From 011a1df4ac702c646822e0dc1fbd5f7c68e73d55 Mon Sep 17 00:00:00 2001 From: kjg Date: Sat, 16 May 2020 00:15:39 +0900 Subject: [PATCH] kjg upload --- kjg/cdist.org | 91 +++++++++++++++ kjg/dot-cdist/manifest/firewall | 10 ++ kjg/dot-cdist/manifest/init | 13 ++- kjg/dot-cdist/type/__all_in_one/manifest | 38 +++++++ .../type/__all_in_one/parameter/boolean | 1 + .../__all_in_one/parameter/optional_multiple | 1 + kjg/dot-cdist/type/__all_in_one/singleton | 0 kjg/dot-cdist/type/__colourful_file/manifest | 11 ++ .../parameter/optional_multiple | 1 + .../type/__my_dotfiles/files/.bashrc | 14 +++ kjg/dot-cdist/type/__my_dotfiles/files/.emacs | 106 ++++++++++++++++++ kjg/dot-cdist/type/__my_dotfiles/manifest | 8 ++ kjg/dot-cdist/type/__my_dotfiles/singleton | 0 .../type/__my_firewall/explorer/exists | 3 + .../type/__my_firewall/explorer/nfrule | 3 + kjg/dot-cdist/type/__my_firewall/files/basic | 1 + .../type/__my_firewall/gencode-remote | 5 + kjg/dot-cdist/type/__my_firewall/manifest | 24 ++++ kjg/dot-cdist/type/__my_firewall/singleton | 0 kjg/dot-cdist/type/__my_nginx/manifest | 3 + kjg/dot-cdist/type/__my_nginx/singleton | 0 .../type/__my_nginx_site/gencode-remote | 20 ++++ kjg/dot-cdist/type/__my_nginx_site/manifest | 41 +++++++ 23 files changed, 393 insertions(+), 1 deletion(-) create mode 100644 kjg/dot-cdist/manifest/firewall create mode 100644 kjg/dot-cdist/type/__all_in_one/manifest create mode 100644 kjg/dot-cdist/type/__all_in_one/parameter/boolean create mode 100644 kjg/dot-cdist/type/__all_in_one/parameter/optional_multiple create mode 100644 kjg/dot-cdist/type/__all_in_one/singleton create mode 100644 kjg/dot-cdist/type/__colourful_file/manifest create mode 100644 kjg/dot-cdist/type/__colourful_file/parameter/optional_multiple create mode 100644 kjg/dot-cdist/type/__my_dotfiles/files/.bashrc create mode 100644 kjg/dot-cdist/type/__my_dotfiles/files/.emacs create mode 100644 kjg/dot-cdist/type/__my_dotfiles/manifest create mode 100644 kjg/dot-cdist/type/__my_dotfiles/singleton create mode 100644 kjg/dot-cdist/type/__my_firewall/explorer/exists create mode 100644 kjg/dot-cdist/type/__my_firewall/explorer/nfrule create mode 100644 kjg/dot-cdist/type/__my_firewall/files/basic create mode 100644 kjg/dot-cdist/type/__my_firewall/gencode-remote create mode 100644 kjg/dot-cdist/type/__my_firewall/manifest create mode 100644 kjg/dot-cdist/type/__my_firewall/singleton create mode 100644 kjg/dot-cdist/type/__my_nginx/manifest create mode 100644 kjg/dot-cdist/type/__my_nginx/singleton create mode 100644 kjg/dot-cdist/type/__my_nginx_site/gencode-remote create mode 100644 kjg/dot-cdist/type/__my_nginx_site/manifest diff --git a/kjg/cdist.org b/kjg/cdist.org index ccc3085..ab709af 100644 --- a/kjg/cdist.org +++ b/kjg/cdist.org @@ -1001,3 +1001,94 @@ DEBUG: localhost: cache subpath: 421aa90e079fa326b6494f812ad13e79 TRACE: localhost: Saving cache: /tmp/tmp4n4p2hbt/421aa90e079fa326b6494f812ad13e79/data to /root/.cdist/cache/421aa90e079fa326b6494f812ad13e79 INFO: localhost: Finished successful run in 2.17 seconds VERBOSE: config: Total processing time for 1 host(s): 2.1842637062072754 + + +* cdist3 + + +* cdist4 +** Create a new type *__my_nginx* +On the target host find out which directory nginx includes --> /etc/nginx/sites-enabled +*** log +VERBOSE: cdist: version 6.5.5-3-g6f4649ef +INFO: localhost: Starting configuration run +VERBOSE: localhost: Running global explorers +VERBOSE: localhost: Running initial manifest /tmp/tmpchto21_m/421aa90e079fa326b6494f812ad13e79/data/conf/manifest/init +VERBOSE: localhost: Preparing object __my_nginx/ +VERBOSE: localhost: Running manifest and explorers for __my_nginx/ +VERBOSE: localhost: Running type explorers for +VERBOSE: localhost: Running type manifest /tmp/tmpchto21_m/421aa90e079fa326b6494f812ad13e79/data/conf/type/__my_nginx/manifest for object __my_nginx/ +VERBOSE: localhost: Preparing object __package/nginx +VERBOSE: localhost: Running manifest and explorers for __package/nginx +VERBOSE: localhost: Running type explorers for +VERBOSE: localhost: Running type manifest /tmp/tmpchto21_m/421aa90e079fa326b6494f812ad13e79/data/conf/type/__package/manifest for object __package/nginx +VERBOSE: localhost: Preparing object __package_apt/nginx +VERBOSE: localhost: Running manifest and explorers for __package_apt/nginx +VERBOSE: localhost: Running type explorers for +VERBOSE: localhost: Running object __package_apt/nginx +VERBOSE: localhost: Running object __package/nginx +VERBOSE: localhost: Running object __my_nginx/ +INFO: localhost: Finished successful run in 0.87 seconds +VERBOSE: config: Total processing time for 1 host(s): 0.8785049915313721 +** Create a new tyep *__my_nginx_site* +root@mynginx2:~#ls -al /etc/nginx/sites-enabled/ +total 16 +drwxr-xr-x 2 root root 4096 May 11 23:29 . +drwxr-xr-x 8 root root 4096 May 11 21:40 .. +lrwxrwxrwx 1 root root 34 May 11 21:40 default -> /etc/nginx/sites-available/default +-rw-r--r-- 1 root root 243 May 11 23:29 mynginx2.test.conf +-rw-r--r-- 1 root root 243 May 11 23:27 mynginx.test.conf +root@mynginx2:~# + +*** remove nginx and __my_nginx log +VERBOSE: cdist: version 6.5.5-3-g6f4649ef +INFO: mynginx2.test: Starting configuration run +VERBOSE: mynginx2.test: Running global explorers +VERBOSE: mynginx2.test: Running initial manifest /tmp/tmptq3y42m2/5e977ddad9a0047b183b6d2702795df4/data/conf/manifest/init +VERBOSE: mynginx2.test: Preparing object __my_nginx_site/mynginx2.test +VERBOSE: mynginx2.test: Running manifest and explorers for __my_nginx_site/mynginx2.test +VERBOSE: mynginx2.test: Running type explorers for +VERBOSE: mynginx2.test: Running type manifest /tmp/tmptq3y42m2/5e977ddad9a0047b183b6d2702795df4/data/conf/type/__my_nginx_site/manifest for object __my_nginx_site/mynginx2.test +ERROR: mynginx2.test: The requirements of the following objects could not be resolved: +__file/etc/nginx/sites-enabled/mynginx2.test.conf requires: + __package/nginx +__file/etc/nginx/sites-enabled/mynginx2.test.conf autorequires: + +__my_nginx_site/mynginx2.test requires: + +__my_nginx_site/mynginx2.test autorequires: + __file/etc/nginx/sites-enabled/mynginx2.test.conf +VERBOSE: config: Total processing time for 1 host(s): 0.6650142669677734 +ERROR: cdist: Failed to configure the following hosts: mynginx2.tes + +--> nginx is removed and "require" check nginx(__package/nginx) + + +* cdist5 +** What is the difference between gencode-remote and the remote code? + +remote code is running on cdist command(cdist config --remote-copy REMOTE_COPY) +gencode-remote is running on cdist type + +remote_copy - use for remote copy with cdist command +remote_exec - use for remote execution with cdist command + +** What is the difference between gencode-local and gencode-remote? +gencode-local is executed locall, otherwise gencode-remote is executed on the targethost + +** Locate a type that comes with upstream cdist that uses gencode-local - which one is it? Why does it need gencode-local? +__ungleich_dhparam + +For running a specific local package +ex) openssl dhparam -outform PEM -out ${destination}/${domain}_dhparam.pem $keysize + + + + + + + +* cdist6 +** __all_in_one +i used singleton, because it does not need specific host. +** __firewall diff --git a/kjg/dot-cdist/manifest/firewall b/kjg/dot-cdist/manifest/firewall new file mode 100644 index 0000000..da93aa2 --- /dev/null +++ b/kjg/dot-cdist/manifest/firewall @@ -0,0 +1,10 @@ +case "$__target_host" in + # Everybody has this + localhost) + __package nftables + require="__package/nftables" __my_firewall --file basic + ;; + *) + __my_nginx + __my_nginx_site $__target_host #test +esac \ No newline at end of file diff --git a/kjg/dot-cdist/manifest/init b/kjg/dot-cdist/manifest/init index 3f3a6db..6fd3e2c 100644 --- a/kjg/dot-cdist/manifest/init +++ b/kjg/dot-cdist/manifest/init @@ -1,6 +1,17 @@ +#!/bin/sh + +sh -e "$__manifest/firewall" + case "$__target_host" in # Everybody has this localhost) - __my_computer + #__my_computer + #__colourful_file test --colour test1 --colour test2 + #__my_dotfiles + __all_in_one --with-x --extra-packages git ;; + *) + __my_nginx + __my_nginx_site $__target_host #test esac + diff --git a/kjg/dot-cdist/type/__all_in_one/manifest b/kjg/dot-cdist/type/__all_in_one/manifest new file mode 100644 index 0000000..87057e4 --- /dev/null +++ b/kjg/dot-cdist/type/__all_in_one/manifest @@ -0,0 +1,38 @@ +#!/bin/sh + +os=$(cat "$__global/explorer/os") + +case "$os" in + alpine) + os_pkgs="netcat-openbsd and tshark" + ;; + debian|devuan) + os_pkgs="netcat tshark" + ;; + fedora) + os_pkgs="nmap-ncat wireshark-cli" + ;; + *) + echo "OS $os currently not supported" >&2 + exit 1 + ;; +esac + +base_pkgs="socat sipcalc sudo" + + +if [! -f ${__object}/parameter/with-x ]; then + for bpkg in ${base_pkgs}; do + __package ${bpkg} --state present + done + + for opkg in ${os_pkgs}; do + __package ${opkg} --state present + done +fi + +if [ -f "$__object/parameter/extra-packages" ]; then + for epkg in $(cat $__object/parameter/extra-packages); do + __package $epkg --state present + done +fi diff --git a/kjg/dot-cdist/type/__all_in_one/parameter/boolean b/kjg/dot-cdist/type/__all_in_one/parameter/boolean new file mode 100644 index 0000000..b333e3c --- /dev/null +++ b/kjg/dot-cdist/type/__all_in_one/parameter/boolean @@ -0,0 +1 @@ +with-x \ No newline at end of file diff --git a/kjg/dot-cdist/type/__all_in_one/parameter/optional_multiple b/kjg/dot-cdist/type/__all_in_one/parameter/optional_multiple new file mode 100644 index 0000000..2cfc07b --- /dev/null +++ b/kjg/dot-cdist/type/__all_in_one/parameter/optional_multiple @@ -0,0 +1 @@ +extra-packages diff --git a/kjg/dot-cdist/type/__all_in_one/singleton b/kjg/dot-cdist/type/__all_in_one/singleton new file mode 100644 index 0000000..e69de29 diff --git a/kjg/dot-cdist/type/__colourful_file/manifest b/kjg/dot-cdist/type/__colourful_file/manifest new file mode 100644 index 0000000..e7470fd --- /dev/null +++ b/kjg/dot-cdist/type/__colourful_file/manifest @@ -0,0 +1,11 @@ +#!/bin/sh + +DOMAIN_NAME="$__object_id" + +COLOUR=$(cat "$__object/parameter/colour") + +if [ -f "$__object/parameter/colour" ]; then + for col in $(cat $__object/parameter/colour); do + echo "colour="$col >> ~/colourful + done +fi diff --git a/kjg/dot-cdist/type/__colourful_file/parameter/optional_multiple b/kjg/dot-cdist/type/__colourful_file/parameter/optional_multiple new file mode 100644 index 0000000..a9c4dd8 --- /dev/null +++ b/kjg/dot-cdist/type/__colourful_file/parameter/optional_multiple @@ -0,0 +1 @@ +colour \ No newline at end of file diff --git a/kjg/dot-cdist/type/__my_dotfiles/files/.bashrc b/kjg/dot-cdist/type/__my_dotfiles/files/.bashrc new file mode 100644 index 0000000..9169adb --- /dev/null +++ b/kjg/dot-cdist/type/__my_dotfiles/files/.bashrc @@ -0,0 +1,14 @@ +# .bashrc + +# User specific aliases and functions + +alias rm='rm -i' +alias cp='cp -i' +alias mv='mv -i' + +# Source global definitions +if [ -f /etc/bashrc ]; then + . /etc/bashrc +fi + +export PATH=$HOME/cdist/bin:$PATH diff --git a/kjg/dot-cdist/type/__my_dotfiles/files/.emacs b/kjg/dot-cdist/type/__my_dotfiles/files/.emacs new file mode 100644 index 0000000..5c997f2 --- /dev/null +++ b/kjg/dot-cdist/type/__my_dotfiles/files/.emacs @@ -0,0 +1,106 @@ +;; Added by Package.el. This must come before configurations of +;; installed packages. Don't delete this line. If you don't want it, +;; just comment it out by adding a semicolon to the start of the line. +;; You may delete these explanatory comments. +(require 'package) +(add-to-list 'package-archives + '("melpa" . "http://melpa.org/packages/") t) +(add-to-list 'package-archives '("org" . "https://orgmode.org/elpa/") t) +(package-initialize) + + + +(global-set-key (kbd "") (lambda () (interactive) (find-file (concat "~/ungleich-learning-circle/kjg/learning-"(system-name)"-"(format-time-string "%Y")".org")))) +(global-set-key (kbd "C-x g") 'magit-status) +(global-set-key (kbd "C-c a") 'org-agenda) +(global-set-key (kbd "") 'org-todo-list) + +(custom-set-variables + ;; custom-set-variables was added by Custom. + ;; If you edit it by hand, you could mess it up, so be careful. + ;; Your init file should contain only one such instance. + ;; If there is more than one, they won't work right. + '(epg-gpg-program "/usr/local/bin/gpg") + '(org-agenda-files + (quote + ("~/ungleich-learning-circle/kjg/todo.org" "~/learning.org"))) + ;;'(org-directory (expand-file-name "~/ungleich-learning-circle/kjg/")) + '(package-selected-packages (quote (org org-gnome org-dp ## which-key magit))) + '(send-mail-function (quote sendmail-send-it))) +(custom-set-faces + ;; custom-set-faces was added by Custom. + ;; If you edit it by hand, you could mess it up, so be careful. + ;; Your init file should contain only one such instance. + ;; If there is more than one, they won't work right. + ) + +(require 'epa-file) + +(epa-file-enable) + +(setq mu4e-mu-binary "/usr/local/bin/mu") + +(add-to-list 'load-path "/usr/local/share/emacs/site-lisp/mu/mu4e") +(require 'mu4e) + +(setq + mue4e-headers-skip-duplicates t + mu4e-view-show-images t + mu4e-view-show-addresses t + mu4e-compose-format-flowed nil + mu4e-date-format "%y/%m/%d" + mu4e-headers-date-format "%Y/%m/%d" + mu4e-change-filenames-when-moving t + mu4e-attachments-dir "~/Downloads" + + mu4e-maildir "~/Maildir/ungleich" ;; top-level Maildir + ;; note that these folders below must start with / + ;; the paths are relative to maildir root + mu4e-refile-folder "/Archive" + mu4e-sent-folder "/Sent" + mu4e-drafts-folder "/Drafts" + mu4e-trash-folder "/Trash" + mu4e-reply-to-address "jinguk.kwon@ungleich.ch" + user-mail-address "jinguk.kwon@ungleich.ch" + user-full-name "kjg") + +;; this setting allows to re-sync and re-index mail +;; by pressing U +(setq mu4e-get-mail-command "mbsync -a") + +(setq mail-host-address "mail.ungleich.ch") + + +(setq send-mail-function 'smtpmail-send-it + message-send-mail-function 'smtpmail-send-it + user-mail-address "jinguk.kwon@ungleich.ch" + smtpmail-starttls-credentials '(("smtp.ungleich.ch" 587 nil nil)) + smtpmail-auth-credentials "~/.authinfo.gpg" + smtpmail-default-smtp-server "smtp.ungleich.ch" + smtpmail-smtp-server "smtp.ungleich.ch" + smtpmail-smtp-service 587 + smtpmail-smtp-user "jinguk.kwon@ungleich.ch" + smtpmail-debug-info t + smtpmail-debug-verb t) + ;;starttls-extra-arguments nil + ;;starttls-gnutls-program (executable-find "gnutls-cli") + ;;smtpmail-warn-about-unknown-extensions t + ;;starttls-use-gnutls t) + +(require 'smtpmail) + +;;store org-mode links to messages +(require 'org-mu4e) + +(define-key mu4e-headers-mode-map (kbd "C-c c") 'mu4e-org-store-and-capture) +(define-key mu4e-view-mode-map (kbd "C-c c") 'mu4e-org-store-and-capture) + +(setq org-directory (expand-file-name "~/ungleich-learning-circle/kjg/")) +;;store link to message if in header view, not to header query +(setq org-mu4e-link-query-in-headers-mode nil) + +(setq org-capture-templates + '(("t" "todo" entry (file+headline (lambda() (concat "~/ungleich-learning-circle/kjg/todo-"(system-name)"-"(format-time-string "%Y")".org")) "Tasks") + "* TODO [#A] %?\nSCHEDULED: %(org-insert-time-stamp (org-read-date nil t \"+0d\"))\n%a\n"))) + +(setq org-log-done 'time) diff --git a/kjg/dot-cdist/type/__my_dotfiles/manifest b/kjg/dot-cdist/type/__my_dotfiles/manifest new file mode 100644 index 0000000..f322198 --- /dev/null +++ b/kjg/dot-cdist/type/__my_dotfiles/manifest @@ -0,0 +1,8 @@ +#!/bin/sh + +cd "$__type/files/" +dotfiles=$(ls -a .[A-z]*) +for df in $dotfiles; do + __file ~/$df \ + --mode 0644 --source "$__type/files/$df" +done \ No newline at end of file diff --git a/kjg/dot-cdist/type/__my_dotfiles/singleton b/kjg/dot-cdist/type/__my_dotfiles/singleton new file mode 100644 index 0000000..e69de29 diff --git a/kjg/dot-cdist/type/__my_firewall/explorer/exists b/kjg/dot-cdist/type/__my_firewall/explorer/exists new file mode 100644 index 0000000..1839cf9 --- /dev/null +++ b/kjg/dot-cdist/type/__my_firewall/explorer/exists @@ -0,0 +1,3 @@ +#!/bin/sh + +nft -V | grpe v* || true diff --git a/kjg/dot-cdist/type/__my_firewall/explorer/nfrule b/kjg/dot-cdist/type/__my_firewall/explorer/nfrule new file mode 100644 index 0000000..ffaadf5 --- /dev/null +++ b/kjg/dot-cdist/type/__my_firewall/explorer/nfrule @@ -0,0 +1,3 @@ + + +nft list ruleset diff --git a/kjg/dot-cdist/type/__my_firewall/files/basic b/kjg/dot-cdist/type/__my_firewall/files/basic new file mode 100644 index 0000000..30d74d2 --- /dev/null +++ b/kjg/dot-cdist/type/__my_firewall/files/basic @@ -0,0 +1 @@ +test \ No newline at end of file diff --git a/kjg/dot-cdist/type/__my_firewall/gencode-remote b/kjg/dot-cdist/type/__my_firewall/gencode-remote new file mode 100644 index 0000000..28c684f --- /dev/null +++ b/kjg/dot-cdist/type/__my_firewall/gencode-remote @@ -0,0 +1,5 @@ +#!/bin/sh -e + +if [! -f echo "diff /etc/my-nftables /etc/readrule"]; then + echo "nft -f /etc/my-nftables" +fi diff --git a/kjg/dot-cdist/type/__my_firewall/manifest b/kjg/dot-cdist/type/__my_firewall/manifest new file mode 100644 index 0000000..154d40b --- /dev/null +++ b/kjg/dot-cdist/type/__my_firewall/manifest @@ -0,0 +1,24 @@ +#!/bin/sh + +os=$(cat "$__global/explorer/os") + +nft_path="/etc/my-nftables" + +if [ ! -f "$__global/explorer/exists" ];then + echo "crrently no nft" >&2 + exit 1 +fi + +if ["-" -eq "$__object/parameter/file" ]; then + filename="$__object/stdin" + +else + filename=($__object/parameter/file) +fi + +__file ${nft_path} --mode 644 --source "$__type/files/${filename}" + + +if [ -f "$__global/explorer/nfrule" ]; then + echo "$__global/explorer//nfrule" > /etc/readrule +fi diff --git a/kjg/dot-cdist/type/__my_firewall/singleton b/kjg/dot-cdist/type/__my_firewall/singleton new file mode 100644 index 0000000..e69de29 diff --git a/kjg/dot-cdist/type/__my_nginx/manifest b/kjg/dot-cdist/type/__my_nginx/manifest new file mode 100644 index 0000000..c231a90 --- /dev/null +++ b/kjg/dot-cdist/type/__my_nginx/manifest @@ -0,0 +1,3 @@ +#!/bin/sh + +__package nginx diff --git a/kjg/dot-cdist/type/__my_nginx/singleton b/kjg/dot-cdist/type/__my_nginx/singleton new file mode 100644 index 0000000..e69de29 diff --git a/kjg/dot-cdist/type/__my_nginx_site/gencode-remote b/kjg/dot-cdist/type/__my_nginx_site/gencode-remote new file mode 100644 index 0000000..e18e240 --- /dev/null +++ b/kjg/dot-cdist/type/__my_nginx_site/gencode-remote @@ -0,0 +1,20 @@ +os=$(cat "$__global/explorer/os") + +case "$os" in + devuan) + CONF_DIR=/etc/nginx/sites-enabled + ;; + alpine) + CONF_DIR=/etc/nginx/conf.d + ;; + *) + echo "OS $os currently not supported" >&2 + exit 1 + ;; +esac + +DOMAIN_NAME="$__object_id" + +if grep -q "^__file${CONF_DIR}/${DOMAIN_NAME}" "$__messages_in"; then + echo 'service nginx reload' +fi diff --git a/kjg/dot-cdist/type/__my_nginx_site/manifest b/kjg/dot-cdist/type/__my_nginx_site/manifest new file mode 100644 index 0000000..3362f90 --- /dev/null +++ b/kjg/dot-cdist/type/__my_nginx_site/manifest @@ -0,0 +1,41 @@ +#!/bin/sh + +os=$(cat "$__global/explorer/os") + +case "$os" in + devuan) + CONF_DIR=/etc/nginx/sites-enabled + ;; + alpine) + CONF_DIR=/etc/nginx/conf.d + ;; + *) + echo "OS $os currently not supported" >&2 + exit 1 + ;; +esac + +DOMAIN_NAME="$__object_id" +WEB_ROOT=/var/www/html/${DOMAIN_NAME} + +__directory $WEB_ROOT --parents --mode 0644 + +require="__package/nginx" __file "${CONF_DIR}/${DOMAIN_NAME}.conf" \ + --mode 0644 --source - << EOF +server { + listen *:80; + listen [::]:80; + + server_name $DOMAIN_NAME; + root $WEB_ROOT; + + location /.well-known/acme-challenge/ { + root $WEB_ROOT; + } + + # Everything else -> ssl + location / { + return 301 https://\$host\$request_uri; + } +} +EOF