From 3ee742f0abdb27d41267c967c5a45448db891009 Mon Sep 17 00:00:00 2001
From: Evilham <cvs@evilham.com>
Date: Sun, 26 Apr 2020 17:54:36 +0200
Subject: [PATCH] Kamila's changes +iocage_cone + tinydns* ~
 __daemontools_service

Consider at some point whether or not they are worth upstreaming.
(also __pf_rdr belongs to this batch)
---
 cdist/conf/type/__daemontools_service/man.rst |   6 +
 .../conf/type/__daemontools_service/manifest  |  16 +-
 .../parameter/default/group                   |   0
 .../parameter/default/owner                   |   0
 .../__daemontools_service/parameter/optional  |   2 +
 cdist/conf/type/__iocage_clone/gencode-remote | 152 ++++++++++++++++++
 cdist/conf/type/__iocage_clone/manifest       |   1 +
 .../parameter/default/allow_socket_af         |   1 +
 .../__iocage_clone/parameter/default/bridge   |   1 +
 .../parameter/default/devfs_ruleset           |   1 +
 .../parameter/default/jail_zfs_dataset        |   0
 .../parameter/default/mount_linprocfs         |   1 +
 .../parameter/default/mount_procfs            |   1 +
 .../type/__iocage_clone/parameter/default/net |   1 +
 .../__iocage_clone/parameter/default/state    |   1 +
 .../type/__iocage_clone/parameter/optional    |   7 +
 .../parameter/optional_multiple               |   1 +
 .../type/__iocage_clone/parameter/required    |   2 +
 cdist/conf/type/__tinydns/gencode-remote      |   7 +
 cdist/conf/type/__tinydns/manifest            |   8 +
 cdist/conf/type/__tinydns/parameter/required  |   2 +
 cdist/conf/type/__tinydns_host/gencode-remote |   9 ++
 cdist/conf/type/__tinydns_host/manifest       |   0
 .../type/__tinydns_host/parameter/required    |   1 +
 cdist/conf/type/__tinydns_ns/gencode-remote   |  13 ++
 .../conf/type/__tinydns_ns/parameter/required |   1 +
 26 files changed, 232 insertions(+), 3 deletions(-)
 create mode 100644 cdist/conf/type/__daemontools_service/parameter/default/group
 create mode 100644 cdist/conf/type/__daemontools_service/parameter/default/owner
 create mode 100755 cdist/conf/type/__iocage_clone/gencode-remote
 create mode 100644 cdist/conf/type/__iocage_clone/manifest
 create mode 100644 cdist/conf/type/__iocage_clone/parameter/default/allow_socket_af
 create mode 100644 cdist/conf/type/__iocage_clone/parameter/default/bridge
 create mode 100644 cdist/conf/type/__iocage_clone/parameter/default/devfs_ruleset
 create mode 100644 cdist/conf/type/__iocage_clone/parameter/default/jail_zfs_dataset
 create mode 100644 cdist/conf/type/__iocage_clone/parameter/default/mount_linprocfs
 create mode 100644 cdist/conf/type/__iocage_clone/parameter/default/mount_procfs
 create mode 100644 cdist/conf/type/__iocage_clone/parameter/default/net
 create mode 100644 cdist/conf/type/__iocage_clone/parameter/default/state
 create mode 100644 cdist/conf/type/__iocage_clone/parameter/optional
 create mode 100644 cdist/conf/type/__iocage_clone/parameter/optional_multiple
 create mode 100644 cdist/conf/type/__iocage_clone/parameter/required
 create mode 100644 cdist/conf/type/__tinydns/gencode-remote
 create mode 100644 cdist/conf/type/__tinydns/manifest
 create mode 100644 cdist/conf/type/__tinydns/parameter/required
 create mode 100644 cdist/conf/type/__tinydns_host/gencode-remote
 create mode 100644 cdist/conf/type/__tinydns_host/manifest
 create mode 100644 cdist/conf/type/__tinydns_host/parameter/required
 create mode 100644 cdist/conf/type/__tinydns_ns/gencode-remote
 create mode 100644 cdist/conf/type/__tinydns_ns/parameter/required

diff --git a/cdist/conf/type/__daemontools_service/man.rst b/cdist/conf/type/__daemontools_service/man.rst
index ec1d20ff..9bbbe2f8 100644
--- a/cdist/conf/type/__daemontools_service/man.rst
+++ b/cdist/conf/type/__daemontools_service/man.rst
@@ -40,6 +40,12 @@ run-file
 log-run
    Command to run for log consumption. Default: `multilog t ./main`
 
+owner
+   User to chown to.
+
+group
+   User to chgrp to.
+
 servicedir
    Directory to install into. Default: `/service`
 
diff --git a/cdist/conf/type/__daemontools_service/manifest b/cdist/conf/type/__daemontools_service/manifest
index 78bae285..8a81b5f5 100755
--- a/cdist/conf/type/__daemontools_service/manifest
+++ b/cdist/conf/type/__daemontools_service/manifest
@@ -9,6 +9,8 @@ servicedir=$(cat "$__object/parameter/servicedir")
 run=$(cat "$__object/parameter/run")
 runfile=$(cat "$__object/parameter/run-file")
 logrun=$(cat "$__object/parameter/log-run")
+owner=$(cat "$__object/parameter/owner")
+group=$(cat "$__object/parameter/group")
 
 svc=$(cat "$__type/explorer/svc")
 
@@ -25,14 +27,22 @@ badusage() {
 [ -z "$run$runfile" ] && badusage
 [ -n "$run" ] && [ -n "$runfile" ] && badusage
 
-__directory "$servicedir/$name/log/main" --parents
+flags=""
+if [ -n "$owner" ]; then
+  flags="$flags --owner $owner"
+fi
+if [ -n "$group" ]; then
+  flags="$flags --group $group"
+fi
+
+__directory "$servicedir/$name/log/main" --parents $flags
 
 echo "$RUN_PREFIX$run" | require="__directory/$servicedir/$name/log/main" __config_file "$servicedir/$name/run" \
 	--onchange "svc -t '$servicedir/$name' 2>/dev/null" \
-	--mode 755 \
+	--mode 755 $flags \
 	--source "${runfile:--}"
 
 echo "$RUN_PREFIX$logrun" | require="__directory/$servicedir/$name/log/main" __config_file "$servicedir/$name/log/run" \
 	--onchange "svc -t '$servicedir/$name/log' 2>/dev/null" \
-	--mode 755 \
+	--mode 755 $flags \
 	--source "-"
diff --git a/cdist/conf/type/__daemontools_service/parameter/default/group b/cdist/conf/type/__daemontools_service/parameter/default/group
new file mode 100644
index 00000000..e69de29b
diff --git a/cdist/conf/type/__daemontools_service/parameter/default/owner b/cdist/conf/type/__daemontools_service/parameter/default/owner
new file mode 100644
index 00000000..e69de29b
diff --git a/cdist/conf/type/__daemontools_service/parameter/optional b/cdist/conf/type/__daemontools_service/parameter/optional
index 7e54985f..7c66b514 100644
--- a/cdist/conf/type/__daemontools_service/parameter/optional
+++ b/cdist/conf/type/__daemontools_service/parameter/optional
@@ -1,4 +1,6 @@
+group
 log-run
+owner
 run
 run-file
 servicedir
diff --git a/cdist/conf/type/__iocage_clone/gencode-remote b/cdist/conf/type/__iocage_clone/gencode-remote
new file mode 100755
index 00000000..30d77099
--- /dev/null
+++ b/cdist/conf/type/__iocage_clone/gencode-remote
@@ -0,0 +1,152 @@
+#!/bin/sh
+
+state="$(cat $__object/parameter/state)"
+template="$(cat $__object/parameter/template)"
+ip4_addr="$(cat $__object/parameter/bridge)|$(cat $__object/parameter/ip)"
+interfaces="none:none"
+defaultrouter="none"
+vnet="off"
+jail_zfs_dataset="$(cat $__object/parameter/jail_zfs_dataset)"
+devfs_ruleset="$(cat $__object/parameter/devfs_ruleset)"
+allow_socket_af="$(cat $__object/parameter/allow_socket_af)"
+mount_procfs="$(cat $__object/parameter/mount_procfs)"
+mount_linprocfs="$(cat $__object/parameter/mount_linprocfs)"
+
+if [ "X$state" = "Xabsent" ]; then
+  cat <<EOF
+    iocage stop $__object_id || true
+    iocage destroy -f $__object_id || true
+    rm -f /iocage/jails/$__object_id
+EOF
+else 
+  cat <<EOF
+get_property_zfs () {
+  zfs get -H -o value \$1 "\$2"
+}
+
+get_property_iocage () {
+  get_property_zfs "org.freebsd.iocage:\$1" "/iocage/jails/\$2"
+}
+
+create_new=0
+if [ ! -d /iocage/jails/"$__object_id" ]; then
+  echo "Jail $__object_id does not exist, going to create."
+  create_new=1
+else
+  base=\$(get_property_zfs origin "/iocage/jails/$__object_id")
+  current_template=\$(get_property_zfs org.freebsd.iocage:tag "\$base")
+  if [ "X\$current_template" != "X$template" ]; then
+    echo "Jail $__object_id has base \$current_template, which is not $template. " >&2
+    create_new=1
+  fi
+fi
+
+if [ \$create_new -eq 0 ]; then
+  if [ "off" == "\$(get_property_iocage jail_zfs "$__object_id")" ]; then
+    current_jail_zfs_dataset=""
+  else
+    current_jail_zfs_dataset="\$(get_property_iocage jail_zfs_dataset "$__object_id")"
+  fi
+fi
+
+configure=0
+if [ \$create_new -eq 1 ]; then
+  configure=1
+elif [ "X$vnet" != "X\$(get_property_iocage vnet "$__object_id")" ]; then
+  configure=1
+elif [ "X$ip4_addr" != "X\$(get_property_iocage ip4_addr "$__object_id")" ]; then
+  configure=1
+elif [ "X$interfaces" != "X\$(get_property_iocage interfaces "$__object_id")" ]; then
+  configure=1
+elif [ "X$defaultrouter" != "X\$(get_property_iocage defaultrouter "$__object_id")" ]; then
+  configure=1
+elif [ "X$mount_procfs" != "X\$(get_property_iocage mount_procfs "$__object_id")" ]; then
+  configure=1
+elif [ "X$devfs_ruleset" != "X\$(get_property_iocage devfs_ruleset "$__object_id")" ]; then
+  configure=1
+elif [ "X$allow_socket_af" != "X\$(get_property_iocage allow_socket_af "$__object_id")" ]; then
+  configure=1
+elif [ "X$jail_zfs_dataset" != "X\$current_jail_zfs_dataset" ]; then
+  configure=1
+fi
+
+if [ \$create_new -eq 1 ]; then
+  echo "Creating jail $__object_id" >&2
+
+  iocage stop $__object_id || true
+  iocage destroy -f $__object_id || true
+  # Without VNETs, we should not need this.
+  # TODO(riso): Use nicer path
+  # /root/cdist/ioc deconfigure $__object_id
+
+  rm -f /iocage/jails/$__object_id
+
+  iocage clone $template tag=$__object_id
+  iocage set boot=on $__object_id
+  UUID=\$(iocage list | grep " $__object_id " | awk "{ print \\\$2; }")
+  rm -f /iocage/jails/$__object_id
+  ln -s /iocage/jails/\$UUID /iocage/jails/$__object_id
+else
+  UUID=\$(iocage list | grep " $__object_id " | awk "{ print \\\$2; }")
+  echo "Jail $__object_id already exists, UUID=\$UUID" >&2
+fi
+
+ROOT="/iocage/jails/\$UUID/root"
+FSTAB="/iocage/jails/\$UUID/fstab"
+rm -f \$FSTAB.new
+touch \$FSTAB.new
+cat $__object/parameter/mount 2>/dev/null | \\
+while read mount; do
+  src=\$(echo \$mount | awk -F: "{ print \\\$1; }")
+  dst_rel=\$(echo \$mount | awk -F: "{ print \\\$2; }")
+  dst="/iocage/jails/\$UUID/root/\$dst_rel"
+  mkdir -p "\$dst"
+  echo "\$src	\$dst	nullfs	rw	0	0" >>\$FSTAB.new
+done
+if [ $mount_linprocfs -eq 1 ]; then
+  echo "linproc /iocage/jails/\$UUID/root/compat/linux/proc linprocfs rw 0 0" >>\$FSTAB.new
+fi
+
+fstab_changed=0
+if diff -q \$FSTAB \$FSTAB.new >/dev/null; then
+  # pass
+else
+  configure=1
+  fstab_changed=1
+fi
+
+if [ \$configure -eq 1 ]; then
+  echo "Configuring jail $__object_id." >&2
+  iocage stop $__object_id || true
+
+  iocage set vnet="$vnet" $__object_id
+  iocage set interfaces="$interfaces" $__object_id
+  iocage set hostname="$__object_id" $__object_id
+  iocage set ip4_addr="$ip4_addr" $__object_id
+  iocage set defaultrouter="$defaultrouter" $__object_id
+  iocage set mount_procfs="$mount_procfs" $__object_id
+  iocage set devfs_ruleset="$devfs_ruleset" $__object_id
+  iocage set allow_socket_af="$allow_socket_af" $__object_id
+  if [ -n "$jail_zfs_dataset" ]; then
+    iocage set jail_zfs=on $__object_id
+    iocage set jail_zfs_dataset="$jail_zfs_dataset" $__object_id
+  else
+    iocage set jail_zfs=off $__object_id
+  fi
+
+  if [ \$fstab_changed -eq 1 ]; then
+    umount -afF \$FSTAB || true
+    mv \$FSTAB.new \$FSTAB
+  fi
+
+  iocage start $__object_id || true
+
+  # Iocage creates new mac address, but arp can have an old mac cached.
+  # TODO(riso): Is this true without VNETs?
+  arp -d -a
+else
+  echo "Jail $__object_id is already configured." >&2
+fi
+rm -f \$FSTAB.new
+EOF
+fi
diff --git a/cdist/conf/type/__iocage_clone/manifest b/cdist/conf/type/__iocage_clone/manifest
new file mode 100644
index 00000000..0684fce8
--- /dev/null
+++ b/cdist/conf/type/__iocage_clone/manifest
@@ -0,0 +1 @@
+__package iocage
diff --git a/cdist/conf/type/__iocage_clone/parameter/default/allow_socket_af b/cdist/conf/type/__iocage_clone/parameter/default/allow_socket_af
new file mode 100644
index 00000000..573541ac
--- /dev/null
+++ b/cdist/conf/type/__iocage_clone/parameter/default/allow_socket_af
@@ -0,0 +1 @@
+0
diff --git a/cdist/conf/type/__iocage_clone/parameter/default/bridge b/cdist/conf/type/__iocage_clone/parameter/default/bridge
new file mode 100644
index 00000000..092f51c8
--- /dev/null
+++ b/cdist/conf/type/__iocage_clone/parameter/default/bridge
@@ -0,0 +1 @@
+bridge0
diff --git a/cdist/conf/type/__iocage_clone/parameter/default/devfs_ruleset b/cdist/conf/type/__iocage_clone/parameter/default/devfs_ruleset
new file mode 100644
index 00000000..b8626c4c
--- /dev/null
+++ b/cdist/conf/type/__iocage_clone/parameter/default/devfs_ruleset
@@ -0,0 +1 @@
+4
diff --git a/cdist/conf/type/__iocage_clone/parameter/default/jail_zfs_dataset b/cdist/conf/type/__iocage_clone/parameter/default/jail_zfs_dataset
new file mode 100644
index 00000000..e69de29b
diff --git a/cdist/conf/type/__iocage_clone/parameter/default/mount_linprocfs b/cdist/conf/type/__iocage_clone/parameter/default/mount_linprocfs
new file mode 100644
index 00000000..573541ac
--- /dev/null
+++ b/cdist/conf/type/__iocage_clone/parameter/default/mount_linprocfs
@@ -0,0 +1 @@
+0
diff --git a/cdist/conf/type/__iocage_clone/parameter/default/mount_procfs b/cdist/conf/type/__iocage_clone/parameter/default/mount_procfs
new file mode 100644
index 00000000..573541ac
--- /dev/null
+++ b/cdist/conf/type/__iocage_clone/parameter/default/mount_procfs
@@ -0,0 +1 @@
+0
diff --git a/cdist/conf/type/__iocage_clone/parameter/default/net b/cdist/conf/type/__iocage_clone/parameter/default/net
new file mode 100644
index 00000000..a45fd52c
--- /dev/null
+++ b/cdist/conf/type/__iocage_clone/parameter/default/net
@@ -0,0 +1 @@
+24
diff --git a/cdist/conf/type/__iocage_clone/parameter/default/state b/cdist/conf/type/__iocage_clone/parameter/default/state
new file mode 100644
index 00000000..e7f6134f
--- /dev/null
+++ b/cdist/conf/type/__iocage_clone/parameter/default/state
@@ -0,0 +1 @@
+present
diff --git a/cdist/conf/type/__iocage_clone/parameter/optional b/cdist/conf/type/__iocage_clone/parameter/optional
new file mode 100644
index 00000000..8ca73ed9
--- /dev/null
+++ b/cdist/conf/type/__iocage_clone/parameter/optional
@@ -0,0 +1,7 @@
+state
+bridge
+jail_zfs_dataset
+mount_procfs
+mount_linprocfs
+devfs_ruleset
+allow_socket_af
diff --git a/cdist/conf/type/__iocage_clone/parameter/optional_multiple b/cdist/conf/type/__iocage_clone/parameter/optional_multiple
new file mode 100644
index 00000000..fde64773
--- /dev/null
+++ b/cdist/conf/type/__iocage_clone/parameter/optional_multiple
@@ -0,0 +1 @@
+mount
diff --git a/cdist/conf/type/__iocage_clone/parameter/required b/cdist/conf/type/__iocage_clone/parameter/required
new file mode 100644
index 00000000..209d1544
--- /dev/null
+++ b/cdist/conf/type/__iocage_clone/parameter/required
@@ -0,0 +1,2 @@
+ip
+template
diff --git a/cdist/conf/type/__tinydns/gencode-remote b/cdist/conf/type/__tinydns/gencode-remote
new file mode 100644
index 00000000..824479b6
--- /dev/null
+++ b/cdist/conf/type/__tinydns/gencode-remote
@@ -0,0 +1,7 @@
+servicename=$__object_id
+user="$(cat "$__object/parameter/user")"
+server_ip="$(cat "$__object/parameter/server-ip")"
+
+cat<<EOF
+test -d /etc/tinydns/$servicename || tinydns-conf $user $user /etc/tinydns/$servicename $server_ip
+EOF
diff --git a/cdist/conf/type/__tinydns/manifest b/cdist/conf/type/__tinydns/manifest
new file mode 100644
index 00000000..3d51eddf
--- /dev/null
+++ b/cdist/conf/type/__tinydns/manifest
@@ -0,0 +1,8 @@
+service_name=$__object_id
+user="$(cat "$__object/parameter/user")"
+
+__package djbdns
+__directory /etc/tinydns --mode 755
+__user $user --system --shell /bin/false
+
+require="__daemontools" __link /service/tinydns-$service_name --type symbolic --source /etc/tinydns/$service_name
diff --git a/cdist/conf/type/__tinydns/parameter/required b/cdist/conf/type/__tinydns/parameter/required
new file mode 100644
index 00000000..ac560815
--- /dev/null
+++ b/cdist/conf/type/__tinydns/parameter/required
@@ -0,0 +1,2 @@
+user
+server-ip
diff --git a/cdist/conf/type/__tinydns_host/gencode-remote b/cdist/conf/type/__tinydns_host/gencode-remote
new file mode 100644
index 00000000..e4eb96bc
--- /dev/null
+++ b/cdist/conf/type/__tinydns_host/gencode-remote
@@ -0,0 +1,9 @@
+servicename=$(echo $__object_id | cut -d/ -f1)
+name=$(echo $__object_id | cut -d/ -f2-)
+ip="$(cat "$__object/parameter/ip")"
+
+cat<<EOF
+cd /etc/tinydns/$servicename/root
+grep '=$name:$ip' data 2>/dev/null || ./add-host $name $ip
+make
+EOF
diff --git a/cdist/conf/type/__tinydns_host/manifest b/cdist/conf/type/__tinydns_host/manifest
new file mode 100644
index 00000000..e69de29b
diff --git a/cdist/conf/type/__tinydns_host/parameter/required b/cdist/conf/type/__tinydns_host/parameter/required
new file mode 100644
index 00000000..93d111b2
--- /dev/null
+++ b/cdist/conf/type/__tinydns_host/parameter/required
@@ -0,0 +1 @@
+ip
diff --git a/cdist/conf/type/__tinydns_ns/gencode-remote b/cdist/conf/type/__tinydns_ns/gencode-remote
new file mode 100644
index 00000000..7305e605
--- /dev/null
+++ b/cdist/conf/type/__tinydns_ns/gencode-remote
@@ -0,0 +1,13 @@
+set -x
+
+servicename=$(echo $__object_id | cut -d/ -f1)
+name=$(echo $__object_id | cut -d/ -f2-)
+ip="$(cat "$__object/parameter/ip")"
+
+cat<<EOF
+cd /etc/tinydns/$servicename/root
+grep .$host:$ip data 2>/dev/null || ./add-ns $name $ip
+make
+EOF
+
+set +x
diff --git a/cdist/conf/type/__tinydns_ns/parameter/required b/cdist/conf/type/__tinydns_ns/parameter/required
new file mode 100644
index 00000000..93d111b2
--- /dev/null
+++ b/cdist/conf/type/__tinydns_ns/parameter/required
@@ -0,0 +1 @@
+ip