danarchy_deploy 0.2.7 → 0.2.8

data/templates/services/mysql/my.cnf.erb

@@ -0,0 +1,143 @@
+# /etc/mysql/my.cnf: The global mysql configuration file.
+
+# The following options will be passed to all MySQL clients
+[client]
+#password                                       = your_password
+port                                            = 3306
+socket                                          = /var/run/mysqld/mysqld.sock
+
+[mysql]
+character-sets-dir=/usr/share/mariadb/charsets
+default-character-set=utf8
+
+[mysqladmin]
+character-sets-dir=/usr/share/mariadb/charsets
+default-character-set=utf8
+
+[mysqlcheck]
+character-sets-dir=/usr/share/mariadb/charsets
+default-character-set=utf8
+
+[mysqldump]
+character-sets-dir=/usr/share/mariadb/charsets
+default-character-set=utf8
+
+[mysqlimport]
+character-sets-dir=/usr/share/mariadb/charsets
+default-character-set=utf8
+
+[mysqlshow]
+character-sets-dir=/usr/share/mariadb/charsets
+default-character-set=utf8
+
+[myisamchk]
+character-sets-dir=/usr/share/mariadb/charsets
+
+[myisampack]
+character-sets-dir=/usr/share/mariadb/charsets
+
+# use [safe_mysqld] with mysql-3
+[mysqld_safe]
+err-log                                         = /var/log/mysql/mysqld.err
+
+# add a section [mysqld-4.1] or [mysqld-5.0] for specific configurations
+[mysqld]
+expire_logs_days		= 30
+character-set-server            = utf8
+user                            = mysql
+port                            = 3306
+socket                          = /var/run/mysqld/mysqld.sock
+pid-file                        = /var/run/mysqld/mysqld.pid
+log-error                       = /var/log/mysql/mysqld.err
+basedir                         = /usr
+datadir                         = <%= @variables[:datadir] ? @variables[:datadir] : '/var/lib/mysql' %>
+skip-external-locking
+key_buffer_size                 = 16M
+max_allowed_packet              = 4M
+table_open_cache                = 400
+sort_buffer_size                = 512K
+net_buffer_length               = 16K
+read_buffer_size                = 256K
+read_rnd_buffer_size            = 512K
+myisam_sort_buffer_size         = 8M
+lc_messages_dir                 = /usr/share/mariadb
+#Set this to your desired error message language
+lc_messages                     = en_US
+
+# security:
+# using "localhost" in connects uses sockets by default
+# skip-networking
+bind-address                            = <%= @variables[:bind_address] ? @variables[:bind_address] : '127.0.0.1' %>
+skip-name-resolve
+
+log-bin					= /var/log/mysql/mysql-bin.log
+binlog_format				= MIXED
+binlog_expire_logs_seconds		= 604800 # 7 days binlogs
+server-id                               = 1
+
+# point the following paths to different dedicated disks
+tmpdir                                          = /tmp/
+#log-update                             = /path-to-dedicated-directory/hostname
+
+# you need the debug USE flag enabled to use the following directives,
+# if needed, uncomment them, start the server and issue
+# #tail -f /tmp/mysqld.sql /tmp/mysqld.trace
+# this will show you *exactly* what's happening in your server ;)
+
+#log                                            = /tmp/mysqld.sql
+#gdb
+#debug                                          = d:t:i:o,/tmp/mysqld.trace
+#one-thread
+
+# the rest of the innodb config follows:
+# don't eat too much memory, we're trying to be safe on 64Mb boxes
+# you might want to bump this up a bit on boxes with more RAM
+innodb_buffer_pool_size = 128M
+#
+# i'd like to use /var/lib/mysql/innodb, but that is seen as a database :-(
+# and upstream wants things to be under /var/lib/mysql/, so that's the route
+# we have to take for the moment
+#innodb_data_home_dir           = /var/lib/mysql/
+#innodb_log_arch_dir            = /var/lib/mysql/
+#innodb_log_group_home_dir      = /var/lib/mysql/
+# you may wish to change this size to be more suitable for your system
+# the max is there to avoid run-away growth on your machine
+innodb_data_file_path = ibdata1:10M:autoextend:max:128M
+# we keep this at around 25% of of innodb_buffer_pool_size
+# sensible values range from 1MB to (1/innodb_log_files_in_group*innodb_buffer_pool_size)
+innodb_log_file_size = 48M
+# this is the default, increase it if you have very large transactions going on
+innodb_log_buffer_size = 8M
+# see the innodb config docs, the other options are not always safe
+innodb_flush_log_at_trx_commit = 1
+innodb_lock_wait_timeout = 50
+innodb_file_per_table
+
+# Uncomment this to get FEDERATED engine support
+#plugin-load=federated=ha_federated.so
+#loose-federated
+
+[mysqldump]
+quick
+max_allowed_packet                      = 16M
+
+[mysql]
+# uncomment the next directive if you are not familiar with SQL
+#safe-updates
+
+[isamchk]
+key_buffer_size                         = 20M
+sort_buffer_size                        = 20M
+read_buffer                             = 2M
+write_buffer                            = 2M
+
+[myisamchk]
+key_buffer_size                         = 20M
+sort_buffer_size                        = 20M
+read_buffer_size                        = 2M
+write_buffer_size                       = 2M
+
+[mysqlhotcopy]
+interactive-timeout
+
+[mariadb]

data/templates/services/mysql/root_my.cnf.erb

@@ -0,0 +1,11 @@
+[mysql]
+<%= @variables[:host] ? "host=\"#{@variables[:host]}\"\n" : '' -%>
+<%= @variables[:user] ? "user=\"#{@variables[:user]}\"\n" : '' -%>
+<%= @variables[:pass] ? "password=\"#{@variables[:pass]}\"\n" : '' -%>
+<%= @variables[:port] ? "port=\"#{@variables[:port]}\"\n" : '' -%>
+
+[client]
+<%= @variables[:host] ? "host=\"#{@variables[:host]}\"\n" : '' -%>
+<%= @variables[:user] ? "user=\"#{@variables[:user]}\"\n" : '' -%>
+<%= @variables[:pass] ? "password=\"#{@variables[:pass]}\"\n" : '' -%>
+<%= @variables[:port] ? "port=\"#{@variables[:port]}\"\n" : '' -%>

data/templates/services/mysql/user_db_grants.sql.erb

@@ -0,0 +1,33 @@
+DROP DATABASE IF EXISTS test;
+
+<% @variables.each do |mysql| -%>
+<% if mysql[:action] == 'grant' -%>
+
+CREATE DATABASE IF NOT EXISTS `<%= mysql[:database] %>`;
+GRANT <%= mysql[:grants].join(', ') %>
+      ON `<%= mysql[:database] %>`.*
+      TO `<%= mysql[:user] %>`@`<%= mysql[:host] %>`
+      IDENTIFIED BY '<%= DanarchyDeploy::Helpers.decode_base64(mysql[:password]) %>';
+
+<% elsif mysql[:action] == 'revoke' -%>
+
+REVOKE <%= mysql[:grants].join(', ') %>
+      ON `<%= mysql[:database] %>`.*
+      FROM `<%= mysql[:user] %>`@`<%= mysql[:host] %>`;
+
+<% elsif mysql[:action] == 'drop' %>
+
+DROP DATABASE IF EXISTS <%= mysql[:database] %>;
+REVOKE ALL PRIVILEGES
+      ON `<%= mysql[:database] %>`.*
+      FROM `<%= mysql[:user] %>`@`<%= mysql[:host] %>`;
+DROP USER `<%= mysql[:user] %>`;
+
+<% elsif mysql[:action] == 'dropuser' %>
+
+DROP USER IF EXISTS `<%= mysql[:user] %>`@`<%= mysql[:host] %>`;
+
+<% end -%>
+<% end -%>
+
+FLUSH PRIVILEGES;

data/templates/services/mysql/user_db_grants.sql.erb_cleanupUsers

@@ -0,0 +1,52 @@
+DROP DATABASE IF EXISTS test;
+
+<% @variables.each do |mysql| -%>
+<% if mysql[:action] == 'grant' -%>
+
+CREATE DATABASE IF NOT EXISTS `<%= mysql[:database] %>`;
+GRANT <%= mysql[:grants].join(', ') %>
+      ON `<%= mysql[:database] %>`.*
+      TO `<%= mysql[:user] %>`@`<%= mysql[:host] %>`
+      IDENTIFIED BY '<%= DanarchyDeploy::Helpers.decode_base64(mysql[:password]) %>';
+
+<% elsif mysql[:action] == 'revoke' -%>
+
+REVOKE <%= mysql[:grants].join(', ') %>
+      ON `<%= mysql[:database] %>`.*
+      FROM `<%= mysql[:user] %>`@`<%= mysql[:host] %>`;
+
+<% elsif mysql[:action] == 'drop' %>
+
+DROP DATABASE IF EXISTS <%= mysql[:database] %>;
+REVOKE ALL PRIVILEGES
+      ON `<%= mysql[:database] %>`.*
+      FROM `<%= mysql[:user] %>`@`<%= mysql[:host] %>`;
+DROP USER `<%= mysql[:user] %>`;
+
+<% elsif mysql[:action] == 'dropuser' %>
+
+DROP USER IF EXISTS `<%= mysql[:user] %>`@`<%= mysql[:host] %>`;
+
+<% end -%>
+
+# Cleanup user privileges without grants
+SET @keep_hosts = NULL;
+SELECT GROUP_CONCAT(Host) INTO @keep_hosts
+      FROM (
+      	   SELECT Host FROM mysql.db
+	   	  WHERE User = '<%= mysql[:user] %>'
+	   UNION
+	   SELECT Host FROM mysql.tables_priv
+	   	  WHERE User = '<%= mysql[:user] %>'
+	   ) AS T;
+
+SET @drop_users = SELECT GROUP_CONCAT('\'', user, '\'@\'', host, '\'') FROM mysql.user
+    WHERE User = '<%= mysql[:user] %>'
+    AND NOT FIND_IN_SET(Host, @keep_hosts);
+PREPARE stmt1 FROM @drop_users;
+EXECUTE stmt1;
+DEALLOCATE PREPARE stmt1;
+
+<% end -%>
+
+FLUSH PRIVILEGES;

data/templates/services/nginx/nginx.conf.erb

@@ -0,0 +1,48 @@
+user <%= @variables[:web_user] ? @variables[:web_user] : 'nginx' %>;
+worker_processes auto;
+
+error_log /var/log/nginx/error_log info;
+
+events {
+    worker_connections 1024;
+    use epoll;
+
+}
+
+http {
+    include /etc/nginx/mime.types;
+    default_type text/html;
+
+    log_format main
+    	       '$remote_addr - $remote_user [$time_local] '
+	       '"$request" $status $bytes_sent '
+	       '"$http_referer" "$http_user_agent" '
+	       '"$gzip_ratio"';
+
+    client_header_timeout 10m;
+    client_body_timeout 10m;
+    client_max_body_size <%= @variables[:client_max_body_size] ? @variables[:client_max_body_size] : '32mm' %>;
+    send_timeout 10m;
+
+    connection_pool_size 256;
+    client_header_buffer_size 1k;
+    large_client_header_buffers 4 2k;
+    request_pool_size 4k;
+
+    gzip on;
+
+    output_buffers 1 32k;
+    postpone_output 1460;
+
+    sendfile on;
+    tcp_nopush on;
+    tcp_nodelay on;
+
+    keepalive_timeout 75 20;
+
+    ignore_invalid_headers on;
+
+    index index.html;
+
+    include /home/*/nginx/sites-enabled/*.conf;
+}

data/templates/services/php/php-fpm.conf.erb

@@ -0,0 +1,2 @@
+[Global]
+include=/home/*/php-fpm/sites-enabled/*.conf

data/templates/services/postfix/localmail.initial_setup.sh

@@ -0,0 +1,19 @@
+#!/bin/bash
+
+if [[ ${UID} != 0 ]]; then
+    echo 'Run this script as root!'
+    exit 1
+fi
+
+postfix upgrade-configuration
+postfix check
+
+newaliases
+
+if [[ $(which rc-service) ]]; then
+    rc-service postfix restart
+elif [[ $(which systemctl) ]]; then
+     systemctl restart postfix
+else
+    echo 'Unable to determine init system! Restart postfix manually.'
+fi

data/templates/services/postfix/localmail.main.cf.erb

@@ -0,0 +1,41 @@
+
+compatibility_level = 3.8
+
+
+queue_directory = /var/spool/postfix
+command_directory = /usr/sbin
+daemon_directory = /usr/libexec/postfix
+data_directory = /var/lib/postfix
+
+mail_owner = postfix
+myhostname = localhost
+mydomain = localdomain
+
+inet_interfaces = $myhostname, localhost
+mydestination = $myhostname, localhost.$mydomain, localhost
+
+unknown_local_recipient_reject_code = 550
+mynetworks_style = host
+default_transport = error:outside mail is not deliverable
+
+debug_peer_level = 2
+debugger_command =
+	 PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
+	 ddd $daemon_directory/$process_name $process_id & sleep 5
+
+
+sendmail_path = /usr/sbin/sendmail
+newaliases_path = /usr/bin/newaliases
+mailq_path = /usr/bin/mailq
+
+setgid_group = postdrop
+html_directory = no
+
+manpage_directory = /usr/share/man
+sample_directory = /etc/postfix
+
+readme_directory = no
+inet_protocols = ipv4
+shlib_directory = /usr/lib64/postfix/${mail_version}
+meta_directory = /etc/postfix
+home_mailbox = .maildir/

data/templates/services/postfix/mailname.erb

@@ -0,0 +1 @@
+<%= @variables[:hostname] %>

data/templates/services/postfix/mailrelayhost_main.cf.erb

@@ -0,0 +1,33 @@
+smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
+biff = no
+
+# appending .domain is the MUA's job.
+append_dot_mydomain = no
+
+# Uncomment the next line to generate \"delayed mail\" warnings
+#delay_warning_time = 4h
+
+readme_directory = no
+
+# TLS parameters
+smtpd_tls_cert_file = <%= @variables[:ssl_cert] %>
+smtpd_tls_key_file = <%= @variables[:ssl_key] %>
+smtpd_use_tls = <%= @variables[:use_tls] || 'yes' %>
+smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
+smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
+
+# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
+# information on enabling SSL in the smtp client.
+
+smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
+myhostname = <%= @variables[:hostname] %>
+alias_maps = hash:/etc/aliases
+alias_database = hash:/etc/aliases
+myorigin = /etc/mailname
+mydestination = <%= @variables[:hostname] %>, localhost
+relayhost = <%= @variables[:relayhost] %>
+mynetworks = <%= @variables[:mynetworks] %> 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
+mailbox_size_limit = 0
+recipient_delimiter = +
+inet_interfaces = all
+inet_protocols = ipv4

data/templates/services/postfix/main.cf.erb

@@ -0,0 +1,28 @@
+smtpd_banner = $myhostname ESMTP $mail_name
+biff = no
+
+# TLS parameters
+smtpd_use_tls = <%= @variables[:use_tls] %>
+smtpd_tls_auth_only = <%= @variables[:use_tls] %>
+smtpd_tls_cert_file = <%= @variables[:ssl_cert] %>
+smtpd_tls_key_file = <%= @variables[:ssl_key] %>
+smtpd_tls_CAfile = <%= @variables[:ssl_cacert] %>
+
+smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
+smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
+
+# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
+# information on enabling SSL in the smtp client.
+
+smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
+myhostname = <%= @variables[:hostname] %>
+alias_maps = hash:/etc/aliases
+alias_database = hash:/etc/aliases
+myorigin = /etc/mailname
+mydestination = <%= @variables[:hostname] %>, localhost
+relayhost = <%= @variables[:relayhost] %>
+mynetworks = <%= @variables[:mynetworks] %> 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
+mailbox_size_limit = 0
+recipient_delimiter = +
+inet_interfaces = all
+inet_protocols = ipv4

data/templates/services/postfix/master.cf.erb

@@ -0,0 +1,124 @@
+#
+# Postfix master process configuration file.  For details on the format
+# of the file, see the master(5) manual page (command: "man 5 master" or
+# on-line: http://www.postfix.org/master.5.html).
+#
+# Do not forget to execute "postfix reload" after editing this file.
+#
+# ==========================================================================
+# service type  private unpriv  chroot  wakeup  maxproc command + args
+#               (yes)   (yes)   (yes)   (never) (100)
+# ==========================================================================
+smtp      inet  n       -       -       -       -       smtpd
+#smtp      inet  n       -       -       -       1       postscreen
+#smtpd     pass  -       -       -       -       -       smtpd
+#dnsblog   unix  -       -       -       -       0       dnsblog
+#tlsproxy  unix  -       -       -       -       0       tlsproxy
+submission inet n       -       -       -       -       smtpd
+  -o syslog_name=postfix/submission
+  -o smtpd_tls_security_level=encrypt
+#  -o smtpd_sasl_auth_enable=yes
+#  -o smtpd_reject_unlisted_recipient=no
+#  -o smtpd_client_restrictions=$mua_client_restrictions
+#  -o smtpd_helo_restrictions=$mua_helo_restrictions
+#  -o smtpd_sender_restrictions=$mua_sender_restrictions
+#  -o smtpd_recipient_restrictions=
+#  -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
+#  -o milter_macro_daemon_name=ORIGINATING
+smtps     inet  n       -       -       -       -       smtpd
+  -o syslog_name=postfix/smtps
+#  -o smtpd_tls_wrappermode=yes
+#  -o smtpd_sasl_auth_enable=yes
+#  -o smtpd_reject_unlisted_recipient=no
+#  -o smtpd_client_restrictions=$mua_client_restrictions
+#  -o smtpd_helo_restrictions=$mua_helo_restrictions
+#  -o smtpd_sender_restrictions=$mua_sender_restrictions
+#  -o smtpd_recipient_restrictions=
+#  -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
+#  -o milter_macro_daemon_name=ORIGINATING
+#628       inet  n       -       -       -       -       qmqpd
+pickup    unix  n       -       -       60      1       pickup
+cleanup   unix  n       -       -       -       0       cleanup
+qmgr      unix  n       -       n       300     1       qmgr
+#qmgr     unix  n       -       n       300     1       oqmgr
+tlsmgr    unix  -       -       -       1000?   1       tlsmgr
+rewrite   unix  -       -       -       -       -       trivial-rewrite
+bounce    unix  -       -       -       -       0       bounce
+defer     unix  -       -       -       -       0       bounce
+trace     unix  -       -       -       -       0       bounce
+verify    unix  -       -       -       -       1       verify
+flush     unix  n       -       -       1000?   0       flush
+proxymap  unix  -       -       n       -       -       proxymap
+proxywrite unix -       -       n       -       1       proxymap
+smtp      unix  -       -       -       -       -       smtp
+relay     unix  -       -       -       -       -       smtp
+#       -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
+showq     unix  n       -       -       -       -       showq
+error     unix  -       -       -       -       -       error
+retry     unix  -       -       -       -       -       error
+discard   unix  -       -       -       -       -       discard
+local     unix  -       n       n       -       -       local
+virtual   unix  -       n       n       -       -       virtual
+lmtp      unix  -       -       -       -       -       lmtp
+anvil     unix  -       -       -       -       1       anvil
+scache    unix  -       -       -       -       1       scache
+#
+# ====================================================================
+# Interfaces to non-Postfix software. Be sure to examine the manual
+# pages of the non-Postfix software to find out what options it wants.
+#
+# Many of the following services use the Postfix pipe(8) delivery
+# agent.  See the pipe(8) man page for information about ${recipient}
+# and other message envelope options.
+# ====================================================================
+#
+# maildrop. See the Postfix MAILDROP_README file for details.
+# Also specify in main.cf: maildrop_destination_recipient_limit=1
+#
+maildrop  unix  -       n       n       -       -       pipe
+  flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient}
+#
+# ====================================================================
+#
+# Recent Cyrus versions can use the existing "lmtp" master.cf entry.
+#
+# Specify in cyrus.conf:
+#   lmtp    cmd="lmtpd -a" listen="localhost:lmtp" proto=tcp4
+#
+# Specify in main.cf one or more of the following:
+#  mailbox_transport = lmtp:inet:localhost
+#  virtual_transport = lmtp:inet:localhost
+#
+# ====================================================================
+#
+# Cyrus 2.1.5 (Amos Gouaux)
+# Also specify in main.cf: cyrus_destination_recipient_limit=1
+#
+#cyrus     unix  -       n       n       -       -       pipe
+#  user=cyrus argv=/cyrus/bin/deliver -e -r ${sender} -m ${extension} ${user}
+#
+# ====================================================================
+# Old example of delivery via Cyrus.
+#
+#old-cyrus unix  -       n       n       -       -       pipe
+#  flags=R user=cyrus argv=/cyrus/bin/deliver -e -m ${extension} ${user}
+#
+# ====================================================================
+#
+# See the Postfix UUCP_README file for configuration details.
+#
+uucp      unix  -       n       n       -       -       pipe
+  flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
+#
+# Other external delivery methods.
+#
+ifmail    unix  -       n       n       -       -       pipe
+  flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
+bsmtp     unix  -       n       n       -       -       pipe
+  flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient
+scalemail-backend unix	-	n	n	-	2	pipe
+  flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension}
+mailman   unix  -       n       n       -       -       pipe
+  flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
+  ${nexthop} ${user}
+

data/templates/services/postfix/mysql-virtual-alias-maps.cf.erb

@@ -0,0 +1,5 @@
+user = <%= @variables[:user] %>
+password = <%= @variables[:password] %>
+hosts = <%= @variables[:hosts] %>
+dbname = <%= @variables[:dbname] %>
+query = SELECT destination FROM aliases WHERE source='%s'

data/templates/services/postfix/mysql-virtual-mailbox-domains.cf.erb

@@ -0,0 +1,5 @@
+user = <%= @variables[:user] %>
+password = <%= @variables[:password] %>
+hosts = <%= @variables[:hosts] %>
+dbname = <%= @variables[:dbname] %>
+query = SELECT 1 FROM domains WHERE domain='%s'

data/templates/services/postfix/mysql-virtual-mailbox-maps.cf.erb

@@ -0,0 +1,5 @@
+user = <%= @variables[:user] %>
+password = <%= @variables[:password] %>
+hosts = <%= @variables[:hosts] %>
+dbname = <%= @variables[:dbname] %>
+query = SELECT 1 FROM users WHERE email='%s'

data/templates/system/authorized_keys.erb

@@ -0,0 +1,5 @@
+# Deployed by dAnarchyDeploy
+
+<% @variables[:authorized_keys].each do |key| -%>
+<%= "#{key}" %>
+<% end -%>

data/templates/system/crontab.erb

@@ -0,0 +1,8 @@
+# DanarchyDeploy crontab
+SHELL=<%= @variables[:shell] || '/bin/bash' %>
+PATH=<%= @variables[:path] || '/bin:/usr/bin' %>
+BASH_ENV=<%= @variables[:env] || '~/.bashrc' %>
+
+<% @variables[:jobs].each do |job| -%>
+<%= "#{job[:schedule]}\t#{job[:command]}" %>
+<% end -%>

data/templates/system/dmcrypt.erb

@@ -0,0 +1,17 @@
+# DanarchyDeploy dmcrypt
+# How long to wait for each timeout (in seconds).
+dmcrypt_key_timeout=1
+
+# Max number of checks to perform (see dmcrypt_key_timeout).
+#dmcrypt_max_timeout=300
+
+# Number of password retries.
+dmcrypt_retries=2
+
+<% @variables.each do |device, volume| -%>
+<%= "# Encrypted volume name|volgroup|device: #{device}" %>
+<% volume[:variables].each do |key, value| -%>
+<%= key -%>=<%= value %>
+<% end -%>
+<%# intentionally left blank %>
+<% end -%>

data/templates/system/exports.erb

@@ -0,0 +1,4 @@
+# DanarchyDeploy NFS exports
+<% @variables.each do |export| -%>
+<%= "#{export[:filesystem]}\t#{export[:clients]}(#{export[:options]})" %>
+<% end -%>

data/templates/system/fstab.erb

@@ -0,0 +1,4 @@
+# DanarchyDeploy fstab
+<% @variables.each do |mount| -%>
+<%= "#{mount[:filesystem]}\t#{mount[:mountpoint]}\t#{mount[:type]}\t#{mount[:opts]}\t#{mount[:'dump/pass']}" %>
+<% end -%>

data/templates/system/sudoers.erb

@@ -0,0 +1,5 @@
+# Deployed by dAnarchyDeploy
+
+<% @variables[:rules].each do |r| -%>
+<%= "#{r}" %>
+<% end -%>