kjg upload

kjg/cdist.org

@@ -1001,3 +1001,94 @@ DEBUG: localhost: cache subpath: 421aa90e079fa326b6494f812ad13e79
 TRACE: localhost: Saving cache: /tmp/tmp4n4p2hbt/421aa90e079fa326b6494f812ad13e79/data to /root/.cdist/cache/421aa90e079fa326b6494f812ad13e79
 INFO: localhost: Finished successful run in 2.17 seconds
 VERBOSE: config: Total processing time for 1 host(s): 2.1842637062072754
+
+
+* cdist3
+
+
+* cdist4
+** Create a new type *__my_nginx*
+On the target host find out which directory nginx includes --> /etc/nginx/sites-enabled
+*** log
+VERBOSE: cdist: version 6.5.5-3-g6f4649ef
+INFO: localhost: Starting configuration run
+VERBOSE: localhost: Running global explorers
+VERBOSE: localhost: Running initial manifest /tmp/tmpchto21_m/421aa90e079fa326b6494f812ad13e79/data/conf/manifest/init
+VERBOSE: localhost: Preparing object __my_nginx/
+VERBOSE: localhost: Running manifest and explorers for __my_nginx/
+VERBOSE: localhost: Running type explorers for <CdistType __my_nginx>
+VERBOSE: localhost: Running type manifest /tmp/tmpchto21_m/421aa90e079fa326b6494f812ad13e79/data/conf/type/__my_nginx/manifest for object __my_nginx/
+VERBOSE: localhost: Preparing object __package/nginx
+VERBOSE: localhost: Running manifest and explorers for __package/nginx
+VERBOSE: localhost: Running type explorers for <CdistType __package>
+VERBOSE: localhost: Running type manifest /tmp/tmpchto21_m/421aa90e079fa326b6494f812ad13e79/data/conf/type/__package/manifest for object __package/nginx
+VERBOSE: localhost: Preparing object __package_apt/nginx
+VERBOSE: localhost: Running manifest and explorers for __package_apt/nginx
+VERBOSE: localhost: Running type explorers for <CdistType __package_apt>
+VERBOSE: localhost: Running object __package_apt/nginx
+VERBOSE: localhost: Running object __package/nginx
+VERBOSE: localhost: Running object __my_nginx/
+INFO: localhost: Finished successful run in 0.87 seconds
+VERBOSE: config: Total processing time for 1 host(s): 0.8785049915313721
+** Create a new tyep *__my_nginx_site*
+root@mynginx2:~#ls -al /etc/nginx/sites-enabled/
+total 16
+drwxr-xr-x 2 root root 4096 May 11 23:29 .
+drwxr-xr-x 8 root root 4096 May 11 21:40 ..
+lrwxrwxrwx 1 root root   34 May 11 21:40 default -> /etc/nginx/sites-available/default
+-rw-r--r-- 1 root root  243 May 11 23:29 mynginx2.test.conf
+-rw-r--r-- 1 root root  243 May 11 23:27 mynginx.test.conf
+root@mynginx2:~#
+
+*** remove nginx and __my_nginx log
+VERBOSE: cdist: version 6.5.5-3-g6f4649ef
+INFO: mynginx2.test: Starting configuration run
+VERBOSE: mynginx2.test: Running global explorers
+VERBOSE: mynginx2.test: Running initial manifest /tmp/tmptq3y42m2/5e977ddad9a0047b183b6d2702795df4/data/conf/manifest/init
+VERBOSE: mynginx2.test: Preparing object __my_nginx_site/mynginx2.test
+VERBOSE: mynginx2.test: Running manifest and explorers for __my_nginx_site/mynginx2.test
+VERBOSE: mynginx2.test: Running type explorers for <CdistType __my_nginx_site>
+VERBOSE: mynginx2.test: Running type manifest /tmp/tmptq3y42m2/5e977ddad9a0047b183b6d2702795df4/data/conf/type/__my_nginx_site/manifest for object __my_nginx_site/mynginx2.test
+ERROR: mynginx2.test: The requirements of the following objects could not be resolved:
+__file/etc/nginx/sites-enabled/mynginx2.test.conf requires:
+        __package/nginx
+__file/etc/nginx/sites-enabled/mynginx2.test.conf autorequires:
+
+__my_nginx_site/mynginx2.test requires:
+
+__my_nginx_site/mynginx2.test autorequires:
+        __file/etc/nginx/sites-enabled/mynginx2.test.conf
+VERBOSE: config: Total processing time for 1 host(s): 0.6650142669677734
+ERROR: cdist: Failed to configure the following hosts: mynginx2.tes
+
+--> nginx is removed and "require" check nginx(__package/nginx)
+
+
+* cdist5
+** What is the difference between gencode-remote and the remote code?
+
+remote code is running on cdist command(cdist config --remote-copy REMOTE_COPY)
+gencode-remote is running on cdist type
+
+remote_copy - use for remote copy with cdist command                                   
+remote_exec - use for remote execution with cdist command
+
+** What is the difference between gencode-local and gencode-remote?
+gencode-local is executed locall, otherwise gencode-remote is executed on the targethost
+
+** Locate a type that comes with upstream cdist that uses gencode-local - which one is it? Why does it need gencode-local?
+__ungleich_dhparam
+
+For running a specific local package
+ex) openssl dhparam -outform PEM -out ${destination}/${domain}_dhparam.pem $keysize
+
+
+
+
+
+
+
+* cdist6
+** __all_in_one
+i used singleton, because it does not need specific host.
+** __firewall

kjg/dot-cdist/manifest/firewall

@@ -0,0 +1,10 @@
+case "$__target_host" in
+    # Everybody has this
+    localhost)
+       __package nftables
+       require="__package/nftables" __my_firewall --file basic
+    ;;
+    *)
+      __my_nginx
+      __my_nginx_site $__target_host #test
+esac

kjg/dot-cdist/manifest/init

@@ -1,6 +1,17 @@
+#!/bin/sh
+
+sh -e "$__manifest/firewall"
+
 case "$__target_host" in
     # Everybody has this
     localhost)
-       __my_computer
+       #__my_computer
+       #__colourful_file test --colour test1 --colour test2
+       #__my_dotfiles
+       __all_in_one --with-x --extra-packages git
     ;;
+    *)
+      __my_nginx
+      __my_nginx_site $__target_host #test
 esac
+

kjg/dot-cdist/type/__all_in_one/manifest

@@ -0,0 +1,38 @@
+#!/bin/sh
+
+os=$(cat "$__global/explorer/os")
+
+case "$os" in
+    alpine)
+        os_pkgs="netcat-openbsd and tshark"
+    ;;
+    debian|devuan)
+        os_pkgs="netcat tshark"
+    ;;
+    fedora)
+        os_pkgs="nmap-ncat wireshark-cli"
+    ;;
+    *)
+        echo "OS $os currently not supported" >&2
+        exit 1
+    ;;
+esac
+
+base_pkgs="socat sipcalc sudo"
+
+
+if [! -f ${__object}/parameter/with-x ]; then
+    for bpkg in ${base_pkgs}; do
+	__package ${bpkg} --state present
+    done
+
+    for opkg in ${os_pkgs}; do
+        __package ${opkg} --state present
+    done
+fi
+
+if [ -f "$__object/parameter/extra-packages" ]; then
+   for epkg in $(cat $__object/parameter/extra-packages); do
+      __package $epkg --state present
+   done
+fi

kjg/dot-cdist/type/__all_in_one/parameter/boolean

@@ -0,0 +1 @@
+with-x

kjg/dot-cdist/type/__all_in_one/parameter/optional_multiple

@@ -0,0 +1 @@
+extra-packages

kjg/dot-cdist/type/__colourful_file/manifest

@@ -0,0 +1,11 @@
+#!/bin/sh
+
+DOMAIN_NAME="$__object_id"
+
+COLOUR=$(cat "$__object/parameter/colour")
+
+if [ -f "$__object/parameter/colour" ]; then
+   for col in $(cat $__object/parameter/colour); do
+      echo "colour="$col >> ~/colourful
+   done
+fi

kjg/dot-cdist/type/__colourful_file/parameter/optional_multiple

@@ -0,0 +1 @@
+colour

kjg/dot-cdist/type/__my_dotfiles/files/.bashrc

@@ -0,0 +1,14 @@
+# .bashrc
+
+# User specific aliases and functions
+
+alias rm='rm -i'
+alias cp='cp -i'
+alias mv='mv -i'
+
+# Source global definitions
+if [ -f /etc/bashrc ]; then
+	. /etc/bashrc
+fi
+
+export PATH=$HOME/cdist/bin:$PATH

kjg/dot-cdist/type/__my_dotfiles/files/.emacs

@@ -0,0 +1,106 @@
+;; Added by Package.el.  This must come before configurations of
+;; installed packages.  Don't delete this line.  If you don't want it,
+;; just comment it out by adding a semicolon to the start of the line.
+;; You may delete these explanatory comments.
+(require 'package)
+(add-to-list 'package-archives
+             '("melpa" . "http://melpa.org/packages/") t)
+(add-to-list 'package-archives '("org" . "https://orgmode.org/elpa/") t)
+(package-initialize)
+
+
+
+(global-set-key (kbd "<f3>") (lambda () (interactive) (find-file (concat "~/ungleich-learning-circle/kjg/learning-"(system-name)"-"(format-time-string "%Y")".org"))))
+(global-set-key (kbd "C-x g") 'magit-status)
+(global-set-key (kbd "C-c a") 'org-agenda)
+(global-set-key (kbd "<f8>")  'org-todo-list)
+
+(custom-set-variables
+ ;; custom-set-variables was added by Custom.
+ ;; If you edit it by hand, you could mess it up, so be careful.
+ ;; Your init file should contain only one such instance.
+ ;; If there is more than one, they won't work right.
+ '(epg-gpg-program "/usr/local/bin/gpg")
+ '(org-agenda-files
+   (quote
+    ("~/ungleich-learning-circle/kjg/todo.org" "~/learning.org")))
+ ;;'(org-directory (expand-file-name "~/ungleich-learning-circle/kjg/"))
+ '(package-selected-packages (quote (org org-gnome org-dp ## which-key magit)))
+ '(send-mail-function (quote sendmail-send-it)))
+(custom-set-faces
+ ;; custom-set-faces was added by Custom.
+ ;; If you edit it by hand, you could mess it up, so be careful.
+ ;; Your init file should contain only one such instance.
+ ;; If there is more than one, they won't work right.
+ )
+
+(require 'epa-file)
+
+(epa-file-enable)
+
+(setq mu4e-mu-binary "/usr/local/bin/mu")
+
+(add-to-list 'load-path "/usr/local/share/emacs/site-lisp/mu/mu4e")
+(require 'mu4e)
+
+(setq
+ mue4e-headers-skip-duplicates  t
+ mu4e-view-show-images t
+ mu4e-view-show-addresses t
+ mu4e-compose-format-flowed nil
+ mu4e-date-format "%y/%m/%d"
+ mu4e-headers-date-format "%Y/%m/%d"
+ mu4e-change-filenames-when-moving t
+ mu4e-attachments-dir "~/Downloads"
+
+ mu4e-maildir       "~/Maildir/ungleich"   ;; top-level Maildir
+ ;; note that these folders below must start with /
+ ;; the paths are relative to maildir root
+ mu4e-refile-folder "/Archive"
+ mu4e-sent-folder   "/Sent"
+ mu4e-drafts-folder "/Drafts"
+ mu4e-trash-folder  "/Trash"
+ mu4e-reply-to-address "jinguk.kwon@ungleich.ch"
+ user-mail-address "jinguk.kwon@ungleich.ch"
+ user-full-name  "kjg")
+
+;; this setting allows to re-sync and re-index mail
+;; by pressing U
+(setq mu4e-get-mail-command  "mbsync -a")
+
+(setq mail-host-address "mail.ungleich.ch")
+
+
+(setq send-mail-function   'smtpmail-send-it
+      message-send-mail-function 'smtpmail-send-it
+      user-mail-address "jinguk.kwon@ungleich.ch"
+      smtpmail-starttls-credentials '(("smtp.ungleich.ch" 587 nil nil))
+      smtpmail-auth-credentials "~/.authinfo.gpg"
+      smtpmail-default-smtp-server "smtp.ungleich.ch"
+      smtpmail-smtp-server "smtp.ungleich.ch"
+      smtpmail-smtp-service 587
+      smtpmail-smtp-user  "jinguk.kwon@ungleich.ch"
+      smtpmail-debug-info t
+      smtpmail-debug-verb t)
+      ;;starttls-extra-arguments nil
+      ;;starttls-gnutls-program (executable-find "gnutls-cli")
+      ;;smtpmail-warn-about-unknown-extensions t
+      ;;starttls-use-gnutls t)
+
+(require 'smtpmail)
+
+;;store org-mode links to messages
+(require 'org-mu4e)
+
+(define-key mu4e-headers-mode-map (kbd "C-c c") 'mu4e-org-store-and-capture)
+(define-key mu4e-view-mode-map    (kbd "C-c c") 'mu4e-org-store-and-capture)
+
+(setq org-directory (expand-file-name "~/ungleich-learning-circle/kjg/"))
+;;store link to message if in header view, not to header query
+(setq org-mu4e-link-query-in-headers-mode nil)
+
+(setq org-capture-templates
+      '(("t" "todo" entry (file+headline (lambda() (concat "~/ungleich-learning-circle/kjg/todo-"(system-name)"-"(format-time-string "%Y")".org")) "Tasks")
+                  "* TODO [#A] %?\nSCHEDULED: %(org-insert-time-stamp (org-read-date nil t \"+0d\"))\n%a\n")))
+
+(setq org-log-done 'time)

kjg/dot-cdist/type/__my_dotfiles/manifest

@@ -0,0 +1,8 @@
+#!/bin/sh
+
+cd "$__type/files/"
+dotfiles=$(ls -a .[A-z]*)
+for df in $dotfiles; do
+    __file ~/$df \
+         --mode 0644 --source "$__type/files/$df"
+done

kjg/dot-cdist/type/__my_firewall/explorer/exists

@@ -0,0 +1,3 @@
+#!/bin/sh
+
+nft -V | grpe v*  || true

kjg/dot-cdist/type/__my_firewall/explorer/nfrule

@@ -0,0 +1,3 @@
+
+
+nft list ruleset

kjg/dot-cdist/type/__my_firewall/files/basic

@@ -0,0 +1 @@
+test

kjg/dot-cdist/type/__my_firewall/gencode-remote

@@ -0,0 +1,5 @@
+#!/bin/sh -e
+
+if [! -f echo "diff /etc/my-nftables /etc/readrule"]; then
+    echo "nft -f /etc/my-nftables"
+fi

kjg/dot-cdist/type/__my_firewall/manifest

@@ -0,0 +1,24 @@
+#!/bin/sh
+
+os=$(cat "$__global/explorer/os")
+
+nft_path="/etc/my-nftables"
+
+if [ ! -f "$__global/explorer/exists" ];then
+    echo "crrently no nft" >&2
+    exit 1
+fi
+
+if ["-" -eq "$__object/parameter/file" ]; then
+    filename="$__object/stdin"
+    
+else
+    filename=($__object/parameter/file)
+fi
+
+__file ${nft_path} --mode 644 --source "$__type/files/${filename}"
+
+
+if [ -f "$__global/explorer/nfrule" ]; then
+   echo "$__global/explorer//nfrule" > /etc/readrule
+fi

kjg/dot-cdist/type/__my_nginx/manifest

@@ -0,0 +1,3 @@
+#!/bin/sh
+
+__package nginx

kjg/dot-cdist/type/__my_nginx_site/gencode-remote

@@ -0,0 +1,20 @@
+os=$(cat "$__global/explorer/os")
+
+case "$os" in
+    devuan)
+        CONF_DIR=/etc/nginx/sites-enabled
+    ;;
+    alpine)
+	CONF_DIR=/etc/nginx/conf.d
+    ;;
+    *)
+        echo "OS $os currently not supported" >&2
+        exit 1
+    ;;
+esac
+
+DOMAIN_NAME="$__object_id"
+
+if grep -q "^__file${CONF_DIR}/${DOMAIN_NAME}" "$__messages_in"; then
+        echo 'service nginx reload'
+fi

kjg/dot-cdist/type/__my_nginx_site/manifest

@@ -0,0 +1,41 @@
+#!/bin/sh
+
+os=$(cat "$__global/explorer/os")
+
+case "$os" in
+    devuan)
+        CONF_DIR=/etc/nginx/sites-enabled
+    ;;
+    alpine)
+	CONF_DIR=/etc/nginx/conf.d
+    ;;
+    *)
+        echo "OS $os currently not supported" >&2
+        exit 1
+    ;;
+esac
+
+DOMAIN_NAME="$__object_id"
+WEB_ROOT=/var/www/html/${DOMAIN_NAME}
+
+__directory $WEB_ROOT --parents --mode 0644
+
+require="__package/nginx" __file "${CONF_DIR}/${DOMAIN_NAME}.conf" \
+           --mode 0644 --source - << EOF
+server {
+    listen *:80;
+    listen [::]:80;
+
+    server_name $DOMAIN_NAME;
+    root $WEB_ROOT;
+
+    location /.well-known/acme-challenge/ {
+        root $WEB_ROOT;
+    }
+
+    # Everything else -> ssl
+    location / {
+        return 301 https://\$host\$request_uri;
+    }
+}
+EOF