From 990a7a560c98dcbaa9c9e8deb0968819b646a664 Mon Sep 17 00:00:00 2001
From: David Timber <dxdt@dev.snart.me>
Date: Mon, 16 May 2022 15:53:36 +0800
Subject: Changes ...

- Deprecate palhm-dnssec-check.sh
- Merge  check-dnssec and boot-report config into the sample config
- Add crontab sample
- Reduce Python requirement to 3.5
  - Remove use of capture_output
- boot-report: remove systemd-analyze as the command is not available
  during boot time
- Change config schema
  - "object-groups" and "objects" are now optional
  - Change "boot-report" include behaviour
---
 src/conf/py-sample/boot-report.jsonc |  7 -------
 src/conf/py-sample/conf.d/core.json  | 12 ++++++++++++
 src/conf/py-sample/sample.jsonc      | 37 ++++++++++++++++++++++++++++++++++++
 3 files changed, 49 insertions(+), 7 deletions(-)
 delete mode 100644 src/conf/py-sample/boot-report.jsonc

(limited to 'src/conf/py-sample')

diff --git a/src/conf/py-sample/boot-report.jsonc b/src/conf/py-sample/boot-report.jsonc
deleted file mode 100644
index dd9d606..0000000
--- a/src/conf/py-sample/boot-report.jsonc
+++ /dev/null
@@ -1,7 +0,0 @@
-{
-	"boot-report": {
-		// "mua": "stdout",
-		"mua": "mailx",
-		"mail-to": [ "root" ]
-	}
-}
diff --git a/src/conf/py-sample/conf.d/core.json b/src/conf/py-sample/conf.d/core.json
index 46d3feb..7145eae 100644
--- a/src/conf/py-sample/conf.d/core.json
+++ b/src/conf/py-sample/conf.d/core.json
@@ -36,6 +36,18 @@
 		{
 			"id": "os-release",
 			"argv": [ "/bin/cat", "/etc/os-release" ]
+		},
+		{
+			"id": "dig-dnssec",
+			"argv": [ "/bin/dig", "+short", "+dnssec", "+notcp" ]
+		},
+		{
+			"id": "grep-any",
+			"argv": [ "/bin/grep", "." ]
+		},
+		{
+			"id": "null-stdout-sink",
+			"argv": [ "/bin/cp", "/dev/stdin", "/dev/null" ]
 		}
 	]
 }
diff --git a/src/conf/py-sample/sample.jsonc b/src/conf/py-sample/sample.jsonc
index f1c4501..0da72a6 100644
--- a/src/conf/py-sample/sample.jsonc
+++ b/src/conf/py-sample/sample.jsonc
@@ -3,6 +3,16 @@
 	// "modules": [ "aws" ],
 	"nb-workers": 0,
 	// "vl": 4,
+	"boot-report": {
+		// "mua": "stdout",
+		"mua": "mailx",
+		"mail-to": [ "root" ]
+		// "subject": "Custom Boot Report Subject from {hostname}",
+		// "header": "Custom header content with {hostname} substitution."
+		// "uptime-since": true,
+		// "uptime": true,
+		// "bootid": true
+	},
 	"tasks": [
 		{
 			"id": "backup",
@@ -114,6 +124,33 @@
 				}
 			]
 		},
+		{
+			"id": "check-dnssec",
+			"type": "backup",
+			"backend": "null",
+			"objects": [
+				{
+					"path": "example.com", // Placeholder
+					"pipeline": [
+						/*
+						* Check if dig can query the record with the DNSSEC
+						* validation flag. Empty stdout with zero return code
+						* means SERVFAIL.
+						*/
+						{
+							"type": "exec-append",
+							"exec-id": "dig-dnssec",
+							"argv": [ "ANY", "example.com" ]
+						},
+						/*
+						* Trap for empty dig output grep will return non-zero if
+						* dig have not produced any output
+						*/
+						{ "type": "exec", "exec-id": "grep-any" }
+					]
+				}
+			]
+		},
 		{
 			"id": "default",
 			"type": "routine",
-- 
cgit v1.2.3-70-g09d2