call_rpm) -qa --qf '%{name}.%{arch} %{version}-%{release}\n'";
- package_patch_list_command => "$(redhat_knowledge.call_yum) $(redhat_knowledge.yum_options) check-update";
-
- package_list_name_regex => "$(redhat_knowledge.rpm3_name_regex)";
- package_list_version_regex => "$(redhat_knowledge.rpm3_version_regex)";
- package_list_arch_regex => "$(redhat_knowledge.rpm3_arch_regex)";
-
- package_installed_regex => ".*";
- package_name_convention => "$(name)-$(version).$(arch)";
-
- # just give the package name to rpm to delete, otherwise it gets "name.*" (from package_name_convention above)
- package_delete_convention => "$(name)";
-
- package_patch_name_regex => "([^.]+).*";
- package_patch_version_regex => "[^\s]\s+([^\s]+).*";
- package_patch_arch_regex => "[^.]+\.([^\s]+).*";
-
- package_add_command => "$(redhat_knowledge.call_yum) $(redhat_knowledge.yum_options) -y install";
- package_update_command => "$(redhat_knowledge.call_yum) $(redhat_knowledge.yum_options) -y update";
- package_patch_command => "$(redhat_knowledge.call_yum) $(redhat_knowledge.yum_options) -y update";
- package_delete_command => "$(redhat_knowledge.call_rpm) -e --nodeps";
- package_verify_command => "$(redhat_knowledge.call_rpm) -V";
-}
-
-##
-
-body package_method yum_rpm_enable_repo(repoid)
-# @depends common_knowledge redhat_knowledge
-# @brief Yum+RPM repo-specific installation method
-# @param repoid the repository name as in `yum --enablerepo=???`
-#
-# This package method interacts with the RPM package manager for a specific repo.
-#
-# Based on `yum_rpm()` with addition to enable a repository for the install.
-#
-# Sometimes repositories are configured but disabled by default. For example
-# this pacakge_method could be used when installing a package that exists in
-# the EPEL, which normally you do not want to install packages from.
-#
-# **Example:**
-#
-# ```cf3
-# packages:
-# "mypackage" package_method => yum_rpm_enable_repo("myrepo"), package_policy => "add";
-# ```
-{
- package_changes => "bulk";
- package_list_command => "$(redhat_knowledge.call_rpm) -qa --qf '%{name} %{version}-%{release} %{arch}\n'";
- package_patch_list_command => "$(redhat_knowledge.call_yum) $(redhat_knowledge.yum_options) check-update";
-
- package_list_name_regex => "$(redhat_knowledge.rpm2_name_regex)";
- package_list_version_regex => "$(redhat_knowledge.rpm2_version_regex)";
- package_list_arch_regex => "$(redhat_knowledge.rpm2_arch_regex)";
-
- package_installed_regex => ".*";
- package_name_convention => "$(name)";
-
- # set it to "0" to avoid caching of list during upgrade
- package_list_update_command => "$(redhat_knowledge.call_yum) $(redhat_knowledge.yum_options) check-update";
- package_list_update_ifelapsed => "$(common_knowledge.list_update_ifelapsed)";
-
- package_patch_name_regex => "([^.]+).*";
- package_patch_version_regex => "[^\s]\s+([^\s]+).*";
- package_patch_arch_regex => "[^.]+\.([^\s]+).*";
-
- package_add_command => "$(redhat_knowledge.call_yum) $(redhat_knowledge.yum_options) --enablerepo=$(repoid) -y install";
- package_update_command => "$(redhat_knowledge.call_yum) $(redhat_knowledge.yum_options) --enablerepo=$(repoid) -y update";
- package_patch_command => "$(redhat_knowledge.call_yum) $(redhat_knowledge.yum_options) -y update";
- package_delete_command => "$(redhat_knowledge.call_rpm) -e --nodeps --allmatches";
- package_verify_command => "$(redhat_knowledge.call_rpm) -V";
-}
-
-##
-
-body package_method yum_group
-# @depends common_knowledge redhat_knowledge
-# @brief RPM direct installation method
-#
-# Makes use of the "groups of packages" feature of Yum possible. (`yum
-# groupinstall`, `yum groupremove`)
-#
-# Groups must be specified by their groupids, available through `yum
-# grouplist -v` (between parentheses). For example, below
-# `network-tools` is the groupid.
-#
-# ```console
-# $ yum grouplist -v|grep Networking|head -n 1
-# Networking Tools (network-tools)
-# ```
-#
-# **Example:**
-#
-# ```cf3
-# Policies examples:
-#
-# -Install "web-server" group:
-# ----------------------------
-#
-# packages:
-# "web-server"
-# package_policy => "add",
-# package_method => yum_group;
-#
-# -Remove "debugging" and "php" groups:
-# -------------------------------------
-#
-# vars:
-# "groups" slist => { "debugging", "php" };
-#
-# packages:
-# "$(groups)"
-# package_policy => "delete",
-# package_method => yum_group;
-# ```
-{
- package_add_command => "$(redhat_knowledge.call_yum) $(redhat_knowledge.yum_options) groupinstall -y";
- package_changes => "bulk";
- package_delete_command => "$(redhat_knowledge.call_yum) $(redhat_knowledge.yum_options) groupremove -y";
- package_delete_convention => "$(name)";
- package_installed_regex => "^i.*";
-
- # Generate a dpkg -l like listing, "i" means installed, "a" available, and a dummy version 1
- package_list_command =>
- "$(redhat_knowledge.call_yum) grouplist -v|awk '$0 ~ /^Done$/ {next} {sub(/.*\(/, \"\");sub(/\).*/, \"\")} /Available/ {h=\"a\";next} /Installed/ {h=\"i\";next} h==\"i\" || h==\"a\" {print h\" \"$0\" 1\"}'";
-
- package_list_name_regex => "a|i ([^\s]+) 1";
- package_list_update_command => "$(redhat_knowledge.call_yum) $(redhat_knowledge.yum_options) check-update";
- package_list_update_ifelapsed => "$(common_knowledge.list_update_ifelapsed)";
- package_list_version_regex => "(1)";
- package_name_convention => "$(name)";
- package_name_regex => "(.*)";
- package_noverify_returncode => "0";
- package_update_command => "$(redhat_knowledge.call_yum) $(redhat_knowledge.yum_options) groupupdate";
-
- # grep -x to only get full line matching
- package_verify_command => "$(redhat_knowledge.call_yum) grouplist -v|awk '$0 ~ /^Done$/ {next} {sub(/.*\(/, \"\");sub(/\).*/, \"\")} /Available/ {h=\"a\";next} /Installed/ {h=\"i\";next} h==\"i\"|grep -qx";
-}
-
-##
-
-body package_method rpm_filebased(path)
-# @depends common_knowledge redhat_knowledge
-# @brief install packages from local filesystem-based RPM repository.
-# @param path the path to the local package repository
-#
-# Contributed by Aleksey Tsalolikhin. Written on 29-Feb-2012.
-# Based on `yum_rpm()` body by Trond Hasle Amundsen.
-#
-# **Example:**
-#
-# ```cf3
-# packages:
-# "epel-release"
-# package_policy => "add",
-# package_version => "5-4",
-# package_architectures => { "noarch" },
-# package_method => rpm_filebased("/repo/RPMs");
-# ```
-{
- package_file_repositories => { "$(path)" };
- # the above is an addition to Trond's yum_rpm body
-
- package_add_command => "$(redhat_knowledge.call_rpm) -ihv ";
- # The above is a change from Trond's yum_rpm body, this makes the commands rpm only.
- # The reason I changed the install command from yum to rpm is yum will be default
- # refuse to install the epel-release RPM as it does not have the EPEL GPG key,
- # but rpm goes ahead and installs the epel-release RPM and the EPEL GPG key.
-
- package_name_convention => "$(name)-$(version).$(arch).rpm";
- # The above is a change from Tron's yum_rpm body. When package_file_repositories is in play,
- # package_name_convention has to match the file name, not the package name, per the
- # CFEngine 3 Reference Manual
-
- # set it to "0" to avoid caching of list during upgrade
- package_list_update_command => "$(redhat_knowledge.call_yum) $(redhat_knowledge.yum_options) check-update";
- package_list_update_ifelapsed => "$(common_knowledge.list_update_ifelapsed)";
-
- # The rest is unchanged from Trond's yum_rpm body
- package_changes => "bulk";
- package_list_command => "$(redhat_knowledge.call_rpm) -qa --qf '%{name} %{version}-%{release} %{arch}\n'";
-
- package_list_name_regex => "$(redhat_knowledge.rpm2_name_regex)";
- package_list_version_regex => "$(redhat_knowledge.rpm2_version_regex)";
- package_list_arch_regex => "$(redhat_knowledge.rpm2_arch_regex)";
-
- package_installed_regex => ".*";
-
- package_delete_command => "$(redhat_knowledge.call_rpm) -e --allmatches";
- package_verify_command => "$(redhat_knowledge.call_rpm) -V";
-}
-
-##
-
-body package_method ips
-# @depends paths
-# @depends common_knowledge
-# @brief Image Package System method, used by OpenSolaris based systems (Solaris 11, Illumos, etc)
-#
-# A note about Solaris 11.1 versioning format:
-#
-# ```
-# $ pkg list -v --no-refresh zsh
-# FMRI IFO
-# pkg://solaris/shell/zsh@4.3.17,5.11-0.175.1.0.0.24.0:20120904T174236Z i--
-# name--------- |<----->| |/________________________\|
-# version---------------- |\ /|
-# ```
-#
-# Notice that the publisher and timestamp aren't used. And that the package
-# version then must have the commas replaced by underscores.
-#
-# Thus,
-# 4.3.17,5.11-0.175.1.0.0.24.0
-# Becomes:
-# 4.3.17_5.11-0.175.1.0.0.24.0
-#
-# Therefore, a properly formatted package promise looks like this:
-#
-# ```cf3
-# "shell/zsh"
-# package_policy => "addupdate",
-# package_method => ips,
-# package_select => ">=",
-# package_version => "4.3.17_5.11-0.175.1.0.0.24.0";
-# ```
-{
- package_changes => "bulk";
- package_list_command => "$(paths.path[pkg]) list -v --no-refresh";
- package_list_name_regex => "pkg://.+?(?<=/)([^\s]+)@.*$";
- package_list_version_regex => "[^\s]+@([^\s]+):.*";
- package_installed_regex => ".*(i..)"; # all reported are installed
-
- # set it to "0" to avoid caching of list during upgrade
- package_list_update_command => "$(paths.path[pkg]) refresh --full";
- package_list_update_ifelapsed => "$(common_knowledge.list_update_ifelapsed)";
-
- package_add_command => "$(paths.path[pkg]) install --accept ";
- package_delete_command => "$(paths.path[pkg]) uninstall";
- package_update_command => "$(paths.path[pkg]) install --accept";
- package_patch_command => "$(paths.path[pkg]) install --accept";
- package_verify_command => "$(paths.path[pkg]) list -a -v --no-refresh";
- package_noverify_regex => "(.*---|pkg list: no packages matching .* installed)";
-}
-
-##
-
-body package_method smartos
-# @depends common_knowledge
-# @brief pkgin method for SmartOS (solaris 10 fork by Joyent)
-{
- package_changes => "bulk";
- package_list_command => "/opt/local/bin/pkgin list";
- package_list_name_regex => "(.*)\-[0-9]+.*";
- package_list_version_regex => ".*\-([0-9][^\s]+).*";
-
- package_installed_regex => ".*"; # all reported are installed
-
- package_list_update_command => "/opt/local/bin/pkgin -y update";
- package_list_update_ifelapsed => "$(common_knowledge.list_update_ifelapsed)";
-
- package_add_command => "/opt/local/bin/pkgin -y install";
-
- package_delete_command => "/opt/local/bin/pkgin -y remove";
- package_update_command => "/opt/local/bin/pkgin upgrade";
-}
-
-body package_method opencsw
-# @depends common_knowledge
-# @brief OpenCSW (Solaris software packages) method
-{
- package_changes => "bulk";
- package_list_command => "/opt/csw/bin/pkgutil -c";
- package_list_name_regex => "CSW(.*?)\s.*";
- package_list_version_regex => ".*?\s+(.*),.*";
-
- package_installed_regex => ".*"; # all reported are installed
-
- package_list_update_command => "/opt/csw/bin/pkgutil -U";
- package_list_update_ifelapsed => "$(common_knowledge.list_update_ifelapsed)";
-
- package_add_command => "/opt/csw/bin/pkgutil -yi";
-
- package_delete_command => "/opt/csw/bin/pkgutil -yr";
- package_update_command => "/opt/csw/bin/pkgutil -yu";
-}
-
-body package_method solaris(pkgname, spoolfile, adminfile)
-# @depends paths
-# @brief Package method for old Solaris package system
-#
-# @param pkgname Not used
-# @param spoolfile The spool file, located in `/tmp`
-# @param adminfile The admin file, located in `/tmp`
-#
-# The older solaris package system is poorly designed, with too many different
-# names to track. See the example in tests/units/unit_package_solaris.cf
-# to see how to use this.
-{
- package_changes => "individual";
- package_list_command => "$(paths.path[pkginfo]) -l";
- package_multiline_start => "\s*PKGINST:\s+[^\s]+.*";
- package_list_name_regex => "\s*PKGINST:\s+([^\s]+).*";
- package_list_version_regex => "\s*VERSION:\s+([^\s]+).*";
- package_list_arch_regex => "\s*ARCH:\s+([^\s]+)";
- package_installed_regex => "\s*STATUS:\s*(completely|partially)\s+installed.*";
- package_name_convention => "$(name)";
- package_add_command => "$(paths.path[pkgadd]) -n -a /tmp/$(adminfile) -d /tmp/$(spoolfile)";
- package_delete_command => "$(paths.path[pkgrm]) -n -a /tmp/$(adminfile)";
-}
-
-##
-
-bundle edit_line create_solaris_admin_file
-# @brief The following bundle is part of a package setup for solaris
-#
-# See unit examples.
-{
- insert_lines:
-
- "mail=
-instance=unique
-partial=nocheck
-runlevel=nocheck
-idepend=nocheck
-rdepend=nocheck
-space=nocheck
-setuid=nocheck
-conflict=nocheck
-action=nocheck
-networktimeout=60
-networkretries=3
-authentication=quit
-keystore=/var/sadm/security
-proxy=
-basedir=default"
- comment => "Insert contents of Solaris admin file (automatically install packages)";
-}
-
-##
-
-body package_method freebsd
-# @depends common_knowledge
-# @brief FreeBSD pkg_add installation package method
-#
-# This package method interacts with FreeBSD pkg_add to install from remote
-# repositories.
-#
-# **Example:**
-# NOTE: Do not use this method on pkgng systems! It will appear to operate
-# normally but is highly likely to break your package system.
-#
-# This example installs "perl5" from a non-default repository:
-#
-# ```cf3
-# ----------------------------
-#
-# vars:
-# environment => { "PACKAGESITE=http://repo.example.com/private/8_STABLE/" };
-# packages:
-# "perl5"
-# package_policy => "add",
-# package_method => freebsd;
-#
-# ```
-{
- package_changes => "individual";
-
- # Could use rpm for this
- package_list_command => "/usr/sbin/pkg_info";
-
- # Remember to escape special characters like |
-
- package_list_name_regex => "([^\s]+)-.*";
- package_list_version_regex => "[^\s]+-([^\s]+).*";
-
- package_name_regex => "([^\s]+)-.*";
- package_version_regex => "[^\s]+-([^\s]+).*";
-
- package_installed_regex => ".*";
-
- package_name_convention => "$(name)-$(version)";
-
- package_add_command => "/usr/sbin/pkg_add -r";
- package_delete_command => "/usr/sbin/pkg_delete";
-}
-
-body package_method freebsd_portmaster
-# @depends common_knowledge
-# @brief FreeBSD portmaster package installation method
-#
-# This package method interacts with portmaster to build and install packages.
-#
-# Note that you must use the complete package name as it appears in
-# /usr/ports/*/name, such as 'perl5.14' rather than 'perl5'.
-# Repositories are hard-coded to /usr/ports; alternate locations are
-# unsupported at this time.
-# This method supports both pkg_* and pkgng systems.
-#
-# **Example:**
-#
-# ```cf3
-#
-# packages:
-# "perl5.14"
-# package_policy => "add",
-# package_method => freebsd_portmaster;
-#
-# ```
-{
- package_changes => "individual";
-
- package_list_command => "/usr/sbin/pkg_info";
-
- package_list_name_regex => "([^\s]+)-.*";
- package_list_version_regex => "[^\s]+-([^\s]+).*";
-
- package_installed_regex => ".*";
-
- package_name_convention => "$(name)";
- package_delete_convention => "$(name)-$(version)";
-
- package_file_repositories => {
- "/usr/ports/accessibility/",
- "/usr/port/arabic/",
- "/usr/ports/archivers/",
- "/usr/ports/astro/",
- "/usr/ports/audio/",
- "/usr/ports/benchmarks/",
- "/usr/ports/biology/",
- "/usr/ports/cad/",
- "/usr/ports/chinese/",
- "/usr/ports/comms/",
- "/usr/ports/converters/",
- "/usr/ports/databases/",
- "/usr/ports/deskutils/",
- "/usr/ports/devel/",
- "/usr/ports/dns/",
- "/usr/ports/editors/",
- "/usr/ports/emulators/",
- "/usr/ports/finance/",
- "/usr/ports/french/",
- "/usr/ports/ftp/",
- "/usr/ports/games/",
- "/usr/ports/german/",
- "/usr/ports/graphics/",
- "/usr/ports/hebrew/",
- "/usr/ports/hungarian/",
- "/usr/ports/irc/",
- "/usr/ports/japanese/",
- "/usr/ports/java/",
- "/usr/ports/korean/",
- "/usr/ports/lang/",
- "/usr/ports/mail/",
- "/usr/ports/math/",
- "/usr/ports/mbone/",
- "/usr/ports/misc/",
- "/usr/ports/multimedia/",
- "/usr/ports/net/",
- "/usr/ports/net-im/",
- "/usr/ports/net-mgmt/",
- "/usr/ports/net-p2p/",
- "/usr/ports/news/",
- "/usr/ports/packages/",
- "/usr/ports/palm/",
- "/usr/ports/polish/",
- "/usr/ports/ports-mgmt/",
- "/usr/ports/portuguese/",
- "/usr/ports/print/",
- "/usr/ports/russian/",
- "/usr/ports/science/",
- "/usr/ports/security/",
- "/usr/ports/shells/",
- "/usr/ports/sysutils/",
- "/usr/ports/textproc/",
- "/usr/ports/ukrainian/",
- "/usr/ports/vietnamese/",
- "/usr/ports/www/",
- "/usr/ports/x11/",
- "/usr/ports/x11-clocks/",
- "/usr/ports/x11-drivers/",
- "/usr/ports/x11-fm/",
- "/usr/ports/x11-fonts/",
- "/usr/ports/x11-servers/",
- "/usr/ports/x11-themes/",
- "/usr/ports/x11-toolkits/",
- "/usr/ports/x11-wm/",
- };
-
- package_add_command => "/usr/local/sbin/portmaster -D -G --no-confirm";
- package_update_command => "/usr/local/sbin/portmaster -D -G --no-confirm";
- package_delete_command => "/usr/local/sbin/portmaster --no-confirm -e";
-}
-
-##
-
-body package_method alpinelinux
-# @brief Alpine Linux apk package installation method
-#
-# This package method interacts with apk to manage packages.
-#
-# **Example:**
-#
-# ```cf3
-#
-# packages:
-# "vim"
-# package_policy => "add",
-# package_method => alpinelinux;
-#
-# ```
-{
- package_changes => "bulk";
- package_list_command => "/sbin/apk info -v";
- package_list_name_regex => "([^\s]+)-.*";
- package_list_version_regex => "[^\s]+-([^\s]+).*";
- package_name_regex => ".*";
- package_installed_regex => ".*";
- package_name_convention => "$(name)";
- package_add_command => "/sbin/apk add";
- package_delete_command => "/sbin/apk del";
-}
-
-##
-
-body package_method emerge
-# @depends common_knowledge
-# @brief Gentoo emerge package installation method
-#
-# This package method interacts with emerge to build and install packages.
-#
-# **Example:**
-#
-# ```cf3
-#
-# packages:
-# "zsh"
-# package_policy => "add",
-# package_method => emerge;
-#
-# ```
-{
- package_changes => "individual";
- package_list_command => "/bin/sh -c '/bin/ls -d /var/db/pkg/*/* | cut -c 13-'";
- package_list_name_regex => ".*/([^\s]+)-\d.*";
- package_list_version_regex => ".*/[^\s]+-(\d.*)";
- package_installed_regex => ".*"; # all reported are installed
- package_name_convention => "$(name)";
- package_list_update_command => "/bin/true"; # I prefer manual syncing
- #package_list_update_command => "/usr/bin/emerge --sync"; # if you like automatic
- package_list_update_ifelapsed => "$(common_knowledge.list_update_ifelapsed)";
-
- package_add_command => "/usr/bin/emerge -q --quiet-build";
- package_delete_command => "/usr/bin/emerge --depclean";
- package_update_command => "/usr/bin/emerge --update";
- package_patch_command => "/usr/bin/emerge --update";
- package_verify_command => "/usr/bin/emerge -s";
- package_noverify_regex => ".*(Not Installed|Applications found : 0).*";
-}
-
-##
-
-body package_method pacman
-# @depends common_knowledge
-# @brief Arch Linux pacman package management method
-{
- package_changes => "bulk";
-
- package_list_command => "/usr/bin/pacman -Q";
- package_verify_command => "/usr/bin/pacman -Q";
- package_noverify_regex => "error:\b.*\bwas not found";
-
- # set it to "0" to avoid caching of list during upgrade
- package_list_update_ifelapsed => "$(common_knowledge.list_update_ifelapsed)";
-
- package_list_name_regex => "(.*)\s+.*";
- package_list_version_regex => ".*\s+(.*)";
- package_installed_regex => ".*";
-
- package_name_convention => "$(name)";
- package_add_command => "/usr/bin/pacman -S --noconfirm --noprogressbar --needed";
- package_delete_command => "/usr/bin/pacman -Rs --noconfirm";
- package_update_command => "/usr/bin/pacman -S --noconfirm --noprogressbar --needed";
-}
-
-body package_method zypper
-# @depends paths
-# @depends common_knowledge redhat_knowledge
-# @brief SuSE installation method
-#
-# This package method interacts with the SuSE Zypper package manager
-#
-# **Example:**
-#
-# ```cf3
-# packages:
-# "mypackage" package_method => zypper, package_policy => "add";
-# ```
-{
- package_changes => "bulk";
-
- package_list_command => "$(paths.path[rpm]) -qa --queryformat \"i | repos | %{name} | %{version}-%{release} | %{arch}\n\"";
-
- # set it to "0" to avoid caching of list during upgrade
- package_list_update_command => "$(paths.path[zypper]) list-updates";
- package_list_update_ifelapsed => "$(common_knowledge.list_update_ifelapsed)";
-
- package_patch_list_command => "$(paths.path[zypper]) patches";
- package_installed_regex => "i.*";
- package_list_name_regex => "$(redhat_knowledge.rpm_name_regex)";
- package_list_version_regex => "$(redhat_knowledge.rpm_version_regex)";
- package_list_arch_regex => "$(redhat_knowledge.rpm_arch_regex)";
-
- package_patch_installed_regex => ".*Installed.*|.*Not Applicable.*";
- package_patch_name_regex => "[^|]+\|\s+([^\s]+).*";
- package_patch_version_regex => "[^|]+\|[^|]+\|\s+([^\s]+).*";
-
- package_name_convention => "$(name)";
- package_add_command => "$(paths.path[zypper]) --non-interactive install";
- package_delete_command => "$(paths.path[zypper]) --non-interactive remove --force-resolution";
- package_update_command => "$(paths.path[zypper]) --non-interactive update";
- package_patch_command => "$(paths.path[zypper]) --non-interactive patch$"; # $ means no args
- package_verify_command => "$(paths.path[zypper]) --non-interactive verify$";
-}
-
-body package_method generic
-# @depends paths
-# @depends common_knowledge debian_knowledge redhat_knowledge
-# @brief Generic installation package method
-#
-# This package method attempts to handle all platforms.
-#
-# The Redhat section is a verbatim insertion of `yum_rpm()`, which was
-# contributed by Trond Hasle Amundsen.
-#
-# **Example:**
-#
-# ```cf3
-# packages:
-# "mypackage" package_method => generic, package_policy => "add";
-# ```
-{
- SuSE::
- package_changes => "bulk";
- package_list_command => "$(redhat_knowledge.call_rpm) -qa --queryformat \"i | repos | %{name} | %{version}-%{release} | %{arch}\n\"";
- # set it to "0" to avoid caching of list during upgrade
- package_list_update_command => "$(paths.path[zypper]) list-updates";
- package_list_update_ifelapsed => "0";
- package_patch_list_command => "$(paths.path[zypper]) patches";
- package_installed_regex => "i.*";
- package_list_name_regex => "$(redhat_knowledge.rpm_name_regex)";
- package_list_version_regex => "$(redhat_knowledge.rpm_version_regex)";
- package_list_arch_regex => "$(redhat_knowledge.rpm_arch_regex)";
- package_patch_installed_regex => ".*Installed.*|.*Not Applicable.*";
- package_patch_name_regex => "[^|]+\|\s+([^\s]+).*";
- package_patch_version_regex => "[^|]+\|[^|]+\|\s+([^\s]+).*";
- package_name_convention => "$(name)";
- package_add_command => "$(paths.path[zypper]) --non-interactive install";
- package_delete_command => "$(paths.path[zypper]) --non-interactive remove --force-resolution";
- package_update_command => "$(paths.path[zypper]) --non-interactive update";
- package_patch_command => "$(paths.path[zypper]) --non-interactive patch$"; # $ means no args
- package_verify_command => "$(paths.path[zypper]) --non-interactive verify$";
-
- redhat::
- package_changes => "bulk";
- package_list_command => "$(redhat_knowledge.call_rpm) -qa --qf '%{name}.%{arch} %{version}-%{release}\n'";
- package_patch_list_command => "$(redhat_knowledge.call_yum) $(redhat_knowledge.yum_options) check-update";
-
- package_list_name_regex => "$(redhat_knowledge.rpm3_name_regex)";
- package_list_version_regex => "$(redhat_knowledge.rpm3_version_regex)";
- package_list_arch_regex => "$(redhat_knowledge.rpm3_arch_regex)";
-
- package_installed_regex => ".*";
- package_name_convention => "$(name)-$(version).$(arch)";
-
- # just give the package name to rpm to delete, otherwise it gets "name.*" (from package_name_convention above)
- package_delete_convention => "$(name)";
-
- # set it to "0" to avoid caching of list during upgrade
- package_list_update_command => "$(redhat_knowledge.call_yum) $(redhat_knowledge.yum_options) check-update";
- package_list_update_ifelapsed => "$(common_knowledge.list_update_ifelapsed)";
-
- package_patch_name_regex => "([^.]+).*";
- package_patch_version_regex => "[^\s]\s+([^\s]+).*";
- package_patch_arch_regex => "[^.]+\.([^\s]+).*";
-
- package_add_command => "$(redhat_knowledge.call_yum) $(redhat_knowledge.yum_options) -y install";
- package_update_command => "$(redhat_knowledge.call_yum) $(redhat_knowledge.yum_options) -y update";
- package_patch_command => "$(redhat_knowledge.call_yum) $(redhat_knowledge.yum_options) -y update";
- package_delete_command => "$(redhat_knowledge.call_rpm) -e --nodeps";
- package_verify_command => "$(redhat_knowledge.call_rpm) -V";
-
- debian::
- package_changes => "bulk";
- package_list_command => "$(debian_knowledge.call_dpkg) -l";
- package_list_name_regex => "$(debian_knowledge.list_name_regex)";
- package_list_version_regex => "$(debian_knowledge.list_version_regex)";
- package_installed_regex => ".i.*"; # packages that have been uninstalled may be listed
- package_name_convention => "$(name)";
- package_list_update_ifelapsed => "$(common_knowledge.list_update_ifelapsed)";
-
- # make correct version comparisons
- package_version_less_command => "$(debian_knowledge.dpkg_compare_less)";
- package_version_equal_command => "$(debian_knowledge.dpkg_compare_equal)";
-
- debian.have_aptitude::
- package_add_command => "$(debian_knowledge.call_aptitude) $(debian_knowledge.dpkg_options) --assume-yes install";
- package_list_update_command => "$(debian_knowledge.call_aptitude) update";
- package_delete_command => "$(debian_knowledge.call_aptitude) $(debian_knowledge.dpkg_options) --assume-yes remove";
- package_update_command => "$(debian_knowledge.call_aptitude) $(debian_knowledge.dpkg_options) --assume-yes install";
- package_patch_command => "$(debian_knowledge.call_aptitude) $(debian_knowledge.dpkg_options) --assume-yes install";
- package_verify_command => "$(debian_knowledge.call_aptitude) show";
- package_noverify_regex => "(State: not installed|E: Unable to locate package .*)";
-
- package_patch_list_command => "$(debian_knowledge.call_aptitude) --assume-yes --simulate --verbose full-upgrade";
- package_patch_name_regex => "$(debian_knowledge.patch_name_regex)";
- package_patch_version_regex => "$(debian_knowledge.patch_version_regex)";
-
- debian.!have_aptitude::
- package_add_command => "$(debian_knowledge.call_apt_get) $(debian_knowledge.dpkg_options) --yes install";
- package_list_update_command => "$(debian_knowledge.call_apt_get) update";
- package_delete_command => "$(debian_knowledge.call_apt_get) $(debian_knowledge.dpkg_options) --yes remove";
- package_update_command => "$(debian_knowledge.call_apt_get) $(debian_knowledge.dpkg_options) --yes install";
- package_patch_command => "$(debian_knowledge.call_apt_get) $(debian_knowledge.dpkg_options) --yes install";
- package_verify_command => "$(debian_knowledge.call_dpkg) -s";
- package_noverify_returncode => "1";
-
- package_patch_list_command => "$(debian_knowledge.call_apt_get) --just-print dist-upgrade";
- package_patch_name_regex => "$(debian_knowledge.patch_name_regex)";
- package_patch_version_regex => "$(debian_knowledge.patch_version_regex)";
-
- freebsd::
- package_changes => "individual";
- package_list_command => "/usr/sbin/pkg_info";
- package_list_name_regex => "([^\s]+)-.*";
- package_list_version_regex => "[^\s]+-([^\s]+).*";
- package_name_regex => "([^\s]+)-.*";
- package_version_regex => "[^\s]+-([^\s]+).*";
- package_installed_regex => ".*";
- package_name_convention => "$(name)-$(version)";
- package_add_command => "/usr/sbin/pkg_add -r";
- package_delete_command => "/usr/sbin/pkg_delete";
-
- alpinelinux::
- package_changes => "bulk";
- package_list_command => "/sbin/apk info -v";
- package_list_name_regex => "([^\s]+)-.*";
- package_list_version_regex => "[^\s]+-([^\s]+).*";
- package_name_regex => ".*";
- package_installed_regex => ".*";
- package_name_convention => "$(name)";
- package_add_command => "/sbin/apk add";
- package_delete_command => "/sbin/apk del";
-
- gentoo::
- package_changes => "individual";
- package_list_command => "/bin/sh -c '/bin/ls -d /var/db/pkg/*/* | cut -c 13-'";
- package_list_name_regex => ".*/([^\s]+)-\d.*";
- package_list_version_regex => ".*/[^\s]+-(\d.*)";
- package_installed_regex => ".*"; # all reported are installed
- package_name_convention => "$(name)";
- package_list_update_command => "/bin/true"; # I prefer manual syncing
- #package_list_update_command => "/usr/bin/emerge --sync"; # if you like automatic
- package_list_update_ifelapsed => "$(common_knowledge.list_update_ifelapsed)";
-
- package_add_command => "/usr/bin/emerge -q --quiet-build";
- package_delete_command => "/usr/bin/emerge --depclean";
- package_update_command => "/usr/bin/emerge --update";
- package_patch_command => "/usr/bin/emerge --update";
- package_verify_command => "/usr/bin/emerge -s";
- package_noverify_regex => ".*(Not Installed|Applications found : 0).*";
-
- archlinux::
- package_changes => "bulk";
- package_list_command => "/usr/bin/pacman -Q";
- package_verify_command => "/usr/bin/pacman -Q";
- package_noverify_regex => "error:\b.*\bwas not found";
- package_list_name_regex => "(.*)\s+.*";
- package_list_version_regex => ".*\s+(.*)";
- package_installed_regex => ".*";
- package_name_convention => "$(name)";
- package_list_update_ifelapsed => "$(common_knowledge.list_update_ifelapsed)";
- package_add_command => "/usr/bin/pacman -S --noconfirm --noprogressbar --needed";
- package_delete_command => "/usr/bin/pacman -Rs --noconfirm";
- package_update_command => "/usr/bin/pacman -S --noconfirm --noprogressbar --needed";
-}
-
-## Useful bundles ##
-
-bundle agent cfe_package_ensure_absent(package)
-# @depends cfe_package_ensure
-# @brief Ensure package is absent
-# @param package the packages to remove
-#
-# This package method will remove `package`, using
-# `cfe_package_ensure`.
-#
-# **Example:**
-#
-# ```cf3
-# methods:
-# "nozip" usebundle => cfe_package_ensure_absent("zip");
-# ```
-{
- methods:
- "ensure" usebundle => cfe_package_ensure($(package), "delete");
-}
-
-bundle agent cfe_package_ensure_present(package)
-# @depends cfe_package_ensure
-# @brief Ensure package is present
-# @param package the packages to install
-#
-# This package method will install `package`, using
-# `cfe_package_ensure`.
-#
-# **Example:**
-#
-# ```cf3
-# methods:
-# "pleasezip" usebundle => cfe_package_ensure_present("zip");
-# ```
-{
- methods:
- "ensure" usebundle => cfe_package_ensure($(package), "add");
-}
-
-bundle agent cfe_package_ensure_upgrade(package)
-# @depends cfe_package_ensure
-# @brief Ensure package is present and updated
-# @param package the package to add/update
-#
-# This package method will add or update `package`, using
-# `cfe_package_ensure`.
-#
-# **Example:**
-#
-# ```cf3
-# methods:
-# "upgradezip" usebundle => cfe_package_ensure_upgrade("zip");
-# ```
-{
- methods:
- "ensure" usebundle => cfe_package_ensure($(package), "addupdate");
-}
-
-bundle agent cfe_package_ensure(package_name, desired)
-# @depends apt_get yum_rpm generic
-# @brief Ensure `package_name` has the `desired` state
-# @param package_name the packages to ensure
-# @param desired the desired `package_policy`, add or delete or ...
-#
-# This package method will add or delete `packages` with
-# `package_policy` set to `desired`.
-#
-# On Debian, it will use `apt_get`. On Red Hat, `yum_rpm`.
-# Otherwise, `generic`.
-#
-# **Example:**
-#
-# ```cf3
-# methods:
-# "nozip" usebundle => cfe_package_ensure("zip", "delete");
-# "pleasezip" usebundle => cfe_package_ensure("zip", "add");
-# ```
-{
-
- packages:
-
- debian::
-
- "$(package_name)"
- package_policy => $(desired),
- package_method => apt_get;
-
-
- redhat::
-
- "$(package_name)"
- package_policy => $(desired),
- package_method => yum_rpm;
-
- !debian.!redhat::
-
- "$(package_name)"
- package_policy => $(desired),
- package_method => generic;
-}
-
-bundle agent cfe_package_named_ensure_present(packageorfile, select, package_version, package_arch)
-# @depends cfe_package_ensure_named
-# @brief Ensure package is present
-# @param packageorfile the package or full filename to add
-# @param select the `package_select` method
-# @param package_version the `package_version` desired
-# @param package_arch a string determining the `package_architectures` desired
-#
-# This package method will add `packageorfile` as a package or file,
-# using `cfe_package_ensure_full`.
-#
-# **Example:**
-#
-# ```cf3
-# methods:
-# "addfilezip"
-# usebundle => cfe_package_named_file_ensure_present("/mydir/zip",
-# "==",
-# "3.0-7",
-# ifelse("debian", "amd64",
-# "x86_64"));
-# ```
-{
- methods:
- "ensure" usebundle => cfe_package_ensure_named($(package), "add", $(select), $(package_version), $(package_arch));
-}
-
-bundle agent cfe_package_named_ensure_upgrade(packageorfile, select, package_version, package_arch)
-# @depends cfe_package_ensure_named
-# @brief Ensure package is added or updated
-# @param packageorfile the package or full filename to add or update
-# @param select the `package_select` method
-# @param package_version the `package_version` desired
-# @param package_arch a string determining the `package_architectures` desired
-#
-# This package method will add or update `packageorfile` as a package
-# or file, using `cfe_package_ensure_full`.
-#
-# **Example:**
-#
-# ```cf3
-# methods:
-# "upgradefilezip"
-# usebundle => cfe_package_named_file_ensure_upgrade("/mydir/zip",
-# "==",
-# "3.0-7",
-# ifelse("debian", "amd64",
-# "x86_64"));
-# "upgradezip"
-# usebundle => cfe_package_named_file_ensure_upgrade("/mydir/zip",
-# "==",
-# "3.0-7",
-# ifelse("debian", "amd64",
-# "x86_64"));
-# ```
-{
- methods:
- "ensure" usebundle => cfe_package_ensure_named($(packageorfile), "addupdate", $(select), $(package_version), $(package_arch));
-}
-
-bundle agent cfe_package_ensure_named(package_name, desired, select, package_version, package_arch)
-# @depends apt_get yum_rpm generic dpkg_version rpm_version
-# @brief Ensure `package_name` has the `desired` state
-# @param package_name the packages to ensure (can be files)
-# @param desired the desired `package_policy`, add or delete or addupdate
-# @param select the `package_select` method
-# @param package_version the desired `package_version`
-# @param package_arch the desired package architecture
-#
-# This package method will manage `packages` with `package_policy` set
-# to `desired`, using `select`, `package_version`, and `package_arch`.
-#
-# If `package_name` is **not** a file name: on Debian, it will use
-# `apt_get`. On Red Hat, `yum_rpm`. Otherwise, `generic`.
-#
-# If `package_name` **is** a file name, it will use `dpkg_version` or
-# `rpm_version` from the file's directory.
-#
-# **Example:**
-#
-# ```cf3
-# methods:
-# "ensure" usebundle => cfe_package_ensure_named("zsh", "add", "==", "1.2.3", "amd64");
-# "ensure" usebundle => cfe_package_ensure_named("/mydir/package.deb", "add", "==", "9.8.7", "amd64");
-# "ensure" usebundle => cfe_package_ensure_named("tcsh", "delete", ">=", "2.3.4", "x86_64");
-# ```
-{
- classes:
- "filebased" expression => fileexists($(package_name));
-
- vars:
- filebased::
- "package_basename" string => lastnode($(package_name), "/");
- "dir" string => dirname($(package_name));
-
- packages:
-
- debian.!filebased::
-
- "$(package_name)"
- package_policy => $(desired),
- package_select => $(select),
- package_version => $(package_version),
- package_architectures => { $(package_arch) },
- package_method => apt_get;
-
-
- debian.filebased::
-
- "$(package_basename)"
- package_policy => $(desired),
- package_select => $(select),
- package_version => $(package_version),
- package_architectures => { $(package_arch) },
- package_method => dpkg_version($(dir));
-
- redhat.!filebased::
-
- "$(package_name)"
- package_policy => $(desired),
- package_select => $(select),
- package_version => $(package_version),
- package_architectures => { $(package_arch) },
- package_method => yum_rpm;
-
- redhat.filebased::
-
- "$(package_basename)"
- package_policy => $(desired),
- package_select => $(select),
- package_version => $(package_version),
- package_architectures => { $(package_arch) },
- package_method => rpm_version($(dir));
-
- !filebased.!debian.!redhat::
-
- "$(package_name)"
- package_policy => $(desired),
- package_method => generic;
-
- reports:
- (inform_mode||verbose_mode).filebased.!debian.!redhat::
- "$(this.bundle): sorry, can't do file-based installs on $(sys.os)";
-}
+++ /dev/null
-############################################################################
-# Copyright (C) CFEngine AS
-#
-# This program is free software; you can redistribute it and/or modify it
-# under the terms of the GNU Lesser General Public License LGPL as published by the
-# Free Software Foundation; version 3.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU General Public License for more details.
-#
-# To the extent this program is licensed as part of the Enterprise
-# versions of CFEngine, the applicable Commercial Open Source License
-# (COSL) may apply to this file if you as a licensee so wish it. See
-# included file COSL.txt.
-###########################################################################
-#
-# CFEngine Community Open Promise-Body Library
-#
-# This initiative started by CFEngine promotes a
-# standardized set of names and promise specifications
-# for template functionality within CFEngine 3.
-#
-# The aim is to promote an industry standard for
-# naming of configuration patterns, leading to a
-# de facto middleware of standardized syntax.
-#
-# Names should be intuitive and parameters should be
-# minimal to assist readability and comprehensibility.
-
-# Contributions to this file are voluntarily given to
-# the cfengine community, and are moderated by CFEngine.
-# No liability or warranty for misuse is implied.
-#
-# If you add to this file, please try to make the
-# contributions "self-documenting". Comments made
-# after the bundle/body statement are retained in
-# the online docs
-#
-
-# For CFEngine Core: 3.6.0 to 3.6.x
-# Paths bundle (used by other bodies)
-
-###################################################
-# If you find CFEngine useful, please consider #
-# purchasing a commercial version of the software.#
-###################################################
-
-bundle common paths
-# @brief Defines an array `path` with common paths to standard binaries,
-# and classes for defined and existing paths.
-#
-# If the current platform knows that binary XYZ should be present,
-# `_stdlib_has_path_XYZ` is defined. Furthermore, if XYZ is actually present
-# (i.e. the binary exists) in the expected location, `_stdlib_path_exists_XYZ` is
-# defined.
-#
-# **Example:**
-#
-# ```cf3
-# bundle agent repair_newlines(filename)
-# {
-# commands:
-# _stdlib_path_exists_sed::
-# “$(path[sed])”
-# args => “-i 's/^M//' $(filename)”
-# }
-# ```
-{
- vars:
-
- #
- # Common full pathname of commands for OS
- #
-
- any::
- "path[getfacl]" string => "/usr/bin/getfacl";
- "path[git]" string => "/usr/bin/git";
- "path[npm]" string => "/usr/bin/npm";
- "path[pip]" string => "/usr/bin/pip";
-
- linux::
- "path[lsattr]" string => "/usr/bin/lsattr";
-
- aix::
-
- "path[awk]" string => "/usr/bin/awk";
- "path[bc]" string => "/usr/bin/bc";
- "path[cat]" string => "/bin/cat";
- "path[cksum]" string => "/usr/bin/cksum";
- "path[crontabs]" string => "/var/spool/cron/crontabs";
- "path[cut]" string => "/usr/bin/cut";
- "path[dc]" string => "/usr/bin/dc";
- "path[df]" string => "/usr/bin/df";
- "path[diff]" string => "/usr/bin/diff";
- "path[dig]" string => "/usr/bin/dig";
- "path[echo]" string => "/usr/bin/echo";
- "path[egrep]" string => "/usr/bin/egrep";
- "path[find]" string => "/usr/bin/find";
- "path[grep]" string => "/usr/bin/grep";
- "path[ls]" string => "/usr/bin/ls";
- "path[netstat]" string => "/usr/bin/netstat";
- "path[ping]" string => "/usr/bin/ping";
- "path[perl]" string => "/usr/bin/perl";
- "path[printf]" string => "/usr/bin/printf";
- "path[sed]" string => "/usr/bin/sed";
- "path[sort]" string => "/usr/bin/sort";
- "path[tr]" string => "/usr/bin/tr";
-
- archlinux::
-
- "path[awk]" string => "/usr/bin/awk";
- "path[bc]" string => "/usr/bin/bc";
- "path[cat]" string => "/usr/bin/cat";
- "path[cksum]" string => "/usr/bin/cksum";
- "path[crontab]" string => "/usr/bin/crontab";
- "path[cut]" string => "/usr/bin/cut";
- "path[dc]" string => "/usr/bin/dc";
- "path[df]" string => "/usr/bin/df";
- "path[diff]" string => "/usr/bin/diff";
- "path[dig]" string => "/usr/bin/dig";
- "path[dmidecode]" string => "/usr/bin/dmidecode";
- "path[echo]" string => "/usr/bin/echo";
- "path[egrep]" string => "/usr/bin/egrep";
- "path[find]" string => "/usr/bin/find";
- "path[free]" string => "/usr/bin/free";
- "path[grep]" string => "/usr/bin/grep";
- "path[hostname]" string => "/usr/bin/hostname";
- "path[init]" string => "/usr/bin/init";
- "path[iptables]" string => "/usr/bin/iptables";
- "path[iptables_save]" string => "/usr/bin/iptables-save";
- "path[iptables_restore]" string => "/usr/bin/iptables-restore";
- "path[ls]" string => "/usr/bin/ls";
- "path[lsof]" string => "/usr/bin/lsof";
- "path[netstat]" string => "/usr/bin/netstat";
- "path[ping]" string => "/usr/bin/ping";
- "path[perl]" string => "/usr/bin/perl";
- "path[printf]" string => "/usr/bin/printf";
- "path[sed]" string => "/usr/bin/sed";
- "path[sort]" string => "/usr/bin/sort";
- "path[test]" string => "/usr/bin/test";
- "path[top]" string => "/usr/bin/top";
- "path[tr]" string => "/usr/bin/tr";
- #
- "path[pacman]" string => "/usr/bin/pacman";
- "path[yaourt]" string => "/usr/bin/yaourt";
- "path[useradd]" string => "/usr/bin/useradd";
- "path[groupadd]" string => "/usr/bin/groupadd";
- "path[ip]" string => "/usr/bin/ip";
- "path[ifconfig]" string => "/usr/bin/ifconfig";
- "path[journalctl]" string => "/usr/bin/journalctl";
- "path[systemctl]" string => "/usr/bin/systemctl";
- "path[netctl]" string => "/usr/bin/netctl";
-
- freebsd|netbsd::
-
- "path[awk]" string => "/usr/bin/awk";
- "path[bc]" string => "/usr/bin/bc";
- "path[cat]" string => "/bin/cat";
- "path[cksum]" string => "/usr/bin/cksum";
- "path[crontabs]" string => "/var/cron/tabs";
- "path[cut]" string => "/usr/bin/cut";
- "path[dc]" string => "/usr/bin/dc";
- "path[df]" string => "/bin/df";
- "path[diff]" string => "/usr/bin/diff";
- "path[dig]" string => "/usr/bin/dig";
- "path[echo]" string => "/bin/echo";
- "path[egrep]" string => "/usr/bin/egrep";
- "path[find]" string => "/usr/bin/find";
- "path[grep]" string => "/usr/bin/grep";
- "path[ls]" string => "/bin/ls";
- "path[netstat]" string => "/usr/bin/netstat";
- "path[ping]" string => "/usr/bin/ping";
- "path[perl]" string => "/usr/bin/perl";
- "path[printf]" string => "/usr/bin/printf";
- "path[sed]" string => "/usr/bin/sed";
- "path[sort]" string => "/usr/bin/sort";
- "path[tr]" string => "/usr/bin/tr";
- "path[realpath]" string => "/bin/realpath";
-
- openbsd::
-
- "path[awk]" string => "/usr/bin/awk";
- "path[bc]" string => "/usr/bin/bc";
- "path[cat]" string => "/bin/cat";
- "path[cksum]" string => "/bin/cksum";
- "path[crontabs]" string => "/var/cron/tabs";
- "path[cut]" string => "/usr/bin/cut";
- "path[dc]" string => "/usr/bin/dc";
- "path[df]" string => "/bin/df";
- "path[diff]" string => "/usr/bin/diff";
- "path[dig]" string => "/usr/sbin/dig";
- "path[echo]" string => "/bin/echo";
- "path[egrep]" string => "/usr/bin/egrep";
- "path[find]" string => "/usr/bin/find";
- "path[grep]" string => "/usr/bin/grep";
- "path[ls]" string => "/bin/ls";
- "path[netstat]" string => "/usr/bin/netstat";
- "path[ping]" string => "/usr/bin/ping";
- "path[perl]" string => "/usr/bin/perl";
- "path[printf]" string => "/usr/bin/printf";
- "path[sed]" string => "/usr/bin/sed";
- "path[sort]" string => "/usr/bin/sort";
- "path[tr]" string => "/usr/bin/tr";
-
- solaris::
-
- "path[awk]" string => "/usr/bin/awk";
- "path[bc]" string => "/usr/bin/bc";
- "path[cat]" string => "/usr/bin/cat";
- "path[cksum]" string => "/usr/bin/cksum";
- "path[crontab]" string => "/usr/bin/crontab";
- "path[crontabs]" string => "/var/spool/cron/crontabs";
- "path[curl]" string => "/usr/bin/curl";
- "path[cut]" string => "/usr/bin/cut";
- "path[dc]" string => "/usr/bin/dc";
- "path[df]" string => "/usr/bin/df";
- "path[diff]" string => "/usr/bin/diff";
- "path[dig]" string => "/usr/sbin/dig";
- "path[echo]" string => "/usr/bin/echo";
- "path[egrep]" string => "/usr/bin/egrep";
- "path[find]" string => "/usr/bin/find";
- "path[grep]" string => "/usr/bin/grep";
- "path[ls]" string => "/usr/bin/ls";
- "path[netstat]" string => "/usr/bin/netstat";
- "path[ping]" string => "/usr/bin/ping";
- "path[perl]" string => "/usr/bin/perl";
- "path[printf]" string => "/usr/bin/printf";
- "path[sed]" string => "/usr/bin/sed";
- "path[sort]" string => "/usr/bin/sort";
- "path[tr]" string => "/usr/bin/tr";
- "path[wget]" string => "/usr/bin/wget";
- #
- "path[svcs]" string => "/usr/bin/svcs";
- "path[svcadm]" string => "/usr/sbin/svcadm";
- "path[svccfg]" string => "/usr/sbin/svccfg";
- "path[netadm]" string => "/usr/sbin/netadm";
- "path[dladm]" string => "/usr/sbin/dladm";
- "path[ipadm]" string => "/usr/sbin/ipadm";
- "path[pkg]" string => "/usr/bin/pkg";
- "path[pkginfo]" string => "/usr/bin/pkginfo";
- "path[pkgadd]" string => "/usr/sbin/pkgadd";
- "path[pkgrm]" string => "/usr/sbin/pkgrm";
- "path[zoneadm]" string => "/usr/sbin/zoneadm";
- "path[zonecfg]" string => "/usr/sbin/zonecfg";
-
- redhat::
-
- "path[awk]" string => "/bin/awk";
- "path[bc]" string => "/usr/bin/bc";
- "path[cat]" string => "/bin/cat";
- "path[cksum]" string => "/usr/bin/cksum";
- "path[createrepo]" string => "/usr/bin/createrepo";
- "path[crontab]" string => "/usr/bin/crontab";
- "path[crontabs]" string => "/var/spool/cron";
- "path[curl]" string => "/usr/bin/curl";
- "path[cut]" string => "/bin/cut";
- "path[dc]" string => "/usr/bin/dc";
- "path[df]" string => "/bin/df";
- "path[diff]" string => "/usr/bin/diff";
- "path[dig]" string => "/usr/bin/dig";
- "path[domainname]" string => "/bin/domainname";
- "path[echo]" string => "/bin/echo";
- "path[egrep]" string => "/bin/egrep";
- "path[find]" string => "/usr/bin/find";
- "path[grep]" string => "/bin/grep";
- "path[hostname]" string => "/bin/hostname";
- "path[init]" string => "/sbin/init";
- "path[iptables]" string => "/sbin/iptables";
- "path[iptables_save]" string => "/sbin/iptables-save";
- "path[ls]" string => "/bin/ls";
- "path[lsof]" string => "/usr/sbin/lsof";
- "path[netstat]" string => "/bin/netstat";
- "path[nologin]" string => "/sbin/nologin";
- "path[ping]" string => "/usr/bin/ping";
- "path[perl]" string => "/usr/bin/perl";
- "path[printf]" string => "/usr/bin/printf";
- "path[sed]" string => "/bin/sed";
- "path[sort]" string => "/bin/sort";
- "path[test]" string => "/usr/bin/test";
- "path[tr]" string => "/usr/bin/tr";
- "path[wget]" string => "/usr/bin/wget";
- "path[realpath]" string => "/usr/bin/realpath";
-
- #
- "path[chkconfig]" string => "/sbin/chkconfig";
- "path[groupadd]" string => "/usr/sbin/groupadd";
- "path[groupdel]" string => "/usr/sbin/groupdel";
- "path[ifconfig]" string => "/sbin/ifconfig";
- "path[ip]" string => "/sbin/ip";
- "path[rpm]" string => "/bin/rpm";
- "path[service]" string => "/sbin/service";
- "path[svc]" string => "/sbin/service";
- "path[useradd]" string => "/usr/sbin/useradd";
- "path[userdel]" string => "/usr/sbin/userdel";
- "path[yum]" string => "/usr/bin/yum";
-
- darwin::
- "path[awk]" string => "/usr/bin/awk";
- "path[bc]" string => "/usr/bin/bc";
- "path[cat]" string => "/bin/cat";
- "path[cksum]" string => "/usr/bin/cksum";
- "path[createrepo]" string => "/usr/bin/createrepo";
- "path[crontab]" string => "/usr/bin/crontab";
- "path[crontabs]" string => "/usr/lib/cron/tabs";
- "path[cut]" string => "/usr/bin/cut";
- "path[dc]" string => "/usr/bin/dc";
- "path[df]" string => "/bin/df";
- "path[diff]" string => "/usr/bin/diff";
- "path[dig]" string => "/usr/bin/dig";
- "path[domainname]" string => "/bin/domainname";
- "path[echo]" string => "/bin/echo";
- "path[egrep]" string => "/usr/bin/egrep";
- "path[find]" string => "/usr/bin/find";
- "path[grep]" string => "/usr/bin/grep";
- "path[hostname]" string => "/bin/hostname";
- "path[ls]" string => "/bin/ls";
- "path[lsof]" string => "/usr/sbin/lsof";
- "path[netstat]" string => "/usr/sbin/netstat";
- "path[ping]" string => "/sbin/ping";
- "path[perl]" string => "/usr/bin/perl";
- "path[printf]" string => "/usr/bin/printf";
- "path[sed]" string => "/usr/bin/sed";
- "path[sort]" string => "/usr/bin/sort";
- "path[test]" string => "/bin/test";
- "path[tr]" string => "/usr/bin/tr";
-
- #
- "path[brew]" string => "/usr/local/bin/brew";
- "path[sudo]" string => "/usr/bin/sudo";
-
- debian::
-
- "path[awk]" string => "/usr/bin/awk";
- "path[bc]" string => "/usr/bin/bc";
- "path[cat]" string => "/bin/cat";
- "path[chkconfig]" string => "/sbin/chkconfig";
- "path[cksum]" string => "/usr/bin/cksum";
- "path[createrepo]" string => "/usr/bin/createrepo";
- "path[crontab]" string => "/usr/bin/crontab";
- "path[crontabs]" string => "/var/spool/cron/crontabs";
- "path[curl]" string => "/usr/bin/curl";
- "path[cut]" string => "/usr/bin/cut";
- "path[dc]" string => "/usr/bin/dc";
- "path[df]" string => "/bin/df";
- "path[diff]" string => "/usr/bin/diff";
- "path[dig]" string => "/usr/bin/dig";
- "path[dmidecode]" string => "/usr/sbin/dmidecode";
- "path[domainname]" string => "/bin/domainname";
- "path[echo]" string => "/bin/echo";
- "path[egrep]" string => "/bin/egrep";
- "path[find]" string => "/usr/bin/find";
- "path[grep]" string => "/bin/grep";
- "path[hostname]" string => "/bin/hostname";
- "path[init]" string => "/sbin/init";
- "path[iptables]" string => "/sbin/iptables";
- "path[iptables_save]" string => "/sbin/iptables-save";
- "path[ls]" string => "/bin/ls";
- "path[lsof]" string => "/usr/bin/lsof";
- "path[netstat]" string => "/bin/netstat";
- "path[nologin]" string => "/usr/sbin/nologin";
- "path[ping]" string => "/bin/ping";
- "path[perl]" string => "/usr/bin/perl";
- "path[printf]" string => "/usr/bin/printf";
- "path[sed]" string => "/bin/sed";
- "path[sort]" string => "/usr/bin/sort";
- "path[test]" string => "/usr/bin/test";
- "path[tr]" string => "/usr/bin/tr";
- "path[wget]" string => "/usr/bin/wget";
- "path[realpath]" string => "/usr/bin/realpath";
-
- #
- "path[apt_cache]" string => "/usr/bin/apt-cache";
- "path[apt_config]" string => "/usr/bin/apt-config";
- "path[apt_get]" string => "/usr/bin/apt-get";
- "path[apt_key]" string => "/usr/bin/apt-key";
- "path[aptitude]" string => "/usr/bin/aptitude";
- "path[dpkg]" string => "/usr/bin/dpkg";
- "path[groupadd]" string => "/usr/sbin/groupadd";
- "path[ifconfig]" string => "/sbin/ifconfig";
- "path[ip]" string => "/sbin/ip";
- "path[service]" string => "/usr/sbin/service";
- "path[svc]" string => "/usr/sbin/service";
- "path[update_alternatives]" string => "/usr/bin/update-alternatives";
- "path[update_rc_d]" string => "/usr/sbin/update-rc.d";
- "path[useradd]" string => "/usr/sbin/useradd";
-
- archlinux||darwin::
-
- "path[sysctl]" string => "/usr/bin/sysctl";
-
- !(archlinux||darwin)::
-
- "path[sysctl]" string => "/sbin/sysctl";
-
- !(SuSE||SUSE||suse)::
- "path[logger]" string => "/usr/bin/logger";
-
- SuSE||SUSE||suse::
-
- "path[awk]" string => "/usr/bin/awk";
- "path[bc]" string => "/usr/bin/bc";
- "path[cat]" string => "/bin/cat";
- "path[cksum]" string => "/usr/bin/cksum";
- "path[createrepo]" string => "/usr/bin/createrepo";
- "path[crontab]" string => "/usr/bin/crontab";
- "path[crontabs]" string => "/var/spool/cron/tabs";
- "path[curl]" string => "/usr/bin/curl";
- "path[cut]" string => "/usr/bin/cut";
- "path[dc]" string => "/usr/bin/dc";
- "path[df]" string => "/bin/df";
- "path[diff]" string => "/usr/bin/diff";
- "path[dig]" string => "/usr/bin/dig";
- "path[dmidecode]" string => "/usr/sbin/dmidecode";
- "path[domainname]" string => "/bin/domainname";
- "path[echo]" string => "/bin/echo";
- "path[egrep]" string => "/usr/bin/egrep";
- "path[find]" string => "/usr/bin/find";
- "path[free]" string => "/usr/bin/free";
- "path[grep]" string => "/usr/bin/grep";
- "path[hostname]" string => "/bin/hostname";
- "path[init]" string => "/sbin/init";
- "path[iptables]" string => "/usr/sbin/iptables";
- "path[iptables_save]" string => "/usr/sbin/iptables-save";
- "path[ls]" string => "/bin/ls";
- "path[lsof]" string => "/usr/bin/lsof";
- "path[netstat]" string => "/bin/netstat";
- "path[nologin]" string => "/sbin/nologin";
- "path[ping]" string => "/bin/ping";
- "path[perl]" string => "/usr/bin/perl";
- "path[printf]" string => "/usr/bin/printf";
- "path[sed]" string => "/bin/sed";
- "path[sort]" string => "/usr/bin/sort";
- "path[test]" string => "/usr/bin/test";
- "path[tr]" string => "/usr/bin/tr";
- "path[logger]" string => "/bin/logger";
- "path[wget]" string => "/usr/bin/wget";
-
- #
- "path[chkconfig]" string => "/sbin/chkconfig";
- "path[groupadd]" string => "/usr/sbin/groupadd";
- "path[groupdel]" string => "/usr/sbin/groupdel";
- "path[groupmod]" string => "/usr/sbin/groupmod";
- "path[ifconfig]" string => "/sbin/ifconfig";
- "path[ip]" string => "/sbin/ip";
- "path[rpm]" string => "/bin/rpm";
- "path[service]" string => "/sbin/service";
- "path[useradd]" string => "/usr/sbin/useradd";
- "path[userdel]" string => "/usr/sbin/userdel";
- "path[usermod]" string => "/usr/sbin/usermod";
- "path[zypper]" string => "/usr/bin/zypper";
-
- linux|solaris::
-
- "path[shadow]" string => "/etc/shadow";
-
- freebsd|openbsd|netbsd|darwin::
-
- "path[shadow]" string => "/etc/master.passwd";
-
- aix::
-
- "path[shadow]" string => "/etc/security/passwd";
-
- any::
- "all_paths" slist => getindices("path");
- "$(all_paths)" string => "$(path[$(all_paths)])";
-
- classes:
- "_stdlib_has_path_$(all_paths)"
- expression => isvariable("$(all_paths)"),
- comment => "It's useful to know if a given path is defined";
-
- "_stdlib_path_exists_$(all_paths)"
- expression => fileexists("$(path[$(all_paths)])"),
- comment => "It's useful to know if $(all_paths) exists on the filesystem as defined";
-}
+++ /dev/null
-############################################################################
-# Copyright (C) CFEngine AS
-#
-# This program is free software; you can redistribute it and/or modify it
-# under the terms of the GNU Lesser General Public License LGPL as published by the
-# Free Software Foundation; version 3.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU General Public License for more details.
-#
-# To the extent this program is licensed as part of the Enterprise
-# versions of CFEngine, the applicable Commercial Open Source License
-# (COSL) may apply to this file if you as a licensee so wish it. See
-# included file COSL.txt.
-###########################################################################
-#
-# CFEngine Community Open Promise-Body Library
-#
-# This initiative started by CFEngine promotes a
-# standardized set of names and promise specifications
-# for template functionality within CFEngine 3.
-#
-# The aim is to promote an industry standard for
-# naming of configuration patterns, leading to a
-# de facto middleware of standardized syntax.
-#
-# Names should be intuitive and parameters should be
-# minimal to assist readability and comprehensibility.
-
-# Contributions to this file are voluntarily given to
-# the cfengine community, and are moderated by CFEngine.
-# No liability or warranty for misuse is implied.
-#
-# If you add to this file, please try to make the
-# contributions "self-documenting". Comments made
-# after the bundle/body statement are retained in
-# the online docs
-#
-
-# For CFEngine Core: 3.6.0 to 3.6.x
-# Processes bodies
-
-###################################################
-# If you find CFEngine useful, please consider #
-# purchasing a commercial version of the software.#
-###################################################
-
-##-------------------------------------------------------
-## process promises
-##-------------------------------------------------------
-
-body process_select exclude_procs(x)
-# @brief Select all processes excluding those matching `x`
-# @param x Regular expression matching the command/cmd field
-# of the processes that should be excluded
-{
- command => "$(x)";
- process_result => "!command";
-}
-
-##
-
-body process_select days_older_than(d)
-# @brief Select all processes that are older than `d` days
-# @param d Days that processes need to be old to be selected
-{
- stime_range => irange(ago(0,0,"$(d)",0,0,0),now);
- process_result => "stime";
-}
-
-##
-
-body process_select by_owner(u)
-# @brief Select processes owned by user `u`
-# @param u The name of the user
-#
-# Matches processes against the given username and the given username's uid
-# in case only uid is visible in process list.
-{
- process_owner => { "$(u)", canonify(getuid("$(u)")) };
- process_result => "process_owner";
-}
-
-##
-
-body process_count any_count(cl)
-# @brief Define class `cl` if the process is running
-# @param cl Name of the class to be defined
-{
- match_range => "0,0";
- out_of_range_define => { "$(cl)" };
-}
-
-##
-
-body process_count check_range(name,lower,upper)
-# @brief Define a class if the number of processes is not
-# within the specified range.
-# @param name The name part of the class `$(name)_out_of_range`
-# @param lower The lower bound of the range
-# @param upper The upper bound of the range
-{
- match_range => irange("$(lower)","$(upper)");
- out_of_range_define => { "$(name)_out_of_range" };
-}
+++ /dev/null
-############################################################################
-# Copyright (C) CFEngine AS
-#
-# This program is free software; you can redistribute it and/or modify it
-# under the terms of the GNU Lesser General Public License LGPL as published by the
-# Free Software Foundation; version 3.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU General Public License for more details.
-#
-# To the extent this program is licensed as part of the Enterprise
-# versions of CFEngine, the applicable Commercial Open Source License
-# (COSL) may apply to this file if you as a licensee so wish it. See
-# included file COSL.txt.
-###########################################################################
-#
-# CFEngine Community Open Promise-Body Library
-#
-# This initiative started by CFEngine promotes a
-# standardized set of names and promise specifications
-# for template functionality within CFEngine 3.
-#
-# The aim is to promote an industry standard for
-# naming of configuration patterns, leading to a
-# de facto middleware of standardized syntax.
-#
-# Names should be intuitive and parameters should be
-# minimal to assist readability and comprehensibility.
-
-# Contributions to this file are voluntarily given to
-# the cfengine community, and are moderated by CFEngine.
-# No liability or warranty for misuse is implied.
-#
-# If you add to this file, please try to make the
-# contributions "self-documenting". Comments made
-# after the bundle/body statement are retained in
-# the online docs
-#
-
-# For CFEngine Core: 3.6.0 to 3.6.x
-# Services bodies
-
-###################################################
-# If you find CFEngine useful, please consider #
-# purchasing a commercial version of the software.#
-###################################################
-
-##-------------------------------------------------------
-## service promises
-##-------------------------------------------------------
-
-body service_method bootstart
-# @brief Start the service and all its dependencies at boot time
-#
-# **See also:** `service_autostart_policy`, `service_dependence_chain`
-{
- service_autostart_policy => "boot_time";
- service_dependence_chain => "start_parent_services";
- windows::
- service_type => "windows";
-}
-
-##
-
-body service_method force_deps
-# @brief Start all dependendencies when this service starts, and stop all
-# dependent services when this service stops.
-#
-# The service does not get automatically started.
-#
-# **See also:** `service_autostart_policy`, `service_dependence_chain`
-{
- service_dependence_chain => "all_related";
- windows::
- service_type => "windows";
-}
-
-##
-
-bundle agent standard_services(service,state)
-# @brief Standard services bundle, used by CFEngine by default
-# @author CFEngine AS
-# @author Tero Kantonen <prkele@gmail.com>
-# @param service specific service to control
-# @param state desired state for that service
-#
-# This bundle is used by CFEngine if you don't specify a services
-# handler explicitly.
-#
-# It receives the service name and the desired service state, then
-# does the needful to reach the desired state..
-#
-# **Example:**
-#
-# ```cf3
-# services:
-# "ntp" service_policy => "start";
-# "ssh" service_policy => "stop";
-# ```
-#
-# There's multiple ways you can add new services to this list.
-# Here's few examples:
-#
-# a) The zeroconf mode; If the new service matches these rules,
-# you don't need to add anything to the standard_services:
-#
-# 1. Your init script basename = `$(service)`
-# 2. Your init script argument = `$(state)`
-# 3. Your init script lives in `/etc/init.d/` (for non-*bsd),
-# or `/etc/rc.d/` (for *bsd)
-# 4. Your process regex pattern = `\b$(service)\b`
-# 5. You call the init as `/etc/init.d/<script> <arg>` (for non-*bsd),
-# or `/etc/rc.d/<script> <arg>` (for *bsd)
-#
-# b) If the 1st rule doesn't match, but rest does:
-#
-# Use the `baseinit[$(service)]` array to point towards your
-# init script's basename. For example:
-#
-# ```cf3
-# "baseinit[www]" string => "httpd";
-# ```
-#
-# This would fire up init script `/etc/init.d/httpd`, instead of
-# the default `/etc/init.d/www`. From `/etc/rc.d/` if you're on *bsd system.
-#
-# c) If the 4th rule doesn't match, but rest does:
-#
-# Use the `pattern[$(service)]` array to specify your own
-# regex match. It's advisable to use conservative regex so
-# there's less chance of getting a mismatch.
-#
-# ```cf3
-# "pattern[www]" string => ".*httpd.*";
-# ```
-#
-# Instead of matching the default '\bwww\b', this now matches
-# your given string,
-#
-# d) 5th rule doesn't match:
-#
-# If you can specify the init system used.
-# Currently supported: `sysvinitd`, `sysvservice`, `systemd`
-#
-# ```cf3
-# "init[www]" string => "sysvservice";
-# "init[www]" string => "sysvinitd";
-# "init[www]" string => "systemd";
-# ```
-#
-# ^^ The above is not a valid syntax as you can only use one `init[]`
-# per service, but it shows all the currently supported ones.
-#
-# ```cf3
-# "sysvservice" == /(usr/)?sbin/service
-# "sysvinitd" == /etc/init.d/ (non-*bsd) | /etc/rc.d/ (*bsd)
-# "systemd" == /bin/systemctl
-# ```
-#
-# e) 2nd and 3rd rule matches, but rest doesn't:
-#
-# Use a combination of the `pattern[]`, `baseinit[]` and `init[]`,
-# to fill your need.
-#
-# ```cf3
-# "baseinit[www]" string => "httpd";
-# "pattern[www]" string => ".*httpd.*";
-# "init[www]" string => "sysvservice";
-# ```
-#
-# f) As a fallback, if none of the above rules match, you can also
-# define exactly what you need for each `$(state)`.
-#
-# ```cf3
-# "startcommand[rhnsd]" string => "/sbin/service rhnsd start";
-# "restartcommand[rhnsd]" string => "/sbin/service rhnsd restart";
-# "reloadcommand[rhnsd]" string => "/sbin/service rhnsd reload";
-# "stopcommand[rhnsd]" string => "/sbin/service rhnsd stop";
-# "pattern[rhnsd]" string => "rhnsd";
-# ```
-#
-# ---
-#
-# If *any* of the `(re)?(start|load|stop)command` variables are set for
-# your service, they take _priority_ in case there's conflict of intent
-# with other data.
-#
-# Say you'd have the following service definition:
-#
-# ```cf3
-# "startcommand[qwerty]" string => "/sbin/service qwerty start";
-# "stopcommand[qwerty]" string => "/sbin/service qwerty stop";
-# "pattern[qwerty]" string => ".*qwerty.*";
-# "baseinit[qwerty]" string => "asdfgh"
-# "init[qwerty]" string => "systemd";
-# ```
-#
-# There's a conflict of intent now. As the `~command` definitions takes
-# priority, this kind of service config for `qwerty` would execute the
-# following commands:
-#
-# ```
-# start: "/sbin/service qwerty start"
-# stop: "/sbin/service qwerty stop"
-# restart: "/bin/systemctl asdfgh restart"
-# reload: "/bin/systemctl asdfgh reload"
-# ```
-{
- vars:
- "all_states" slist => { "start", "restart", "reload", "stop" };
-
- "inits" slist => { "sysvinitd", "sysvservice", "systemd" },
- comment => "Currently handled init systems";
-
- "default[prefix][sysvservice]" string => "$(paths.path[service]) ",
- comment => "Command for sysv service interactions";
-
- "default[prefix][systemd]" string => "/bin/systemctl ",
- comment => "Command for systemd interactions";
-
- "default[prefix][sysvinitd]" string => ifelse("openbsd", "/etc/rc.d/",
- "freebsd", "/etc/rc.d/",
- "netbsd", "/etc/rc.d/",
- "/etc/init.d/"),
- comment => "Command prefix for sysv init script interactions";
-
- "default[cmd][$(inits)]" string => "$(default[prefix][$(inits)])$(service) $(state)",
- comment => "Default command to control the service";
-
- "default[pattern]" string => "\b$(service)\b",
- comment => "Set default pattern for proc matching";
-
- "default[init]" string => "sysvinitd",
- comment => "Set the default init system used if one isn't defined";
-
- "stakeholders[cfengine3]" slist => { "cfengine_in" };
- "stakeholders[acpid]" slist => { "cpu", "cpu0", "cpu1", "cpu2", "cpu3" };
- "stakeholders[mongod]" slist => { "mongo_in" };
- "stakeholders[postfix]" slist => { "smtp_in" };
- "stakeholders[sendmail]" slist => { "smtp_in" };
- "stakeholders[www]" slist => { "www_in", "wwws_in", "www_alt_in" };
- "stakeholders[ssh]" slist => { "ssh_in" };
- "stakeholders[mysql]" slist => { "mysql_in" };
- "stakeholders[nfs]" slist => { "nfsd_in" };
- "stakeholders[syslog]" slist => { "syslog" };
- "stakeholders[rsyslog]" slist => { "syslog" };
- "stakeholders[tomcat5]" slist => { "www_alt_in" };
- "stakeholders[tomcat6]" slist => { "www_alt_in" };
-
- linux::
-
- "pattern[acpid]" string => ".*acpid.*";
- "pattern[cfengine3]" string => ".*cf-execd.*";
- "pattern[fancontrol]" string => ".*fancontrol.*";
- "pattern[hddtemp]" string => ".*hddtemp.*";
- "pattern[irqbalance]" string => ".*irqbalance.*";
- "pattern[lm-sensor]" string => ".*psensor.*";
- "pattern[mongod]" string => ".*mongod.*";
- "pattern[openvpn]" string => ".*openvpn.*";
- "pattern[postfix]" string => ".*postfix.*";
- "pattern[rsync]" string => ".*rsync.*";
- "pattern[rsyslog]" string => ".*rsyslogd.*";
- "pattern[sendmail]" string => ".*sendmail.*";
- "pattern[tomcat5]" string => ".*tomcat5.*";
- "pattern[tomcat6]" string => ".*tomcat6.*";
- "pattern[varnish]" string => ".*varnish.*";
- "pattern[wpa_supplicant]" string => ".*wpa_supplicant.*";
-
- SuSE|suse::
-
- "baseinit[mysql]" string => "mysqld";
- "pattern[mysql]" string => ".*mysqld.*";
-
- "baseinit[www]" string => "apache2";
- "pattern[www]" string => ".*apache2.*";
-
- "baseinit[ssh]" string => "sshd";
- # filter out "sshd: ..." children
- "pattern[ssh]" string => ".*\Ssshd.*";
-
- "pattern[ntpd]" string => ".*ntpd.*";
-
- redhat::
-
- "pattern[anacron]" string => ".*anacron.*";
- "pattern[atd]" string => ".*sbin/atd.*";
- "pattern[auditd]" string => ".*auditd$";
- "pattern[autofs]" string => ".*automount.*";
- "pattern[capi]" string => ".*capiinit.*";
- "pattern[conman]" string => ".*conmand.*";
- "pattern[cpuspeed]" string => ".*cpuspeed.*";
- "pattern[crond]" string => ".*crond.*";
- "pattern[dc_client]" string => ".*dc_client.*";
- "pattern[dc_server]" string => ".*dc_server.*";
- "pattern[dnsmasq]" string => ".*dnsmasq.*";
- "pattern[dund]" string => ".*dund.*";
- "pattern[gpm]" string => ".*gpm.*";
- "pattern[haldaemon]" string => ".*hald.*";
- "pattern[hidd]" string => ".*hidd.*";
- "pattern[irda]" string => ".*irattach.*";
- "pattern[iscsid]" string => ".*iscsid.*";
- "pattern[isdn]" string => ".*isdnlog.*";
- "pattern[lvm2-monitor]" string => ".*vgchange.*";
- "pattern[mcstrans]" string => ".*mcstransd.*";
- "pattern[mdmonitor]" string => ".*mdadm.*";
- "pattern[mdmpd]" string => ".*mdmpd.*";
- "pattern[messagebus]" string => ".*dbus-daemon.*";
- "pattern[microcode_ctl]" string => ".*microcode_ctl.*";
- "pattern[multipathd]" string => ".*multipathd.*";
- "pattern[netplugd]" string => ".*netplugd.*";
- "pattern[NetworkManager]" string => ".*NetworkManager.*";
- "pattern[nfs]" string => ".*nfsd.*";
- "pattern[nfslock]" string => ".*rpc.statd.*";
- "pattern[nscd]" string => ".*nscd.*";
- "pattern[ntpd]" string => ".*ntpd.*";
- "pattern[oddjobd]" string => ".*oddjobd.*";
- "pattern[pand]" string => ".*pand.*";
- "pattern[pcscd]" string => ".*pcscd.*";
- "pattern[portmap]" string => ".*portmap.*";
- "pattern[postgresql]" string => ".*postmaster.*";
- "pattern[rdisc]" string => ".*rdisc.*";
- "pattern[readahead_early]" string => ".*readahead.*early.*";
- "pattern[readahead_later]" string => ".*readahead.*later.*";
- "pattern[restorecond]" string => ".*restorecond.*";
- "pattern[rpcgssd]" string => ".*rpc.gssd.*";
- "pattern[rpcidmapd]" string => ".*rpc.idmapd.*";
- "pattern[rpcsvcgssd]" string => ".*rpc.svcgssd.*";
- "pattern[saslauthd]" string => ".*saslauthd.*";
- "pattern[smartd]" string => ".*smartd.*";
- "pattern[svnserve]" string => ".*svnserve.*";
- "pattern[syslog]" string => ".*syslogd.*";
- "pattern[tcsd]" string => ".*tcsd.*";
- "pattern[xfs]" string => ".*xfs.*";
- "pattern[ypbind]" string => ".*ypbind.*";
- "pattern[yum-updatesd]" string => ".*yum-updatesd.*";
- "pattern[munin-node]" string => ".*munin-node.*";
-
- "baseinit[bluetoothd]" string => "bluetooth";
- "pattern[bluetoothd]" string => ".*hcid.*";
-
- "baseinit[mysql]" string => "mysqld";
- "pattern[mysql]" string => ".*mysqld.*";
-
- "baseinit[www]" string => "httpd";
- "pattern[www]" string => ".*httpd.*";
-
- "baseinit[ssh]" string => "sshd";
- # filter out "sshd: ..." children
- "pattern[ssh]" string => ".*\Ssshd.*";
-
- "init[rhnsd]" string => "sysvservice";
- "pattern[rhnsd]" string => "rhnsd";
-
- "baseinit[snmpd]" string => "snmpd";
- "pattern[snmpd]" string => "/usr/sbin/snmpd";
-
- debian|ubuntu::
-
- "pattern[atd]" string => "atd.*";
- "pattern[bluetoothd]" string => ".*bluetoothd.*";
- "pattern[bootlogd]" string => ".*bootlogd.*";
- "pattern[crond]" string => ".*cron.*";
- "pattern[kerneloops]" string => ".*kerneloops.*";
- "pattern[mysql]" string => ".*mysqld.*";
- "pattern[NetworkManager]" string => ".*NetworkManager.*";
- "pattern[ondemand]" string => ".*ondemand.*";
- "pattern[plymouth]" string => ".*plymouthd.*";
- "pattern[saned]" string => ".*saned.*";
- "pattern[udev]" string => ".*udev.*";
- "pattern[udevmonitor]" string => ".*udevadm.*monitor.*";
- "pattern[snmpd]" string => "/usr/sbin/snmpd";
- "pattern[pgbouncer]" string => ".*pgbouncer.*";
- "pattern[supervisor]" string => ".*supervisord.*";
- "pattern[munin-node]" string => ".*munin-node.*";
- "pattern[carbon-cache]" string => ".*carbon-cache.*";
- "pattern[cassandra]" string => ".*jsvc\.exec.*apache-cassandra\.jar.*";
- # filter out "sshd: ..." children
- "pattern[ssh]" string => ".*\Ssshd.*";
-
- "baseinit[ntpd]" string => "ntp";
- "pattern[ntpd]" string => ".*ntpd.*";
-
- "baseinit[postgresql84]" string => "postgresql-8.4";
- "pattern[postgresql84]" string => ".*postgresql.*";
-
- "baseinit[postgresql91]" string => "postgresql-9.1";
- "pattern[postgresql91]" string => ".*postgresql.*";
-
- "baseinit[www]" string => "apache2";
- "pattern[www]" string => ".*apache2.*";
-
- "baseinit[nrpe]" string => "nagios-nrpe-server";
- "pattern[nrpe]" string => ".*nrpe.*";
-
- "baseinit[omsa-dataeng]" string => "dataeng";
- "pattern[omsa-dataeng]" string => ".*dsm_sa_datamgr.*";
-
- freebsd::
-
- "pattern[ntpd]" string => ".*ntpd.*";
-
- "baseinit[ssh]" string => "sshd";
- "pattern[ssh]" string => "/usr/sbin/sshd.*";
-
- "baseinit[syslog]" string => "syslogd";
- "pattern[syslog]" string => "/usr/sbin/syslogd.*";
-
- "baseinit[crond]" string => "cron";
- "pattern[crond]" string => "/usr/sbin/cron.*";
-
- "baseinit[snmpd]" string => "bsnmpd";
- "pattern[snmpd]" string => "/usr/sbin/bsnmpd.*";
-
- "pattern[newsyslog]" string => "/usr/sbin/newsyslog.*";
-
- classes:
- # Set classes for each possible state after $(all_states)
- "$(all_states)" expression => strcmp($(all_states), $(state)),
- comment => "Set a class named after the desired state";
-
- "$(inits)_set" expression => strcmp("$(init[$(service)])","$(inits)"),
- comment => "Check if init system is specified";
- "no_inits_set" not => isvariable("init[$(service)]"),
- comment => "Check if no init system is specified";
-
- processes:
-
- start::
-
- "$(pattern[$(service)])" -> { "@(stakeholders[$(service)])" }
-
- comment => "Verify that the service appears in the process table",
- restart_class => "start_$(service)",
- ifvarclass => and(isvariable("pattern[$(service)]"));
-
- "$(default[pattern])" -> { "@(stakeholders[$(service)])" }
-
- comment => "Verify that the service appears in the process table",
- restart_class => "start_$(service)",
- ifvarclass => not(isvariable("pattern[$(service)]"));
-
- stop::
-
- "$(pattern[$(service)])" -> { "@(stakeholders[$(service)])" }
-
- comment => "Verify that the service does not appear in the process",
- process_stop => "$(stopcommand[$(service)])",
- signals => { "term", "kill"},
- ifvarclass => and(isvariable("stopcommand[$(service)]"),
- isvariable("pattern[$(service)]"));
-
- "$(default[pattern])" -> { "@(stakeholders[$(service)])" }
-
- comment => "Verify that the service does not appear in the process",
- process_stop => "$(stopcommand[$(service)])",
- signals => { "term", "kill"},
- ifvarclass => and(isvariable("stopcommand[$(service)]"),
- not(isvariable("pattern[$(service)]")));
-
- "$(pattern[$(service)])" -> { "@(stakeholders[$(service)])" }
-
- comment => "Verify that the service does not appear in the process",
- process_stop => "$(default[prefix][$(default[init])])$(baseinit[$(service)]) $(state)",
- signals => { "term", "kill"},
- ifvarclass => and(not(isvariable("stopcommand[$(service)]")),
- isvariable("baseinit[$(service)]"),
- isvariable("pattern[$(service)]"),
- "no_inits_set");
-
- "$(pattern[$(service)])" -> { "@(stakeholders[$(service)])" }
-
- comment => "Verify that the service does not appear in the process",
- process_stop => "$(default[prefix][$(inits)])$(baseinit[$(service)]) $(state)",
- signals => { "term", "kill"},
- ifvarclass => and(not(isvariable("stopcommand[$(service)]")),
- isvariable("baseinit[$(service)]"),
- isvariable("pattern[$(service)]"),
- canonify("$(inits)_set"));
-
-##
- "$(default[pattern])" -> { "@(stakeholders[$(service)])" }
-
- comment => "Verify that the service does not appear in the process",
- process_stop => "$(default[prefix][$(default[init])])$(baseinit[$(service)]) $(state)",
- signals => { "term", "kill"},
- ifvarclass => and(not(isvariable("stopcommand[$(service)]")),
- isvariable("baseinit[$(service)]"),
- not(isvariable("pattern[$(service)]")),
- "no_inits_set");
-
- "$(default[pattern])" -> { "@(stakeholders[$(service)])" }
-
- comment => "Verify that the service does not appear in the process",
- process_stop => "$(default[prefix][$(inits)])$(baseinit[$(service)]) $(state)",
- signals => { "term", "kill"},
- ifvarclass => and(not(isvariable("stopcommand[$(service)]")),
- isvariable("baseinit[$(service)]"),
- not(isvariable("pattern[$(service)]")),
- canonify("$(inits)_set"));
-
-##
- "$(pattern[$(service)])" -> { "@(stakeholders[$(service)])" }
-
- comment => "Verify that the service does not appear in the process",
- process_stop => "$(default[cmd][$(default[init])])",
- signals => { "term", "kill"},
- ifvarclass => and(not(isvariable("stopcommand[$(service)]")),
- not(isvariable("baseinit[$(service)]")),
- isvariable("pattern[$(service)]"),
- "no_inits_set");
-
- "$(pattern[$(service)])" -> { "@(stakeholders[$(service)])" }
-
- comment => "Verify that the service does not appear in the process",
- process_stop => "$(default[cmd][$(inits)])",
- signals => { "term", "kill"},
- ifvarclass => and(not(isvariable("stopcommand[$(service)]")),
- not(isvariable("baseinit[$(service)]")),
- isvariable("pattern[$(service)]"),
- canonify("$(inits)_set"));
-
-##
- "$(default[pattern])" -> { "@(stakeholders[$(service)])" }
-
- comment => "Verify that the service does not appear in the process",
- process_stop => "$(default[cmd][$(default[init])])",
- signals => { "term", "kill"},
- ifvarclass => and(not(isvariable("stopcommand[$(service)]")),
- not(isvariable("baseinit[$(service)]")),
- not(isvariable("pattern[$(service)]")),
- "no_inits_set");
-
- "$(default[pattern])" -> { "@(stakeholders[$(service)])" }
-
- comment => "Verify that the service does not appear in the process",
- process_stop => "$(default[cmd][$(inits)])",
- signals => { "term", "kill"},
- ifvarclass => and(not(isvariable("stopcommand[$(service)]")),
- not(isvariable("baseinit[$(service)]")),
- not(isvariable("pattern[$(service)]")),
- canonify("$(inits)_set"));
-
- commands:
-
- "$(startcommand[$(service)])" -> { "@(stakeholders[$(service)])" }
- comment => "Execute command to start the $(service) service",
- ifvarclass => and(isvariable("startcommand[$(service)]"),
- canonify("start_$(service)"));
-##
- "$(default[prefix][$(default[init])])$(baseinit[$(service)]) $(state)" -> { "@(stakeholders[$(service)])" }
- comment => "Execute (baseinit init) command to start the $(service) service",
- ifvarclass => and(not(isvariable("startcommand[$(service)]")),
- isvariable("baseinit[$(service)]"),
- canonify("start_$(service)"),
- "no_inits_set");
-
- "$(default[prefix][$(inits)])$(baseinit[$(service)]) $(state)" -> { "@(stakeholders[$(service)])" }
- comment => "Execute (baseinit init) command to start the $(service) service",
- ifvarclass => and(not(isvariable("startcommand[$(service)]")),
- isvariable("baseinit[$(service)]"),
- canonify("start_$(service)"),
- canonify("$(inits)_set"));
-##
- "$(default[cmd][$(default[init])])" -> { "@(stakeholders[$(service)])" }
- comment => "Execute (default) command to start the $(service) service",
- ifvarclass => and(not(isvariable("startcommand[$(service)]")),
- not(isvariable("baseinit[$(service)]")),
- canonify("start_$(service)"),
- "no_inits_set");
-
- "$(default[cmd][$(inits)])" -> { "@(stakeholders[$(service)])" }
- comment => "Execute (default) command to start the $(service) service",
- ifvarclass => and(not(isvariable("startcommand[$(service)]")),
- not(isvariable("baseinit[$(service)]")),
- canonify("start_$(service)"),
- canonify("$(inits)_set"));
-
- restart::
- "$(restartcommand[$(service)])" -> { "@(stakeholders[$(service)])" }
- comment => "Execute command to restart the $(service) service",
- ifvarclass => and(isvariable("restartcommand[$(service)]"));
-##
-
- "$(default[prefix][$(default[init])])$(baseinit[$(service)]) $(state)" -> { "@(stakeholders[$(service)])" }
- comment => "Execute (baseinit init) command to restart the $(service) service",
- ifvarclass => and(not(isvariable("restartcommand[$(service)]")),
- isvariable("baseinit[$(service)]"),
- "no_inits_set");
-
- "$(default[prefix][$(inits)])$(baseinit[$(service)]) $(state)" -> { "@(stakeholders[$(service)])" }
- comment => "Execute (baseinit init) command to restart the $(service) service",
- ifvarclass => and(not(isvariable("restartcommand[$(service)]")),
- isvariable("baseinit[$(service)]"),
- canonify("$(inits)_set"));
-##
- "$(default[cmd][$(default[init])])" -> { "@(stakeholders[$(service)])" }
- comment => "Execute (default) command to restart the $(service) service",
- ifvarclass => and(not(isvariable("restartcommand[$(service)]")),
- not(isvariable("baseinit[$(service)]")),
- "no_inits_set");
-
- "$(default[cmd][$(inits)])" -> { "@(stakeholders[$(service)])" }
- comment => "Execute (default) command to restart the $(service) service",
- ifvarclass => and(not(isvariable("restartcommand[$(service)]")),
- not(isvariable("baseinit[$(service)]")),
- canonify("$(inits)_set"));
-
- reload::
- "$(reloadcommand[$(service)])" -> { "@(stakeholders[$(service)])" }
- comment => "Execute command to reload the $(service) service",
- ifvarclass => and(isvariable("reloadcommand[$(service)]"));
-##
- "$(default[prefix][$(default[init])])$(baseinit[$(service)]) $(state)" -> { "@(stakeholders[$(service)])" }
- comment => "Execute (baseinit init) command to reload the $(service) service",
- ifvarclass => and(not(isvariable("reloadcommand[$(service)]")),
- isvariable("baseinit[$(service)]"),
- "no_inits_set");
-
- "$(default[prefix][$(inits)])$(baseinit[$(service)]) $(state)" -> { "@(stakeholders[$(service)])" }
- comment => "Execute (baseinit init) command to reload the $(service) service",
- ifvarclass => and(not(isvariable("reloadcommand[$(service)]")),
- isvariable("baseinit[$(service)]"),
- canonify("$(inits)_set"));
-##
- "$(default[cmd][$(default[init])])" -> { "@(stakeholders[$(service)])" }
- comment => "Execute (default) command to reload the $(service) service",
- ifvarclass => and(not(isvariable("reloadcommand[$(service)]")),
- not(isvariable("baseinit[$(service)]")),
- "no_inits_set");
-
- "$(default[cmd][$(inits)])" -> { "@(stakeholders[$(service)])" }
- comment => "Execute (default) command to reload the $(service) service",
- ifvarclass => and(not(isvariable("reloadcommand[$(service)]")),
- not(isvariable("baseinit[$(service)]")),
- canonify("$(inits)_set"));
-
- reports:
- inform_mode::
- "$(this.bundle): Using init system $(inits)"
- ifvarclass => and(canonify("$(inits)_set"));
-
- "$(this.bundle): No init system is set, using $(default[init])"
- ifvarclass => "no_inits_set";
-
- "$(this.bundle): The service $(service) needs to be started"
- ifvarclass => and(canonify("start_$(service)"));
-
- "$(this.bundle): The service pattern is provided: $(pattern[$(service)])"
- ifvarclass => and(isvariable("pattern[$(service)]"));
-
- "$(this.bundle): The default service pattern was used: $(default[pattern])"
- ifvarclass => not(isvariable("pattern[$(service)]"));
-
- "$(this.bundle): The stopcommand is provided: $(stopcommand[$(service)])"
- ifvarclass => and(isvariable("stopcommand[$(service)]"));
-
- "$(this.bundle): The stopcommand is NOT provided, using default"
- ifvarclass => not(isvariable("stopcommand[$(service)]"));
-
- "$(this.bundle): The startcommand is provided: $(startcommand[$(service)])"
- ifvarclass => and(isvariable("startcommand[$(service)]"));
-
- "$(this.bundle): The startcommand is NOT provided, using default"
- ifvarclass => not(isvariable("startcommand[$(service)]"));
-
- "$(this.bundle): The restartcommand is provided: $(restartcommand[$(service)])"
- ifvarclass => and(isvariable("restartcommand[$(service)]"));
-
- "$(this.bundle): The restartcommand is NOT provided, using default"
- ifvarclass => not(isvariable("restartcommand[$(service)]"));
-
- "$(this.bundle): The reloadcommand is provided: $(reloadcommand[$(service)])"
- ifvarclass => and(isvariable("reloadcommand[$(service)]"));
-
- "$(this.bundle): The reloadcommand is NOT provided, using default"
- ifvarclass => not(isvariable("reloadcommand[$(service)]"));
-
- "$(this.bundle): The baseinit is provided: $(baseinit[$(service)])"
- ifvarclass => and(isvariable("baseinit[$(service)]"));
-
- "$(this.bundle): The baseinit is NOT provided, using default"
- ifvarclass => not(isvariable("baseinit[$(service)]"));
-}
+++ /dev/null
-############################################################################
-# Copyright (C) CFEngine AS
-#
-# This program is free software; you can redistribute it and/or modify it
-# under the terms of the GNU Lesser General Public License LGPL as published by the
-# Free Software Foundation; version 3.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU General Public License for more details.
-#
-# To the extent this program is licensed as part of the Enterprise
-# versions of CFEngine, the applicable Commercial Open Source License
-# (COSL) may apply to this file if you as a licensee so wish it. See
-# included file COSL.txt.
-###########################################################################
-#
-# CFEngine Community Open Promise-Body Library
-#
-# This initiative started by CFEngine promotes a
-# standardized set of names and promise specifications
-# for template functionality within CFEngine 3.
-#
-# The aim is to promote an industry standard for
-# naming of configuration patterns, leading to a
-# de facto middleware of standardized syntax.
-#
-# Names should be intuitive and parameters should be
-# minimal to assist readability and comprehensibility.
-
-# Contributions to this file are voluntarily given to
-# the cfengine community, and are moderated by CFEngine.
-# No liability or warranty for misuse is implied.
-#
-# If you add to this file, please try to make the
-# contributions "self-documenting". Comments made
-# after the bundle/body statement are retained in
-# the online docs
-#
-
-# For CFEngine Core: 3.6.0 to 3.6.x
-# Main COPBL include file
-
-###################################################
-# If you find CFEngine useful, please consider #
-# purchasing a commercial version of the software.#
-###################################################
-
-bundle common stdlib_common
-# @ignore
-{
- vars:
- "inputs" slist => {
- "$(this.promise_dirname)/paths.cf",
- "$(this.promise_dirname)/common.cf",
- "$(this.promise_dirname)/commands.cf",
- "$(this.promise_dirname)/packages.cf",
- "$(this.promise_dirname)/files.cf",
- "$(this.promise_dirname)/services.cf",
- "$(this.promise_dirname)/processes.cf",
- "$(this.promise_dirname)/storage.cf",
- "$(this.promise_dirname)/databases.cf",
- "$(this.promise_dirname)/users.cf",
- "$(this.promise_dirname)/monitor.cf",
- "$(this.promise_dirname)/guest_environments.cf",
- "$(this.promise_dirname)/bundles.cf",
- };
-
- reports:
- verbose_mode::
- "$(this.bundle): adding COPBL stdlib inputs='$(inputs)'";
-}
-
-body file control
-# @ignore
-{
- inputs => { @(stdlib_common.inputs) };
-}
+++ /dev/null
-############################################################################
-# Copyright (C) CFEngine AS
-#
-# This program is free software; you can redistribute it and/or modify it
-# under the terms of the GNU Lesser General Public License LGPL as published by the
-# Free Software Foundation; version 3.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU General Public License for more details.
-#
-# To the extent this program is licensed as part of the Enterprise
-# versions of CFEngine, the applicable Commercial Open Source License
-# (COSL) may apply to this file if you as a licensee so wish it. See
-# included file COSL.txt.
-###########################################################################
-#
-# CFEngine Community Open Promise-Body Library
-#
-# This initiative started by CFEngine promotes a
-# standardized set of names and promise specifications
-# for template functionality within CFEngine 3.
-#
-# The aim is to promote an industry standard for
-# naming of configuration patterns, leading to a
-# de facto middleware of standardized syntax.
-#
-# Names should be intuitive and parameters should be
-# minimal to assist readability and comprehensibility.
-
-# Contributions to this file are voluntarily given to
-# the cfengine community, and are moderated by CFEngine.
-# No liability or warranty for misuse is implied.
-#
-# If you add to this file, please try to make the
-# contributions "self-documenting". Comments made
-# after the bundle/body statement are retained in
-# the online docs
-#
-
-# For CFEngine Core: 3.6.0 to 3.6.x
-# Storage bodies
-
-###################################################
-# If you find CFEngine useful, please consider #
-# purchasing a commercial version of the software.#
-###################################################
-
-##-------------------------------------------------------
-## storage promises
-##-------------------------------------------------------
-
-body volume min_free_space(free)
-# @brief Warn if the storage doesn't have at least `free` free space.
-#
-# A warnings is also generated if the storage is smaller than 10K or as
-# less than 2 file entries.
-#
-# @param free Absolute or percentage minimum disk space that should be
-# available before warning
-{
- check_foreign => "false";
- freespace => "$(free)";
- sensible_size => "10000";
- sensible_count => "2";
-}
-
-##
-
-body mount nfs(server,source)
-# @brief Mounts the storage at `source` on `server` via nfs protocol.
-#
-# Also modifies the file system table.
-#
-# @param server Hostname or IP of remote server
-# @param source Path of remote file system to mount
-#
-# **See also:** `nfs_p()`, `unmount()`
-{
- mount_type => "nfs";
- mount_source => "$(source)";
- mount_server => "$(server)";
- edit_fstab => "true";
-}
-
-##
-
-body mount nfs_p(server,source,perm)
-# @brief Mounts the storage via nfs, with `perm` passed as options to mount.
-#
-# Also modifies the file system table.
-#
-# @param server Hostname or IP of remote server
-# @param source Path of remote file system to mount
-# @param perm A list of options that's passed to the mount command
-#
-# **See also:** `nfs`, `unmount()`
-{
- mount_type => "nfs";
- mount_source => "$(source)";
- mount_server => "$(server)";
- mount_options => {"$(perm)"};
- edit_fstab => "true";
-}
-
-##
-
-body mount unmount
-# @brief Unmounts the nfs storage.
-#
-# Also modifies the file system table.
-#
-# **See also:** `nfs()`, `nfs_p()`
-{
- mount_type => "nfs";
- edit_fstab => "true";
- unmount => "true";
-}
+++ /dev/null
-############################################################################
-# Copyright (C) CFEngine AS
-#
-# This program is free software; you can redistribute it and/or modify it
-# under the terms of the GNU Lesser General Public License LGPL as published by the
-# Free Software Foundation; version 3.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU General Public License for more details.
-#
-# To the extent this program is licensed as part of the Enterprise
-# versions of CFEngine, the applicable Commercial Open Source License
-# (COSL) may apply to this file if you as a licensee so wish it. See
-# included file COSL.txt.
-###########################################################################
-#
-# CFEngine Community Open Promise-Body Library
-#
-# This initiative started by CFEngine promotes a
-# standardized set of names and promise specifications
-# for template functionality within CFEngine 3.
-#
-# The aim is to promote an industry standard for
-# naming of configuration patterns, leading to a
-# de facto middleware of standardized syntax.
-#
-# Names should be intuitive and parameters should be
-# minimal to assist readability and comprehensibility.
-
-# Contributions to this file are voluntarily given to
-# the cfengine community, and are moderated by CFEngine.
-# No liability or warranty for misuse is implied.
-#
-# If you add to this file, please try to make the
-# contributions "self-documenting". Comments made
-# after the bundle/body statement are retained in
-# the online docs
-#
-
-# For CFEngine Core: 3.6.0 to 3.6.x
-# Users bodies
-
-###################################################
-# If you find CFEngine useful, please consider #
-# purchasing a commercial version of the software.#
-###################################################
-
-body password plaintext_password(text)
-# @brief Sets the plaintext password for the user to `text`
-# @param text the plain text version of the password
-#
-# **Note:** Don't use that unless you really have no choice
-#
-# **See also:** `hashed_password()`
-{
- format => "plaintext";
- data => $(text);
-}
-
-body password hashed_password(hash)
-# @brief Sets the hashed password for the user to `hash`
-# @param hash the hashed representation of the password
-#
-# The hashing method is up to the platform.
-#
-# **See also:** `plaintext_password()`
-{
- format => "hash";
- data => $(hash);
-}
+++ /dev/null
-#!/opt/cfengine/bin/cf-agent --inform
-
-bundle common g
-{
- vars:
- "workdir" string => "/opt/enigmabox/cfengine-promises";
- "network_profile" string => readfile("/etc/enigmabox/network-profile" , "33");
- "site" string => "/box/.cf-site.json";
-}
-
-
-
-body common control
-{
- inputs => {
- "$(g.workdir)/lib/files.cf",
- "$(g.workdir)/system_network/bundle.cf",
- "$(g.workdir)/app_cjdns/bundle.cf",
- "$(g.workdir)/app_telephony/bundle.cf",
- "$(g.workdir)/app_email/bundle.cf",
- "$(g.workdir)/app_webfilter/bundle.cf",
- "$(g.workdir)/app_security/bundle.cf",
-# "$(g.workdir)/app_database/bundle.cf",
- };
-
- bundlesequence => {
- "system_network",
- "app_cjdns",
- "app_telephony",
- "app_email",
- "app_webfilter",
- "app_security",
-# "app_database",
- };
-}
-
-body perms script
-{
- mode => "755";
-}
-
-body perms file
-{
- mode => "644";
-}
-
-body copy_from local_copy(from)
-{
- source => "$(from)";
- compare => "hash";
- copy_backup => false;
-}
-
+++ /dev/null
-
-bundle agent system_base
-{
- services:
- "cron"
- service_policy => "start";
-
- files:
- "/etc/lighttpd/lighttpd.conf"
- edit_template => "$(this.promise_dirname)/templates/lighttpd.conf",
- edit_defaults => no_backup,
- classes => if_repaired("restart_lighttpd");
-
- "/etc/config/network"
- edit_template => "$(this.promise_dirname)/templates/config-network.$(g.network_profile)",
- edit_defaults => no_backup,
- classes => if_repaired("restart_network");
-
- "/etc/config/radvd"
- edit_template => "$(this.promise_dirname)/templates/config-radvd.$(g.network_profile)",
- edit_defaults => no_backup,
- classes => if_repaired("restart_radvd");
-
- "/etc/config/system"
- edit_template => "$(this.promise_dirname)/templates/config-system",
- edit_defaults => no_backup,
- classes => if_repaired("restart_system");
-
- "/etc/sysupgrade.conf"
- edit_template => "$(this.promise_dirname)/templates/sysupgrade.conf",
- edit_defaults => no_backup;
-
- "/etc/banner"
- edit_template => "$(this.promise_dirname)/templates/banner",
- edit_defaults => no_backup;
-
- "/etc/inittab"
- edit_template => "$(this.promise_dirname)/templates/inittab",
- edit_defaults => no_backup;
-
- "/etc/crontabs/root"
- create => "true",
- edit_template => "$(this.promise_dirname)/templates/crontab",
- edit_defaults => no_backup;
-
- "/usr/libexec/."
- create => "true";
-
- "/usr/libexec/sftp-server"
- link_from => ln_s("/usr/bin/gesftpserver");
-
- commands:
- restart_lighttpd::
- "/etc/init.d/lighttpd restart";
-
- restart_network::
- "/etc/init.d/network restart";
-
- restart_radvd::
- "/etc/init.d/radvd restart";
-
- restart_system::
- "/etc/init.d/system restart";
-}
-
+++ /dev/null
- _____ _ _
-| ___| (_) | |
-| |__ _ __ _ __ _ _ __ ___ __ _| |__ _____ __
-| __| '_ \| |/ _` | '_ ` _ \ / _` | '_ \ / _ \ \/ /
-| |__| | | | | (_| | | | | | | (_| | |_) | (_) > <
-\____/_| |_|_|\__, |_| |_| |_|\__,_|_.__/ \___/_/\_\
- __/ |
- |___/
-
-Type "hello" for a brief introduction
-
+++ /dev/null
-
-config interface 'loopback'
- option ifname 'lo'
- option proto 'static'
- option ipaddr '127.0.0.1'
- option netmask '255.0.0.0'
-
-config interface 'eth0'
- option ifname 'eth0'
- option proto 'dhcp'
-
-config interface 'eth1'
- option ifname 'eth1'
- option proto 'static'
- option ipaddr '192.168.100.1'
- option netmask '255.255.255.0'
- option ip6addr 'fdfc::1/64'
-
-config interface 'eth2'
- option ifname 'eth2'
- option proto 'static'
- option ipaddr '192.168.101.1'
- option netmask '255.255.255.0'
- option ip6addr 'fdfc::2/64'
-
-config globals 'globals'
- option ula_prefix 'fd9a:6a77:bce8::/48'
-
+++ /dev/null
-
-config interface 'loopback'
- option ifname 'lo'
- option proto 'static'
- option ipaddr '127.0.0.1'
- option netmask '255.0.0.0'
-
-config interface 'eth0'
- option ifname 'eth0'
- option proto 'static'
- option ipaddr '192.168.101.1'
- option netmask '255.255.255.0'
- option ip6addr 'fdfc::2/64'
-
-config interface 'eth1'
- option ifname 'eth1'
- option proto 'static'
- option ipaddr '192.168.100.1'
- option netmask '255.255.255.0'
- option ip6addr 'fdfc::1/64'
-
-config interface 'eth2'
- option ifname 'eth0'
- option proto 'dhcp'
-
-config globals 'globals'
- option ula_prefix 'fd9a:6a77:bce8::/48'
-
+++ /dev/null
-
-config interface 'loopback'
- option ifname 'lo'
- option proto 'static'
- option ipaddr '127.0.0.1'
- option netmask '255.0.0.0'
-
-config interface 'eth0'
- option ifname 'eth0'
- option proto 'static'
- option ipaddr '192.168.100.1'
- option netmask '255.255.255.0'
-
-config globals 'globals'
- option ula_prefix 'fd9a:6a77:bce8::/48'
-
+++ /dev/null
-config interface
- option interface 'eth1'
- option AdvSendAdvert 1
- option AdvRetransTimer 5000
- option MinRtrAdvInterval 3
- option MaxRtrAdvInterval 10
-
-config prefix
- option interface 'eth1'
- option prefix 'fdfc::1/64'
- option AdvRouterAddr 1
-
-config interface
- option interface 'eth2'
- option AdvSendAdvert 1
- option AdvRetransTimer 5000
- option MinRtrAdvInterval 3
- option MaxRtrAdvInterval 10
-
-config prefix
- option interface 'eth2'
- option prefix 'fdfc::2/64'
- option AdvRouterAddr 1
-
+++ /dev/null
-config interface
- option interface 'eth1'
- option AdvSendAdvert 1
- option AdvRetransTimer 5000
- option MinRtrAdvInterval 3
- option MaxRtrAdvInterval 10
-
-config prefix
- option interface 'eth1'
- option prefix 'fdfc::1/64'
- option AdvRouterAddr 1
-
-config interface
- option interface 'eth0'
- option AdvSendAdvert 1
- option AdvRetransTimer 5000
- option MinRtrAdvInterval 3
- option MaxRtrAdvInterval 10
-
-config prefix
- option interface 'eth0'
- option prefix 'fdfc::2/64'
- option AdvRouterAddr 1
-
+++ /dev/null
-config interface
- option interface 'eth0'
- option AdvSendAdvert 1
- option AdvRetransTimer 5000
- option MinRtrAdvInterval 3
- option MaxRtrAdvInterval 10
-
-config prefix
- option interface 'eth0'
- option prefix 'fdfc::1/64'
- option AdvRouterAddr 1
-
+++ /dev/null
-
-config system
- option hostname box
- option timezone UTC
-
-config timeserver ntp
- list server 0.openwrt.pool.ntp.org
- list server 1.openwrt.pool.ntp.org
- list server 2.openwrt.pool.ntp.org
- list server 3.openwrt.pool.ntp.org
- option enable_server 0
-
+++ /dev/null
-
-# cjdns networking
-* * * * * /usr/sbin/setup-cjdns-networking &> /dev/null
-
-# subscriber stuff
-0 */2 * * * /usr/sbin/subscriber-stuff sleep &> /dev/null
-
+++ /dev/null
-::sysinit:/etc/init.d/rcS S boot
-::shutdown:/etc/init.d/rcS K shutdown
+++ /dev/null
-# lighttpd configuration file
-#
-## modules to load
-# all other module should only be loaded if really neccesary
-# - saves some time
-# - saves memory
-server.modules = (
- "mod_rewrite",
-# "mod_redirect",
-# "mod_alias",
- "mod_auth",
-# "mod_status",
- "mod_setenv",
- "mod_fastcgi",
- "mod_proxy",
-# "mod_simple_vhost",
-# "mod_cgi",
-# "mod_ssi",
-# "mod_usertrack",
-# "mod_expire",
-# "mod_webdav"
-)
-
-# force use of the "write" backend (closes: #2401)
-server.network-backend = "write"
-
-## a static document-root, for virtual-hosting take look at the
-## server.virtual-* options
-server.document-root = "/www/"
-
-## where to send error-messages to
-server.errorlog = "/var/log/lighttpd/error.log"
-
-## files to check for if .../ is requested
-index-file.names = ( "index.php", "index.html",
- "index.htm", "default.htm",
- " index.lighttpd.html" )
-
-## mimetype mapping
-mimetype.assign = (
- ".pdf" => "application/pdf",
- ".class" => "application/octet-stream",
- ".pac" => "application/x-ns-proxy-autoconfig",
- ".swf" => "application/x-shockwave-flash",
- ".wav" => "audio/x-wav",
- ".gif" => "image/gif",
- ".jpg" => "image/jpeg",
- ".jpeg" => "image/jpeg",
- ".png" => "image/png",
- ".svg" => "image/svg+xml",
- ".css" => "text/css",
- ".html" => "text/html",
- ".htm" => "text/html",
- ".js" => "text/javascript",
- ".txt" => "text/plain",
- ".dtd" => "text/xml",
- ".xml" => "text/xml"
- )
-
-## Use the "Content-Type" extended attribute to obtain mime type if possible
-#mimetypes.use-xattr = "enable"
-
-## send a different Server: header
-## be nice and keep it at lighttpd
-#server.tag = "lighttpd"
-
-$HTTP["url"] =~ "\.pdf$" {
- server.range-requests = "disable"
-}
-
-##
-# which extensions should not be handle via static-file transfer
-#
-# .php, .pl, .fcgi are most often handled by mod_fastcgi or mod_cgi
-static-file.exclude-extensions = ( ".php", ".pl", ".fcgi" )
-
-######### Options that are good to be but not neccesary to be changed #######
-
-## bind to port (default: 80)
-#server.port = 81
-
-## bind to localhost (default: all interfaces)
-#server.bind = "localhost"
-
-## error-handler for status 404
-#server.error-handler-404 = "/error-handler.html"
-#server.error-handler-404 = "/error-handler.php"
-
-## to help the rc.scripts
-server.pid-file = "/var/run/lighttpd.pid"
-
-
-###### virtual hosts
-##
-## If you want name-based virtual hosting add the next three settings and load
-## mod_simple_vhost
-##
-## document-root =
-## virtual-server-root + virtual-server-default-host + virtual-server-docroot or
-## virtual-server-root + http-host + virtual-server-docroot
-##
-#simple-vhost.server-root = "/home/weigon/wwwroot/servers/"
-#simple-vhost.default-host = "grisu.home.kneschke.de"
-#simple-vhost.document-root = "/pages/"
-
-
-##
-## Format: <errorfile-prefix><status>.html
-## -> ..../status-404.html for 'File not found'
-#server.errorfile-prefix = "/www/error-"
-
-## virtual directory listings
-#server.dir-listing = "enable"
-
-## send unhandled HTTP-header headers to error-log
-#debug.dump-unknown-headers = "enable"
-
-### only root can use these options
-#
-# chroot() to directory (default: no chroot() )
-#server.chroot = "/"
-
-## change uid to <uid> (default: don't care)
-#server.username = "nobody"
-#
-server.upload-dirs = ( "/tmp" )
-
-## change uid to <uid> (default: don't care)
-#server.groupname = "nobody"
-
-#### compress module
-#compress.cache-dir = "/dev/null/"
-#compress.filetype = ("text/plain", "text/html")
-
-#### proxy module
-## read proxy.txt for more info
-#proxy.server = (
-# ".php" => (
-# "localhost" => (
-# "host" => "192.168.0.101",
-# "port" => 80
-# )
-# )
-#)
-
-#### fastcgi module
-## read fastcgi.txt for more info
-#fastcgi.server = (
-# ".php" => (
-# "localhost" => (
-# "socket" => "/tmp/php-fastcgi.socket",
-# "bin-path" => "/usr/local/bin/php"
-# )
-# )
-#)
-
-#### CGI module
-#cgi.assign = ( ".pl" => "/usr/bin/perl", ".cgi" => "/usr/bin/perl" )
-
-#### SSL engine
-#ssl.engine = "enable"
-#ssl.pemfile = "server.pem"
-
-#### status module
-#status.status-url = "/server-status"
-#status.config-url = "/server-config"
-
-#### auth module
-## read authentification.txt for more info
-#auth.backend = "plain"
-#auth.backend.plain.userfile = "lighttpd.user"
-#auth.backend.plain.groupfile = "lighttpd.group"
-#auth.require = (
-# "/server-status" => (
-# "method" => "digest",
-# "realm" => "download archiv",
-# "require" => "group=www|user=jan|host=192.168.2.10"
-# ),
-# "/server-info" => (
-# "method" => "digest",
-# "realm" => "download archiv",
-# "require" => "group=www|user=jan|host=192.168.2.10"
-# )
-#)
-
-#### url handling modules (rewrite, redirect, access)
-#url.rewrite = ( "^/$" => "/server-status" )
-#url.redirect = ( "^/wishlist/(.+)" => "http://www.123.org/$1" )
-
-#### both rewrite/redirect support back reference to regex conditional using %n
-#$HTTP["host"] =~ "^www\.(.*)" {
-# url.redirect = ( "^/(.*)" => "http://%1/$1" )
-#}
-
-#### expire module
-#expire.url = ( "/buggy/" => "access 2 hours", "/asdhas/" => "access plus 1 seconds 2 minutes")
-
-#### ssi
-#ssi.extension = ( ".shtml" )
-
-#### setenv
-#setenv.add-request-header = ( "TRAV_ENV" => "mysql://user@host/db" )
-#setenv.add-response-header = ( "X-Secret-Message" => "42" )
-
-#### variable usage:
-## variable name without "." is auto prefixed by "var." and becomes "var.bar"
-#bar = 1
-#var.mystring = "foo"
-
-## integer add
-#bar += 1
-## string concat, with integer cast as string, result: "www.foo1.com"
-#server.name = "www." + mystring + var.bar + ".com"
-## array merge
-#index-file.names = (foo + ".php") + index-file.names
-#index-file.names += (foo + ".php")
-
-#### include
-#include /etc/lighttpd/lighttpd-inc.conf
-## same as above if you run: "lighttpd -f /etc/lighttpd/lighttpd.conf"
-#include "lighttpd-inc.conf"
-
-#### include_shell
-#include_shell "echo var.a=1"
-## the above is same as:
-#var.a=1
-
-#### webdav
-#$HTTP["url"] =~ "^/webdav($|/)" {
-# webdav.activate = "enable"
-# webdav.is-readonly = "enable"
-# webdav.sqlite-db-name = "/var/run/lighttpd-webdav-lock.db"
-#}
-
-include_shell "cat /etc/lighttpd/sites.d/*.conf"
-
+++ /dev/null
-## This file contains files and directories that should
-## be preserved during an upgrade.
-
-# /etc/example.conf
-# /etc/openvpn/
-
-/etc/enigmabox/addressbook.db
-/etc/enigmabox/opkg.conf
-/etc/enigmabox/opkg-testing.conf
-/box/settings.sqlite
-/box/teletext.db
-/box/server.json
-/box/ssl/
-/box/cjdroute.conf
-
+++ /dev/null
-
-bundle agent system_network
-{
- vars:
- "json"
- data => readjson("$(g.site)", 64000);
-
- classes:
- "missioncontrol"
- expression => regcmp("true", "$(json[if_missioncontrol])");
-
- files:
- "/etc/hosts"
- template_method => "mustache",
- template_data => readjson("$(g.site)", 64000),
- edit_template => "$(this.promise_dirname)/templates/hosts.mustache",
- edit_defaults => no_backup,
- classes => if_repaired("restart_dnsmasq");
-
- "/etc/enigmabox/display_names"
- create => "true",
- template_method => "mustache",
- template_data => readjson("$(g.site)", 64000),
- edit_template => "$(this.promise_dirname)/templates/display_names.mustache",
- edit_defaults => no_backup;
-
- "/etc/dhcpd.conf"
- edit_template => "$(this.promise_dirname)/templates/dhcpd.conf",
- classes => if_repaired("restart_dhcpd");
-
- "/etc/config/dhcp"
- edit_template => "$(this.promise_dirname)/templates/config-dhcp",
- classes => if_repaired("restart_dnsmasq"),
- edit_defaults => no_backup;
-
- "/usr/sbin/rebuild-iptables"
- create => "true",
- perms => script,
- template_method => "mustache",
- template_data => readjson("$(g.site)", 64000),
- edit_template => "$(this.promise_dirname)/templates/rebuild-iptables.mustache",
- edit_defaults => no_backup,
- classes => if_repaired("rebuild_iptables");
-
- missioncontrol::
- "/etc/enigmabox/autoupdates"
- create => "true",
- template_method => "mustache",
- template_data => readjson("$(g.site)", 64000),
- edit_template => "$(this.promise_dirname)/templates/autoupdates.mustache",
- edit_defaults => no_backup;
-
- commands:
- restart_dnsmasq::
- "/etc/init.d/dnsmasq restart";
-
- restart_dhcpd::
- "/etc/init.d/dhcpd restart";
-
- rebuild_iptables::
- "/usr/sbin/rebuild-iptables";
-
- reports:
- "checking network configuration: done";
-}
-
+++ /dev/null
-{{autoupdates}}
+++ /dev/null
-config dnsmasq
- option domainneeded '1'
- option boguspriv '1'
- option filterwin2k '1'
- option localise_queries '1'
- option rebind_protection '1'
- option rebind_localhost '1'
-# option local '/lan/'
- option domain 'box'
- option expandhosts '1'
- option nonegcache '0'
- option authoritative '1'
- option readethers '1'
- option leasefile '/tmp/dhcp.leases'
- option resolvfile '/etc/resolv.conf.enigmabox'
-
+++ /dev/null
-ddns-update-style none;
-default-lease-time 86400;
-max-lease-time 604800;
-authoritative;
-log-facility local7;
-option domain-name "box";
-option domain-name-servers 192.168.100.1;
-option tftp-server-name "http://box:8080";
-
-subnet 192.168.100.0 netmask 255.255.255.0 {
- range 192.168.100.50 192.168.100.150;
- option routers 192.168.100.1;
-}
-
-subnet 192.168.101.0 netmask 255.255.255.0 {
- range 192.168.101.50 192.168.101.150;
- option routers 192.168.101.1;
-}
-
+++ /dev/null
-{{#addresses}}
-{{hostname}}|{{display_name}}
-{{/addresses}}
+++ /dev/null
-127.0.0.1 localhost
-::1 localhost ip6-localhost ip6-loopback
-fe00::0 ip6-localnet
-ff00::0 ip6-mcastprefix
-ff02::1 ip6-allnodes
-ff02::2 ip6-allrouters
-
-# enigmabox internal
-192.168.100.1 box enigma mail text box.enigmabox.net
-{{#missioncontrol}}
-{{ip}} {{hostname}}
-{{/missioncontrol}}
-
-# enigmabox hosts
-{{#if_cjdns_v6}}
-fc5d:524c:f21d:bbef:6742:1008:a105:b60e directory
-{{/if_cjdns_v6}}
-{{^if_cjdns_v6}}
-fcef:1264:ac19:6fac:5942:ed13:06bf:f4ae directory
-{{/if_cjdns_v6}}
-fcd9:08a6:d9c1:5f57:d221:1ba0:35c9:6ff1 schallundrauch.h
-
-# friends
-{{#addresses}}
-{{ipv6}} {{hostname}}
-{{/addresses}}
-
-# global addresses
-{{#global_addresses}}
-{{ipv6}} {{hostname}}.eb
-{{/global_addresses}}
-
+++ /dev/null
-#!/bin/ash
-
-iptables="/usr/sbin/iptables"
-ip6tables="/usr/sbin/ip6tables"
-network_profile="$(cat /etc/enigmabox/network-profile)"
-
-# define interfaces
-[[ "$network_profile" == "alix" ]] && internal_interfaces="eth1 eth2"
-[[ "$network_profile" == "apu" ]] && internal_interfaces="eth0 eth1"
-[[ "$network_profile" == "raspi" ]] && internal_interfaces="eth0"
-
-
-
-################################################################################
-# init
-################################################################################
-
-# reset all
-$iptables -F
-$iptables -t nat -F
-
-# defaults
-$iptables -P INPUT DROP
-{{#if_missioncontrol}}$iptables -P OUTPUT DROP{{/if_missioncontrol}}
-{{^if_missioncontrol}}$iptables -P OUTPUT ACCEPT{{/if_missioncontrol}}
-$iptables -P FORWARD DROP
-
-################################################################################
-# define interfaces + address groups
-################################################################################
-
-# loopback
-$iptables -A INPUT -i lo -j ACCEPT
-$iptables -A OUTPUT -o lo -j ACCEPT
-
-$iptables -X internal-services
-$iptables -N internal-services
-$iptables -A internal-services -p tcp --dport 22 -j ACCEPT # ssh
-$iptables -A internal-services -p tcp --dport 25 -j ACCEPT # smtp
-$iptables -A internal-services -p udp --dport 53 -j ACCEPT # allow dns requests to tinyproxy
-$iptables -A internal-services -p udp --dport 67:68 -j ACCEPT # dhcp server
-$iptables -A internal-services -p tcp --dport 80 -j ACCEPT # webinterface
-$iptables -A internal-services -p tcp --dport 110 -j ACCEPT # pop3
-$iptables -A internal-services -p tcp --dport 143 -j ACCEPT # imap
-$iptables -A internal-services -p udp --dport 5060 -j ACCEPT # voip phone
-$iptables -A internal-services -p tcp --dport 8117 -j ACCEPT # renew notice
-$iptables -A internal-services -p tcp --dport 8080 -j ACCEPT # grandstream phone provisioning
-$iptables -A internal-services -p tcp --dport 8888 -j ACCEPT # tinyproxy
-$iptables -A internal-services -p icmp -m limit --limit 10/second -j ACCEPT # icmp
-
-$iptables -X internal-in
-$iptables -N internal-in
-for interface in $internal_interfaces; do
- $iptables -A internal-in -i "$interface" -j internal-services
-done
-
-$iptables -X internal-out
-$iptables -N internal-out
-for interface in $internal_interfaces; do
- $iptables -A internal-out -o "$interface" -j ACCEPT
-done
-
-$iptables -X peering-servers
-$iptables -N peering-servers
-{{#peerings}}
-$iptables -A peering-servers --dst {{ip}} -j ACCEPT
-{{/peerings}}
-
-{{#missioncontrol}}
-$iptables -A peering-servers --dst {{ip}} -j ACCEPT
-{{/missioncontrol}}
-
-################################################################################
-# general rules
-################################################################################
-
-# syncookies
-echo 1 > /proc/sys/net/ipv4/tcp_syncookies
-
-# allow related and established
-$iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-$iptables -A OUTPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-
-################################################################################
-# input
-################################################################################
-
-# allow internal interfaces
-$iptables -A INPUT -j internal-in
-
-{{#if_allow_peering}}
-# peering port
-$iptables -A INPUT -p udp --dport {{peering_port}} -j ACCEPT
-{{/if_allow_peering}}
-
-################################################################################
-# output
-################################################################################
-
-$iptables -A OUTPUT -o tun0 -j ACCEPT # that is needed for dnsmasq to make dns requests
-$iptables -A OUTPUT -j peering-servers
-$iptables -A OUTPUT -j internal-out # asterisk needs this
-
-################################################################################
-# forward
-################################################################################
-
-# NAT
-$iptables -A POSTROUTING -t nat -o tun0 -j MASQUERADE
-
-for interface in $internal_interfaces; do
-
- # MTU fix
- $iptables -A FORWARD -i "$interface" -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
-
- # allow forwarding for internal_interfaces, but not for others
- $iptables -A FORWARD -i "$interface" -o tun0 -j ACCEPT
- $iptables -A FORWARD -i tun0 -o "$interface" -m state --state RELATED,ESTABLISHED -j ACCEPT
-
-done
-
-{{#if_display_expiration_notice}}
-# show renew notice if subscription has expired
-for interface in $internal_interfaces; do
- $iptables -t nat -A PREROUTING -i "$interface" -p tcp --dport 80 -j REDIRECT --to-port 8117
-done
-{{/if_display_expiration_notice}}
-
-
-
-################################################################################
-# IPv6
-################################################################################
-
-################################################################################
-# init
-################################################################################
-
-# reset all
-$ip6tables -F
-$ip6tables -t nat -F
-
-# defaults
-$ip6tables -P INPUT DROP
-$ip6tables -P OUTPUT DROP
-$ip6tables -P FORWARD DROP
-
-################################################################################
-# define interfaces + address groups
-################################################################################
-
-# loopback
-$ip6tables -A INPUT -i lo -j ACCEPT
-$ip6tables -A OUTPUT -o lo -j ACCEPT
-
-$ip6tables -X internal-in
-$ip6tables -N internal-in
-for interface in $internal_interfaces; do
- $ip6tables -A internal-in -i "$interface" -j ACCEPT
-done
-
-$ip6tables -X internal-out
-$ip6tables -N internal-out
-for interface in $internal_interfaces; do
- $ip6tables -A internal-out -o "$interface" -j ACCEPT
-done
-
-$ip6tables -X friends-services
-$ip6tables -N friends-services
-$ip6tables -A friends-services -p tcp --dport 25 -j ACCEPT # smtp
-$ip6tables -A friends-services -p tcp --dport 5060 -j ACCEPT # asterisk
-$ip6tables -A friends-services -p udp --dport 5060 -j ACCEPT # asterisk
-$ip6tables -A friends-services -p udp -m udp --dport 10000:20000 -j ACCEPT # rtp
-$ip6tables -A friends-services -p ipv6-icmp -m limit --limit 10/second -j ACCEPT # icmp
-
-$ip6tables -X friends-in
-$ip6tables -N friends-in
-{{#addresses}}
-$ip6tables -A friends-in -i tun0 --src {{ipv6}} -j friends-services
-{{/addresses}}
-
-################################################################################
-# general rules
-################################################################################
-
-# allow related and established
-$ip6tables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-$ip6tables -A OUTPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-
-# allow ping
-$ip6tables -A INPUT -p ipv6-icmp -m limit --limit 10/second -j internal-in
-
-################################################################################
-# input
-################################################################################
-
-# allow friends
-$ip6tables -A INPUT -j friends-in
-
-{{#if_global_availability}}
-# allow ping
-$ip6tables -A INPUT -i tun0 -p ipv6-icmp -m limit --limit 10/second -j ACCEPT
-
-# allow calls from everyone
-$ip6tables -A INPUT -i tun0 -p tcp --dport 5060 -j ACCEPT
-$ip6tables -A INPUT -i tun0 -p udp --dport 5060 -j ACCEPT
-
-# RTP - the media stream
-# (related to the port range in /etc/asterisk/rtp.conf)
-$ip6tables -A INPUT -i tun0 -p udp -m udp --dport 10000:20000 -j ACCEPT
-
-# allow emails from everyone
-$ip6tables -A INPUT -i tun0 -p tcp --dport 25 -j ACCEPT
-{{/if_global_availability}}
-
-{{#if_teletext_enabled}}
-# teletext
-$ip6tables -A INPUT -i tun0 -p tcp --dport 3838 -j ACCEPT
-#$ip6tables -A INPUT -i tun0 -p tcp --sport 3838 -j ACCEPT - test that
-{{/if_teletext_enabled}}
-
-{{#if_webserver_enabled}}
-# hypesite
-$ip6tables -A INPUT -i tun0 -p tcp --dport 80 -j ACCEPT
-{{/if_webserver_enabled}}
-
-# allow webserver access from LAN
-$ip6tables -A INPUT -p tcp --dport 80 -j internal-in
-
-################################################################################
-# output
-################################################################################
-
-# allow OUTPUT for tun0
-$ip6tables -A OUTPUT -o tun0 -j ACCEPT
-
-# allow router advertisements
-#$ip6tables -A OUTPUT -p ipv6-icmp -j internal-out
-
-################################################################################
-# forward
-################################################################################
-
-# NAT
-$ip6tables -A POSTROUTING -t nat -o tun0 -j MASQUERADE
-
-for interface in $internal_interfaces; do
-
- # allow hype access
- $ip6tables -A FORWARD -i "$interface" -o tun0 -j ACCEPT
- $ip6tables -A FORWARD -i tun0 -o "$interface" -m state --state RELATED,ESTABLISHED -j ACCEPT
-
-done
-
-# EOF
+++ /dev/null
-#!/bin/sh /etc/rc.common
-# setup cjdns networking
-
-START=94
-
-start() {
- /usr/sbin/setup-cjdns-networking
-}
-
+++ /dev/null
-#!/usr/bin/env python
-# -*- coding: utf-8 -*-
-# Copyright 2013 Matt Martz
-# All Rights Reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may
-# not use this file except in compliance with the License. You may obtain
-# a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-# License for the specific language governing permissions and limitations
-# under the License.
-
-__version__ = '0.2.5'
-
-# Some global variables we use
-source = None
-shutdown_event = None
-
-import math
-import time
-import os
-import sys
-import threading
-import re
-import signal
-import socket
-
-# Used for bound_interface
-socket_socket = socket.socket
-
-try:
- import xml.etree.cElementTree as ET
-except ImportError:
- try:
- import xml.etree.ElementTree as ET
- except ImportError:
- from xml.dom import minidom as DOM
- ET = None
-
-# Begin import game to handle Python 2 and Python 3
-try:
- from urllib2 import urlopen, Request, HTTPError, URLError
-except ImportError:
- from urllib.request import urlopen, Request, HTTPError, URLError
-
-try:
- from Queue import Queue
-except ImportError:
- from queue import Queue
-
-try:
- from urlparse import urlparse
-except ImportError:
- from urllib.parse import urlparse
-
-try:
- from urlparse import parse_qs
-except ImportError:
- try:
- from urllib.parse import parse_qs
- except ImportError:
- from cgi import parse_qs
-
-try:
- from hashlib import md5
-except ImportError:
- from md5 import md5
-
-try:
- from argparse import ArgumentParser as ArgParser
-except ImportError:
- from optparse import OptionParser as ArgParser
-
-try:
- import builtins
-except ImportError:
- def print_(*args, **kwargs):
- """The new-style print function taken from
- https://pypi.python.org/pypi/six/
-
- """
- fp = kwargs.pop("file", sys.stdout)
- if fp is None:
- return
-
- def write(data):
- if not isinstance(data, basestring):
- data = str(data)
- fp.write(data)
-
- want_unicode = False
- sep = kwargs.pop("sep", None)
- if sep is not None:
- if isinstance(sep, unicode):
- want_unicode = True
- elif not isinstance(sep, str):
- raise TypeError("sep must be None or a string")
- end = kwargs.pop("end", None)
- if end is not None:
- if isinstance(end, unicode):
- want_unicode = True
- elif not isinstance(end, str):
- raise TypeError("end must be None or a string")
- if kwargs:
- raise TypeError("invalid keyword arguments to print()")
- if not want_unicode:
- for arg in args:
- if isinstance(arg, unicode):
- want_unicode = True
- break
- if want_unicode:
- newline = unicode("\n")
- space = unicode(" ")
- else:
- newline = "\n"
- space = " "
- if sep is None:
- sep = space
- if end is None:
- end = newline
- for i, arg in enumerate(args):
- if i:
- write(sep)
- write(arg)
- write(end)
-else:
- print_ = getattr(builtins, 'print')
- del builtins
-
-
-def bound_socket(*args, **kwargs):
- """Bind socket to a specified source IP address"""
-
- global source
- sock = socket_socket(*args, **kwargs)
- sock.bind((source, 0))
- return sock
-
-
-def distance(origin, destination):
- """Determine distance between 2 sets of [lat,lon] in km"""
-
- lat1, lon1 = origin
- lat2, lon2 = destination
- radius = 6371 # km
-
- dlat = math.radians(lat2 - lat1)
- dlon = math.radians(lon2 - lon1)
- a = (math.sin(dlat / 2) * math.sin(dlat / 2) + math.cos(math.radians(lat1))
- * math.cos(math.radians(lat2)) * math.sin(dlon / 2)
- * math.sin(dlon / 2))
- c = 2 * math.atan2(math.sqrt(a), math.sqrt(1 - a))
- d = radius * c
-
- return d
-
-
-class FileGetter(threading.Thread):
- """Thread class for retrieving a URL"""
-
- def __init__(self, url, start):
- self.url = url
- self.result = None
- self.starttime = start
- threading.Thread.__init__(self)
-
- def run(self):
- self.result = [0]
- try:
- if (time.time() - self.starttime) <= 10:
- f = urlopen(self.url)
- while 1 and not shutdown_event.isSet():
- self.result.append(len(f.read(10240)))
- if self.result[-1] == 0:
- break
- f.close()
- except IOError:
- pass
-
-
-def downloadSpeed(files, quiet=False):
- """Function to launch FileGetter threads and calculate download speeds"""
-
- start = time.time()
-
- def producer(q, files):
- for file in files:
- thread = FileGetter(file, start)
- thread.start()
- q.put(thread, True)
- if not quiet and not shutdown_event.isSet():
- sys.stdout.write('.')
- sys.stdout.flush()
-
- finished = []
-
- def consumer(q, total_files):
- while len(finished) < total_files:
- thread = q.get(True)
- while thread.isAlive():
- thread.join(timeout=0.1)
- finished.append(sum(thread.result))
- del thread
-
- q = Queue(6)
- prod_thread = threading.Thread(target=producer, args=(q, files))
- cons_thread = threading.Thread(target=consumer, args=(q, len(files)))
- start = time.time()
- prod_thread.start()
- cons_thread.start()
- while prod_thread.isAlive():
- prod_thread.join(timeout=0.1)
- while cons_thread.isAlive():
- cons_thread.join(timeout=0.1)
- return (sum(finished) / (time.time() - start))
-
-
-class FilePutter(threading.Thread):
- """Thread class for putting a URL"""
-
- def __init__(self, url, start, size):
- self.url = url
- chars = '0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ'
- data = chars * (int(round(int(size) / 36.0)))
- self.data = ('content1=%s' % data[0:int(size) - 9]).encode()
- del data
- self.result = None
- self.starttime = start
- threading.Thread.__init__(self)
-
- def run(self):
- try:
- if ((time.time() - self.starttime) <= 10 and
- not shutdown_event.isSet()):
- f = urlopen(self.url, self.data)
- f.read(11)
- f.close()
- self.result = len(self.data)
- else:
- self.result = 0
- except IOError:
- self.result = 0
-
-
-def uploadSpeed(url, sizes, quiet=False):
- """Function to launch FilePutter threads and calculate upload speeds"""
-
- start = time.time()
-
- def producer(q, sizes):
- for size in sizes:
- thread = FilePutter(url, start, size)
- thread.start()
- q.put(thread, True)
- if not quiet and not shutdown_event.isSet():
- sys.stdout.write('.')
- sys.stdout.flush()
-
- finished = []
-
- def consumer(q, total_sizes):
- while len(finished) < total_sizes:
- thread = q.get(True)
- while thread.isAlive():
- thread.join(timeout=0.1)
- finished.append(thread.result)
- del thread
-
- q = Queue(6)
- prod_thread = threading.Thread(target=producer, args=(q, sizes))
- cons_thread = threading.Thread(target=consumer, args=(q, len(sizes)))
- start = time.time()
- prod_thread.start()
- cons_thread.start()
- while prod_thread.isAlive():
- prod_thread.join(timeout=0.1)
- while cons_thread.isAlive():
- cons_thread.join(timeout=0.1)
- return (sum(finished) / (time.time() - start))
-
-
-def getAttributesByTagName(dom, tagName):
- """Retrieve an attribute from an XML document and return it in a
- consistent format
-
- Only used with xml.dom.minidom, which is likely only to be used
- with python versions older than 2.5
- """
- elem = dom.getElementsByTagName(tagName)[0]
- return dict(list(elem.attributes.items()))
-
-
-def getConfig():
- """Download the speedtest.net configuration and return only the data
- we are interested in
- """
-
- uh = urlopen('http://www.speedtest.net/speedtest-config.php')
- configxml = []
- while 1:
- configxml.append(uh.read(10240))
- if len(configxml[-1]) == 0:
- break
- if int(uh.code) != 200:
- return None
- uh.close()
- try:
- root = ET.fromstring(''.encode().join(configxml))
- config = {
- 'client': root.find('client').attrib,
- 'times': root.find('times').attrib,
- 'download': root.find('download').attrib,
- 'upload': root.find('upload').attrib}
- except AttributeError:
- root = DOM.parseString(''.join(configxml))
- config = {
- 'client': getAttributesByTagName(root, 'client'),
- 'times': getAttributesByTagName(root, 'times'),
- 'download': getAttributesByTagName(root, 'download'),
- 'upload': getAttributesByTagName(root, 'upload')}
- del root
- del configxml
- return config
-
-
-def closestServers(client, all=False):
- """Determine the 5 closest speedtest.net servers based on geographic
- distance
- """
-
- uh = urlopen('http://www.speedtest.net/speedtest-servers.php')
- serversxml = []
- while 1:
- serversxml.append(uh.read(10240))
- if len(serversxml[-1]) == 0:
- break
- if int(uh.code) != 200:
- return None
- uh.close()
- try:
- root = ET.fromstring(''.encode().join(serversxml))
- elements = root.getiterator('server')
- except AttributeError:
- root = DOM.parseString(''.join(serversxml))
- elements = root.getElementsByTagName('server')
- servers = {}
- for server in elements:
- try:
- attrib = server.attrib
- except AttributeError:
- attrib = dict(list(server.attributes.items()))
- d = distance([float(client['lat']), float(client['lon'])],
- [float(attrib.get('lat')), float(attrib.get('lon'))])
- attrib['d'] = d
- if d not in servers:
- servers[d] = [attrib]
- else:
- servers[d].append(attrib)
- del root
- del serversxml
- del elements
-
- closest = []
- for d in sorted(servers.keys()):
- for s in servers[d]:
- closest.append(s)
- if len(closest) == 5 and not all:
- break
- else:
- continue
- break
-
- del servers
- return closest
-
-
-def getBestServer(servers):
- """Perform a speedtest.net "ping" to determine which speedtest.net
- server has the lowest latency
- """
-
- results = {}
- for server in servers:
- cum = []
- url = os.path.dirname(server['url'])
- for i in range(0, 3):
- try:
- uh = urlopen('%s/latency.txt' % url)
- except (HTTPError, URLError):
- cum.append(3600)
- continue
- start = time.time()
- text = uh.read(9)
- total = time.time() - start
- if int(uh.code) == 200 and text == 'test=test'.encode():
- cum.append(total)
- else:
- cum.append(3600)
- uh.close()
- avg = round((sum(cum) / 3) * 1000000, 3)
- results[avg] = server
-
- fastest = sorted(results.keys())[0]
- best = results[fastest]
- best['latency'] = fastest
-
- return best
-
-
-def ctrl_c(signum, frame):
- """Catch Ctrl-C key sequence and set a shutdown_event for our threaded
- operations
- """
-
- global shutdown_event
- shutdown_event.set()
- raise SystemExit('\nCancelling...')
-
-
-def version():
- """Print the version"""
-
- raise SystemExit(__version__)
-
-
-def speedtest():
- """Run the full speedtest.net test"""
-
- global shutdown_event, source
- shutdown_event = threading.Event()
-
- signal.signal(signal.SIGINT, ctrl_c)
-
- description = (
- 'Command line interface for testing internet bandwidth using '
- 'speedtest.net.\n'
- '------------------------------------------------------------'
- '--------------\n'
- 'https://github.com/sivel/speedtest-cli')
-
- parser = ArgParser(description=description)
- # Give optparse.OptionParser an `add_argument` method for
- # compatibility with argparse.ArgumentParser
- try:
- parser.add_argument = parser.add_option
- except AttributeError:
- pass
- parser.add_argument('--share', action='store_true',
- help='Generate and provide a URL to the speedtest.net '
- 'share results image')
- parser.add_argument('--simple', action='store_true',
- help='Suppress verbose output, only show basic '
- 'information')
- parser.add_argument('--list', action='store_true',
- help='Display a list of speedtest.net servers '
- 'sorted by distance')
- parser.add_argument('--server', help='Specify a server ID to test against')
- parser.add_argument('--mini', help='URL of the Speedtest Mini server')
- parser.add_argument('--source', help='Source IP address to bind to')
- parser.add_argument('--version', action='store_true',
- help='Show the version number and exit')
-
- options = parser.parse_args()
- if isinstance(options, tuple):
- args = options[0]
- else:
- args = options
- del options
-
- # Print the version and exit
- if args.version:
- version()
-
- # If specified bind to a specific IP address
- if args.source:
- source = args.source
- socket.socket = bound_socket
-
- if not args.simple:
- print_('Retrieving speedtest.net configuration...')
- try:
- config = getConfig()
- except URLError:
- print_('Cannot retrieve speedtest configuration')
- sys.exit(1)
-
- if not args.simple:
- print_('Retrieving speedtest.net server list...')
- if args.list or args.server:
- servers = closestServers(config['client'], True)
- if args.list:
- serverList = []
- for server in servers:
- line = ('%(id)4s) %(sponsor)s (%(name)s, %(country)s) '
- '[%(d)0.2f km]' % server)
- serverList.append(line)
- # Python 2.7 and newer seem to be ok with the resultant encoding
- # from parsing the XML, but older versions have some issues.
- # This block should detect whether we need to encode or not
- try:
- unicode()
- print_('\n'.join(serverList).encode('utf-8', 'ignore'))
- except NameError:
- print_('\n'.join(serverList))
- except IOError:
- pass
- sys.exit(0)
- else:
- servers = closestServers(config['client'])
-
- if not args.simple:
- print_('Testing from %(isp)s (%(ip)s)...' % config['client'])
-
- if args.server:
- try:
- best = getBestServer(filter(lambda x: x['id'] == args.server,
- servers))
- except IndexError:
- print_('Invalid server ID')
- sys.exit(1)
- elif args.mini:
- name, ext = os.path.splitext(args.mini)
- if ext:
- url = os.path.dirname(args.mini)
- else:
- url = args.mini
- urlparts = urlparse(url)
- try:
- f = urlopen(args.mini)
- except:
- print_('Invalid Speedtest Mini URL')
- sys.exit(1)
- else:
- text = f.read()
- f.close()
- extension = re.findall('upload_extension: "([^"]+)"', text.decode())
- if not urlparts or not extension:
- print_('Please provide the full URL of your Speedtest Mini server')
- sys.exit(1)
- servers = [{
- 'sponsor': 'Speedtest Mini',
- 'name': urlparts[1],
- 'd': 0,
- 'url': '%s/speedtest/upload.%s' % (url.rstrip('/'), extension[0]),
- 'latency': 0,
- 'id': 0
- }]
- try:
- best = getBestServer(servers)
- except:
- best = servers[0]
- else:
- if not args.simple:
- print_('Selecting best server based on ping...')
- best = getBestServer(servers)
-
- if not args.simple:
- # Python 2.7 and newer seem to be ok with the resultant encoding
- # from parsing the XML, but older versions have some issues.
- # This block should detect whether we need to encode or not
- try:
- unicode()
- print_(('Hosted by %(sponsor)s (%(name)s) [%(d)0.2f km]: '
- '%(latency)s ms' % best).encode('utf-8', 'ignore'))
- except NameError:
- print_('Hosted by %(sponsor)s (%(name)s) [%(d)0.2f km]: '
- '%(latency)s ms' % best)
- else:
- print_('Ping: %(latency)s ms' % best)
-
- sizes = [350, 500, 750, 1000, 1500, 2000, 2500, 3000, 3500, 4000]
- urls = []
- for size in sizes:
- for i in range(0, 4):
- urls.append('%s/random%sx%s.jpg' %
- (os.path.dirname(best['url']), size, size))
- if not args.simple:
- print_('Testing download speed', end='')
- dlspeed = downloadSpeed(urls, args.simple)
- if not args.simple:
- print_()
- print_('Download: %0.2f Mbit/s' % ((dlspeed / 1000 / 1000) * 8))
-
- sizesizes = [int(.25 * 1000 * 1000), int(.5 * 1000 * 1000)]
- sizes = []
- for size in sizesizes:
- for i in range(0, 25):
- sizes.append(size)
- if not args.simple:
- print_('Testing upload speed', end='')
- ulspeed = uploadSpeed(best['url'], sizes, args.simple)
- if not args.simple:
- print_()
- print_('Upload: %0.2f Mbit/s' % ((ulspeed / 1000 / 1000) * 8))
-
- if args.share and args.mini:
- print_('Cannot generate a speedtest.net share results image while '
- 'testing against a Speedtest Mini server')
- elif args.share:
- dlspeedk = int(round((dlspeed / 1000) * 8, 0))
- ping = int(round(best['latency'], 0))
- ulspeedk = int(round((ulspeed / 1000) * 8, 0))
-
- # Build the request to send results back to speedtest.net
- # We use a list instead of a dict because the API expects parameters
- # in a certain order
- apiData = [
- 'download=%s' % dlspeedk,
- 'ping=%s' % ping,
- 'upload=%s' % ulspeedk,
- 'promo=',
- 'startmode=%s' % 'pingselect',
- 'recommendedserverid=%s' % best['id'],
- 'accuracy=%s' % 1,
- 'serverid=%s' % best['id'],
- 'hash=%s' % md5(('%s-%s-%s-%s' %
- (ping, ulspeedk, dlspeedk, '297aae72'))
- .encode()).hexdigest()]
-
- req = Request('http://www.speedtest.net/api/api.php',
- data='&'.join(apiData).encode())
- req.add_header('Referer', 'http://c.speedtest.net/flash/speedtest.swf')
- f = urlopen(req)
- response = f.read()
- code = f.code
- f.close()
-
- if int(code) != 200:
- print_('Could not submit results to speedtest.net')
- sys.exit(1)
-
- qsargs = parse_qs(response.decode())
- resultid = qsargs.get('resultid')
- if not resultid or len(resultid) != 1:
- print_('Could not submit results to speedtest.net')
- sys.exit(1)
-
- print_('Share results: http://www.speedtest.net/result/%s.png' %
- resultid[0])
-
-
-def main():
- try:
- speedtest()
- except KeyboardInterrupt:
- print_('\nCancelling...')
-
-
-if __name__ == '__main__':
- main()
-
-# vim:ts=4:sw=4:expandtab
projects / librecmc / librecmc-fossil.git / commitdiff