Merge branch 'master' of https://code.ungleich.ch/ungleich-public/ungleich-learning-circle

.gitignore

@@ -1,2 +1,4 @@
 /youngjin.han/dot-cdist/type/__my_computer/manifest~
 /youngjin.han/cdist.org~
+/youngjin.han/dot-cdist/type/__colourful_file/file/colourful~
+/youngjin.han/dot-cdist/type/__colourful_file/manifest~

balazs/dot-cdist/manifest/init

@@ -6,16 +6,14 @@ case "$__target_host" in
      # Copy a cool motd from the type's file directory
      __motd --source "$__files/motd"
 
-#     __package emacs --state present
-
      __timezone Europe/Zurich
 
      __my_computer
 
-#     __my_nginx
+     __my_nginx
 
-     __my_nginx_site woo.com
-     __my_nginx_site chee.se
+     require="__my_nginx" __my_nginx_site woo.com
+     require="__my_nginx" __my_nginx_site chee.se
 ;;
 esac
 

balazs/dot-cdist/type/__my_computer/manifest~

@@ -1,8 +0,0 @@
-#!/bin/sh -e
-
-#This is a type for practice, used to learn cdist and configure a laptop.
-
-
-for pkg in ndisc6 emacs zsh mosh nmap sipcalc; 
-  do __package $pkg --state present;
-done

balazs/dot-cdist/type/__my_nginx_site/gencode-remote

@@ -0,0 +1,23 @@
+os=$(cat "$__global/explorer/os")
+
+#if grep -q "$something_from_message_in" "$__messages_in"; then
+
+case "${os}" in
+    alpine|gentoo)
+        echo /etc/init.d/nginx reload
+    ;;
+    debian|ubuntu)
+        echo "/usr/bin/systemctl reload nginx"
+    ;;
+esac
+
+#fi
+
+
+#if grep -q "^__your_type/object/id:conf_file_changed" "$__messages_in"; then
+#    echo "$reload_command"
+#fi
+
+# Testing env -> variables are not shared between the type's manifest and the gencode-remote script
+# Maybe the variables are eval-ed on the local host and won't get transferred to the remote host?
+#echo "echo \"$reload_command\" >> /tmp/cmd"

balazs/dot-cdist/type/__my_nginx_site/manifest

@@ -1,3 +1,8 @@
+os="$(cat "$__global/explorer/os")"
+
+# Note: __service nginx --action reload
+
+
 domain="$__object_id"
 nginx_config_dir="/etc/nginx/conf.d"
 
@@ -15,3 +20,5 @@ server {
 }
 EOF
 
+# Messaging is not needed because atm I assume that the config file will get overwritten every run, even if the contents are the same.
+#echo "conf_file_changed" >> "$__messages_out"

balazs/dot-cdist/type/__my_nginx_site/manifest~

@@ -1 +0,0 @@
-require="__package/nginx" __file $nginx_config_dir/"$__object_id".conf

kjg/dot-cdist/type/__all_in_one/parameter/optional_multiple~

@@ -0,0 +1 @@
+extra-packages

kjg/dot-cdist/type/__my_firewall/gencode-remote~

@@ -0,0 +1,5 @@
+#!/bin/sh -e
+
+if [! -f echo "diff /etc/my-nftables /etc/readnfrule"]; then
+    echo "nft -f /etc/my-nftables"
+fi

kjg/dot-cdist/type/__my_firewall/manifest~

@@ -0,0 +1,40 @@
+#!/bin/sh
+
+os=$(cat "$__global/explorer/os")
+
+nft_path="/etc/my-nftables"
+
+case "$os" in
+    alpine)
+        os_pkgs="netcat-openbsd and tshark"
+    ;;
+    debian|devuan)
+        os_pkgs="netcat tshark"
+    ;;
+    fedora)
+        os_pkgs="nmap-ncat wireshark-cli"
+    ;;
+    *)
+        echo "OS $os currently not supported" >&2
+        exit 1
+    ;;
+esac
+
+if [ ! -f "$__global/explorer/exists" ];then
+    echo "crrently no nft" >&2
+    exit 1
+fi
+
+if ["-" -eq "$__object/parameter/file" ]; then
+    filename="$__object/stdin"
+    
+else
+    filename=($__object/parameter/file)
+fi
+ 
+__file ${nft_path} --mode 644 --source "$__type/files/${filename}"
+
+
+if [ -f "$__global/explorer/nfrule" ]; then
+   echo "$__global/explorer//nfrule" > /etc/readrule
+fi

sami/.gitignore

@@ -0,0 +1,21 @@
+
+# Created by https://www.gitignore.io/api/linux
+# Edit at https://www.gitignore.io/?templates=linux
+
+### Linux ###
+*~
+
+# temporary files which can be created if a process still has a handle open of a deleted file
+.fuse_hidden*
+
+# KDE directory preferences
+.directory
+
+# Linux trash folder which might appear on any partition or disk
+.Trash-*
+
+# .nfs files are created when an open file is removed but is still being accessed
+.nfs*
+
+# End of https://www.gitignore.io/api/linux
+

sami/my-cdist/.cdist/files/motd

@@ -0,0 +1 @@
+my message of the day

sami/my-cdist/.cdist/manifest/init

@@ -0,0 +1,15 @@
+case "$__target_host" in
+     localhost)
+     #target is configured with cdist
+     __file /etc/cdist-configured
+
+     # motd from th file directory
+     __motd --source "$__files/motd"
+
+     __timezone Europe/Zurich
+
+     # types to be used 
+     __my_computer
+;;
+esac
+

sami/my-cdist/.cdist/sample

@@ -1 +0,0 @@
-__sample_bottle_hosting --projectname sample --user app --domain $__target_host sample

sami/my-cdist/.cdist/type/__all_in_one/manifest

@@ -0,0 +1,30 @@
+os="$(cat "$__global/explorer/os")"
+case "$os" in
+      fedora)
+	__package nmap-ncat --state present 
+	__package wireshark-cli --state present 
+     
+;;
+      debian) 
+      
+	__package netcat --state present
+	__package tshark --state present
+		
+
+	alpine)
+		
+	 __package netcat-openbsd --state present
+	 __package tshark --state present 
+;;
+      
+
+*)
+         echo "Don't know how to manage packages on: $os" >&2
+         exit 1
+      ;;
+esac
+
+
+ __package socat --state present __package sipcalc --state present __package sudo --state present
+     
+

sami/my-cdist/.cdist/type/__all_in_one/parameter/boolean

@@ -0,0 +1 @@
+--with-x

sami/my-cdist/.cdist/type/__colorful_file/manifest

@@ -0,0 +1,24 @@
+# required parameter
+#servername="$(cat "$__object/parameter/servername")"
+
+# optional parameter
+if [ -f "$__object/parameter/optional" ]; then
+   logdirectory="$(cat "$__object/parameter/optional")"
+fi
+
+# optional parameter with predefined default
+#loglevel="$(cat "$__object/parameter/loglevel")"
+
+# boolean parameter
+#if [ -f "$__object/parameter/use_ssl" ]; then
+   # file exists -> True
+   # do some fancy ssl stuff
+#fi
+
+# parameter with multiple values
+#if [ -f "$__object/parameter/server_colorful" ]; then
+ #  for alias in $(cat "$__object/parameter/server_alias"); do
+  #    echo $alias > /some/where/useful
+   #done
+#fi
+

sami/my-cdist/.cdist/type/__colorful_file/parameter/optional

@@ -0,0 +1 @@
+colorful

sami/my-cdist/.cdist/type/__my_computer/manifest

@@ -0,0 +1,33 @@
+#!/bin/sh -e
+#
+# 2012 Nico Schottelius (nico-cdist at schottelius.org)
+#
+# This file is part of cdist.
+#
+# cdist is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# cdist is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with cdist. If not, see <http://www.gnu.org/licenses/>.
+#
+#
+# Ensure sipcalc is present
+
+
+__package sipcalc --state present
+
+__package emacs --state present
+
+__package firefox  --state present
+
+__package nmap --state present
+
+__package zsh --state present
+

sami/my-cdist/.cdist/type/__my_firewall/explorer/package-ensured

@@ -0,0 +1,9 @@
+if [ -f "$__object/parameter/name" ]; then
+   name="$(cat "$__object/parameter/name")"
+else
+   name="$__object_id"
+fi
+
+# Expect dpkg failing, if package is not known / installed
+dpkg -s "$name" 2>/dev/null || exit 0
+

sami/my-cdist/.cdist/type/__my_firewall/parameter/required

@@ -0,0 +1 @@
+file

sami/my-cdist/.cdist/type/__nginx/manifest

@@ -0,0 +1 @@
+__package nginx --state present

sami/my-cdist/.cdist/type/__nginx_site/gencode-remote

@@ -1 +1,3 @@
+# Reacting on message
+
 echo "service nginx reload"

sami/my-cdist/.cdist/type/__nginx_site/manifest

@@ -0,0 +1,21 @@
+
+os=$(cat "$__global/explorer/os")
+
+domain="$__object_id"
+nginx_config_dir="/etc/nginx/conf.d"
+
+require="__package/nginx" __file $nginx_config_dir/$domain.conf --source - << EOF
+
+server {
+
+   server_name $domain;
+   listen [::]:80 ;
+
+   location / {
+      autoindex on;
+      root /var/www/html/$domain;
+   }
+}
+EOF
+
+

sami/my-cdist/.cdist/type/__sample_bottle_hosting/gencode-remote

@@ -1 +0,0 @@
-echo "service nginx restart"

sami/my-cdist/.cdist/type/__sample_bottle_hosting/manifest

@@ -1,43 +0,0 @@
-os=$(cat "$__global/explorer/os")
-
-case "$os" in
-    ubuntu)
-        :
-    ;;
-    *)
-        echo "OS $os currently not supported" >&2
-        exit 1
-    ;;
-esac
-
-
-user="$(cat "$__object/parameter/user")"
-home="/home/$user"
-apphome="$home/app"
-
-# create user
-__user "$user" --home "$home" --shell /bin/bash
-# create user home dir
-require="__user/$user" __directory "$home" \
-    --owner "$user" --group "$user" --mode 0755
-# create app home dir
-require="__user/$user __directory/$home" __directory "$apphome" \
-    --state present --owner "$user" --group "$user" --mode 0755
-
-
-# define packages that need to be installed
-packages_to_install="nginx uwsgi-plugin-python3 python3-dev python3-pip postgresql postgresql-contrib libpq-dev python3-venv uwsgi python3-psycopg2"
-
-# update package index
-__apt_update_index
-# install packages
-for package in $packages_to_install
-    do require="__apt_update_index" __package $package --state=present
-done
-
-# install pip3 packages
-for package in bottle bottle-pgsql; do
-    __package_pip --pip pip3 $package
-done
-
-

sami/my-cdist/.cdist/type/__sample_bottle_hosting/parameter/required

@@ -1,4 +0,0 @@
-# required parameter
-projectname
-user
-domain

sami/my-cdist/.cdist/type/__sample_nginx/manifest

@@ -1,13 +0,0 @@
-domain="$(cat "$__object/parameter/domain")"
-webroot="/var/www/html"
-__sample_nginx_http_letsencrypt_and_ssl_redirect "$domain" --webroot "$webroot"
-
-
-# create SSL cert
-require="__package/nginx __sample_nginx_http_letsencrypt_and_ssl_redirect/$domain" \
-    __letsencrypt_cert --admin-email samuel.hailu@ungleich.ch \
-        --webroot "$webroot" \
-        --automatic-renewal \
-        --renew-hook "service nginx reload" \
-        --domain "$domain" \
-        "$domain"

sami/my-cdist/.cdist/type/__sample_nginx_http_letsencrypt_and_ssl_redirect/manifest

@@ -1,25 +0,0 @@
-domain="$__object_id"
-webroot="$(cat "$__object/parameter/webroot")"
-# make sure we have nginx package
-__package nginx
-# setup Let's Encrypt HTTP acme challenge, redirect HTTP to HTTPS
-require="__package/nginx" __file "/etc/nginx/sites-enabled/http-$domain" \
-    --source - --mode 0644 << EOF
-server {
-    listen *:80;
-    listen [::]:80;
-
-    server_name $domain;
-
-    # Let's Encrypt
-    location /.well-known/acme-challenge/ {
-        root $webroot;
-    }
-
-    # Everything else -> SSL
-    location / {
-        return 301 https://\$host\$request_uri;
-    }
-}
-
-EOF

sami/my-cdist/.cdist/type/__sample_nginx_http_letsencrypt_and_ssl_redirect/parameter/required

@@ -1 +0,0 @@
-webroot

sami/my-org-files/cdist.org/cdist#1-intro.org

@@ -0,0 +1,38 @@
+*** cdist #1: Introduction
+**** Lecture content
+***** Objective
+****** Begin to use cdist
+***** Steps
+****** Install cdist locally https://www.cdi.st/manual/latest/cdist-quickstart.html
+****** Create a new cdist configuration directory in ~/ungleich-learning-circle/USERNAME/dot-cdist
+****** Create an empty initial manifest
+****** Commit that status
+****** Ensure that you can login as root to localhost via ssh without a password
+****** Configure cdist to configures the motd of your localhost
+******* Ensure you have a case block matching on $__target_host
+******* Use the -c parameter to cdist to specify the configuration directory
+******* Use the -vv parameter to get more verbose output
+****** Configure cdist to create the file /etc/cdist-configured
+****** Configure cdist to setup the timezone on your local computer
+****** Configure cdist to ensure emacs is installed
+****** Ensure that in the end all changes are committed in your repository
+
+* init.file 
+- sami@cdist/manifest$ cat init 
+case "$__target_host" in
+     localhost)
+     #target is configured with cdist
+     __file /etc/cdist-configured
+
+     # motd from th file directory
+     __motd --source "$__files/motd"
+
+     __timezone Europe/Zurich
+
+     
+;;
+esac
+
+
+* Types manifest for installing packages or insuring that packages are installed
+- __package emacs --state present

sami/my-org-files/cdist.org/cdist#2-type.org

@@ -0,0 +1,24 @@
+*** cdist #2: Your first cdist type
+**** Lecture content
+***** Objective
+****** Begin to understand how cdist types function
+******* Types are the main component of cdist and define functionality. If you use cdist, you'll write a type for every functionality you would like to use.
+***** Steps
+****** Create a new type named `__my_computer`
+         - Mark the type as a singleton type (If a type is flagged as a singleton, it may be used only once per host.)
+	 - Create a `manifest` file in it
+	 - Use this type to install the following packages: zsh, mosh, emacs, nmap, sipcalc
+	 - Edit the *initial manifest* and use **__my_computer** - Here we have to simply add __my_computer in the types file
+       **localhost**
+       - Match using the $__target_host variable
+****** Modify your type to use a *for loop* to install the packages
+****** Deploy / manage your ~/.emacs file in this type
+       - Ensure that permissions and ownership are correct
+****** Use different *verbosity* levels when configuring
+****** Ensure that all your changes are committed and pushed in your ungleich-learning-circle repository
+       - Use magit inside emacs for that
+***** Documentation steps to be done in cdist.org
+	 - Create a new org document named `cdist.org` in the safind . -name "~/.emacs"me folder as the learning.org file
+	 - Explain the difference between a singleton and non-singleton type
+	 - Explain the difference between the different verbosity levels
+	 - Document (copy&paste) some of the cdist runs in a "log" section```find . -name "~/.emacs"

sami/my-org-files/cdist.org/cdist#5-messsaging

@@ -0,0 +1,15 @@
+cdist #5: Generating Code & Exploring
+
+* Understanding how to generate code and when to use it
+** define gencode-remote script: ~/.cdist/type/__nginx_site. After manifest is applied it should restart services so  configuration is active. Our gencode-remote looks like echo "service nginx restart"
+
+* Modify the previously created type *__my_nginx_site*
+** We modify the previously created type so that the gencode-remote script reacts accordingly  
+- echo  "if_configurationfile_changes" >> "$__messages_out"
+
+* Read about cdist messaging
+** cdist has a simple but powerful way of allowing communication between the initial manifest and types as well as types and types.
+* What is the difference between gencode-local and gencode-remote?
+ 
+** gencode-remote used to generate code to be executed on the target host 
+** gencode-local used to generate code to be executed on the source host

sami/my-org-files/cdist.org/cdist.org

@@ -0,0 +1,15 @@
+* cdist #5: Generating Code & Exploring
+
+* Understanding how to generate code and when to use it
+** define gencode-remote script: ~/.cdist/type/__nginx_site. After manifest is applied it should restart services so  configuration is active. Our gencode-remote looks like echo "service nginx restart"
+
+* Modify the previously created type *__my_nginx_site*
+** We modify the previously created type so that the gencode-remote script reacts accordingly  
+- echo  "if_configurationfile_changes" >> "$__messages_out"
+
+* Read about cdist messaging
+** cdist has a simple but powerful way of allowing communication between the initial manifest and types as well as types and types.
+* What is the difference between gencode-local and gencode-remote?
+ 
+** gencode-remote used to generate code to be executed on the target host 
+** gencode-local used to generate code to be executed on the source host

youngjin.han/cdist.org

@@ -1,3 +1,8 @@
+* cidst #5
+  - gencode-remote : is executed on the target
+  - remote code : behave as if it where ssh (e.g. ssh -o User=root)
+  - gencode-local : is executed locally
+  - __file has gencode-local that is need to excute and debug commands
 * singleton / non-singleton
 ** non-singleton needs process ID.
 ** singletion should be carried out by itself.

youngjin.han/dot-cdist/manifest/init

@@ -4,6 +4,18 @@ case "$__target_host" in
     localhost)
         __motd
         __timezone Asia/Seoul
-        __my_computer
+#        __my_computer
+#        __colourful_file --colour yellow --colour blue --colour red --colour green
+#        __my_dotfiles
+#        __my_nginx_site $__target_host
+    ;;
+    jafo.laptop)
+        __motd
+        __timezone Asia/Seoul
+#        __my_computer
+    ;;
+    *)
+#        __my_nginx
+        __my_nginx_site $__target_host
     ;;
 esac

youngjin.han/dot-cdist/type/__colourful_file/manifest

@@ -0,0 +1,14 @@
+#!/bin/sh -e
+
+__file ~/colourful
+printf "colour=\n" > ~/colourful
+
+# parameter with multiple values
+if [ -f "$__object/parameter/colour" ]; then
+#    colour="$(cat "$__object/parameter/colour")"
+#    printf "$colour\n" >> ~/colourful
+    for alias in $(cat "$__object/parameter/colour"); do
+        printf "$alias\n" >> ~/colourful
+    done
+fi
+

youngjin.han/dot-cdist/type/__colourful_file/parameter/optional_multiple

@@ -0,0 +1 @@
+colour

youngjin.han/dot-cdist/type/__my_dotfiles/files/.bashrc

@@ -0,0 +1,115 @@
+# ~/.bashrc: executed by bash(1) for non-login shells.
+# see /usr/share/doc/bash/examples/startup-files (in the package bash-doc)
+# for examples
+
+# If not running interactively, don't do anything
+case $- in
+    *i*) ;;
+      *) return;;
+esac
+
+# don't put duplicate lines or lines starting with space in the history.
+# See bash(1) for more options
+HISTCONTROL=ignoreboth
+
+# append to the history file, don't overwrite it
+shopt -s histappend
+
+# for setting history length see HISTSIZE and HISTFILESIZE in bash(1)
+HISTSIZE=1000
+HISTFILESIZE=2000
+
+# check the window size after each command and, if necessary,
+# update the values of LINES and COLUMNS.
+shopt -s checkwinsize
+
+# If set, the pattern "**" used in a pathname expansion context will
+# match all files and zero or more directories and subdirectories.
+#shopt -s globstar
+
+# make less more friendly for non-text input files, see lesspipe(1)
+#[ -x /usr/bin/lesspipe ] && eval "$(SHELL=/bin/sh lesspipe)"
+
+# set variable identifying the chroot you work in (used in the prompt below)
+if [ -z "${debian_chroot:-}" ] && [ -r /etc/debian_chroot ]; then
+    debian_chroot=$(cat /etc/debian_chroot)
+fi
+
+# set a fancy prompt (non-color, unless we know we "want" color)
+case "$TERM" in
+    xterm-color|*-256color) color_prompt=yes;;
+esac
+
+# uncomment for a colored prompt, if the terminal has the capability; turned
+# off by default to not distract the user: the focus in a terminal window
+# should be on the output of commands, not on the prompt
+#force_color_prompt=yes
+
+if [ -n "$force_color_prompt" ]; then
+    if [ -x /usr/bin/tput ] && tput setaf 1 >&/dev/null; then
+	# We have color support; assume it's compliant with Ecma-48
+	# (ISO/IEC-6429). (Lack of such support is extremely rare, and such
+	# a case would tend to support setf rather than setaf.)
+	color_prompt=yes
+    else
+	color_prompt=
+    fi
+fi
+
+if [ "$color_prompt" = yes ]; then
+    PS1='${debian_chroot:+($debian_chroot)}\[\033[01;32m\]\u@\h\[\033[00m\]:\[\033[01;34m\]\w\[\033[00m\]\$ '
+else
+    PS1='${debian_chroot:+($debian_chroot)}\u@\h:\w\$ '
+fi
+unset color_prompt force_color_prompt
+
+# If this is an xterm set the title to user@host:dir
+case "$TERM" in
+xterm*|rxvt*)
+    PS1="\[\e]0;${debian_chroot:+($debian_chroot)}\u@\h: \w\a\]$PS1"
+    ;;
+*)
+    ;;
+esac
+
+# enable color support of ls and also add handy aliases
+if [ -x /usr/bin/dircolors ]; then
+    test -r ~/.dircolors && eval "$(dircolors -b ~/.dircolors)" || eval "$(dircolors -b)"
+    alias ls='ls --color=auto'
+    alias dir='dir --color=auto'
+    alias vdir='vdir --color=auto'
+
+    alias grep='grep --color=auto'
+    alias fgrep='fgrep --color=auto'
+    alias egrep='egrep --color=auto'
+fi
+
+# colored GCC warnings and errors
+#export GCC_COLORS='error=01;31:warning=01;35:note=01;36:caret=01;32:locus=01:quote=01'
+
+export TERM=xterm-256color
+
+# some more ls aliases
+alias ll='ls -alF'
+alias la='ls -A'
+alias l='ls -CF'
+
+# Alias definitions.
+# You may want to put all your additions into a separate file like
+# ~/.bash_aliases, instead of adding them here directly.
+# See /usr/share/doc/bash-doc/examples in the bash-doc package.
+
+if [ -f ~/.bash_aliases ]; then
+    . ~/.bash_aliases
+fi
+
+# enable programmable completion features (you don't need to enable
+# this, if it's already enabled in /etc/bash.bashrc and /etc/profile
+# sources /etc/bash.bashrc).
+if ! shopt -oq posix; then
+  if [ -f /usr/share/bash-completion/bash_completion ]; then
+    . /usr/share/bash-completion/bash_completion
+  elif [ -f /etc/bash_completion ]; then
+    . /etc/bash_completion
+  fi
+fi

youngjin.han/dot-cdist/type/__my_dotfiles/files/.profile

@@ -0,0 +1,24 @@
+# ~/.profile: executed by the command interpreter for login shells.
+# This file is not read by bash(1), if ~/.bash_profile or ~/.bash_login
+# exists.
+# see /usr/share/doc/bash/examples/startup-files for examples.
+# the files are located in the bash-doc package.
+
+# the default umask is set in /etc/profile; for setting the umask
+# for ssh logins, install and configure the libpam-umask package.
+#umask 022
+
+# if running bash
+if [ -n "$BASH_VERSION" ]; then
+    # include .bashrc if it exists
+    if [ -f "$HOME/.bashrc" ]; then
+	. "$HOME/.bashrc"
+    fi
+fi
+
+# set PATH so it includes user's private bin if it exists
+if [ -d "$HOME/bin" ] ; then
+    PATH="$HOME/bin:$PATH"
+fi
+
+export PATH=$PATH:/sbin:/usr/sbin

youngjin.han/dot-cdist/type/__my_dotfiles/manifest

@@ -0,0 +1,10 @@
+#!/bin/sh -e
+
+cd "$__type/files/"
+dotfiles=$(ls -a .[A-z]*)
+
+for df in $dotfiles; do
+    __file ~/$df \
+	    --mode 0644 --source "$__type/files/$df"
+done
+

youngjin.han/dot-cdist/type/__my_nginx/manifest

@@ -0,0 +1,8 @@
+#!/bin/sh -e
+
+# update package index
+__apt_update_index
+
+require="__apt_update_index" __package nginx --state=present
+
+

youngjin.han/dot-cdist/type/__my_nginx_site/gencode-remote

@@ -0,0 +1 @@
+echo "sudo service nginx reload"

youngjin.han/dot-cdist/type/__my_nginx_site/manifest

@@ -0,0 +1,54 @@
+#!/bin/sh -e
+
+os=$(cat "$__global/explorer/os")
+
+case "$os" in
+    devuan)
+        :
+    ;;
+    *)
+        echo "OS $os currently not supported" >&2
+        exit 1
+    ;;
+esac
+
+nginx_config_dir="/etc/nginx/conf.d"
+domain="$__object_id"
+
+__directory /var/www/html/$domain \
+            --parents --mode 0755
+
+require="__directory//var/www/html/$domain" \
+	__file /var/www/html/$domain/index.html \
+	--mode 0644 --source - << EOF
+Hello Cdist!!!
+EOF
+
+__my_nginx
+
+# configure nginx
+require="__my_nginx" \
+        __file "$nginx_config_dir/${domain}.conf" \
+        --mode 0644 --source - << EOF
+server {
+        listen 80;
+        listen [::]:80;
+
+        server_name $domain;
+
+        access_log  /var/log/nginx/access.log;
+
+        client_max_body_size 256m;
+
+        location / {
+                root   /var/www/html/$domain;
+                index  index.html index.htm;
+        }
+
+        error_page   500 502 503 504  /50x.html;
+
+        location = /50x.html {
+                root   /var/www/html/$domain;
+        }
+}
+EOF

youngjin.han/learning-node02-2020.org

@@ -1,3 +1,130 @@
+* 2020-05-15
+*** cdist #6: Glueing it together
+**** Lecture content
+***** Objective
+      - Apply learnings from the previous cdist sessions
+***** Steps 1: *__all_in_one* (1.25h)
+      - Create a new type named *__all_in_one*
+        - Decide yourself whether it is a singleton or not
+        - Reason why in your cdist.org file
+      - It should work on alpine, debian and fedora
+      - It accepts the following parameters:
+        - *--with-x* (boolean)
+        - *--extra-packages* (optional multiple)
+      - On Alpine, it should install netcat-openbsd and tshark
+      - On Debian, it should install netcat tshark
+      - On Fedora, it should install nmap-ncat wireshark-cli
+      - On all operating systems install socat sipcalc sudo
+      - If the detected operating system is neither
+        Alpine/Debian/Fedora, output an error message and abort the
+        manifest with exit code 1
+      - Additionally install all packages specified by the *--extra-packages* parameter
+***** Steps 2: *__firewall* (1.25h)
+      - Create a new type *__my_firewall*
+      - Add a *type explorer* to find out whether nft is present on
+        the target system
+      - Add a required parameter named *file*
+      - If the type explorer does not detect nft on the target system,
+        abort with an error message
+      - Deploy the specified file to */etc/my-nftables*
+      - Add a *type explorer* that reads the current nft rules
+      - If the rules are different on the target host, apply the new
+        ruleset by generating code in *gencode-remote*
+      - If the filename specified by the *file* parameter is *-* (the
+        minus sign), then the type should read from *stdin*
+***** Step 3: manifest (0.5h)
+      - Create a new manifest in the folder that contains the initial manifest
+      - Name the new manifest *firewall*
+      - Source the *firewall* manifest in the *initial* manifest
+      - In the *firewall* manifest, match on *localhost*
+        - Install nftables
+        - Use the *__firewall* type
+        - Use correct *require* parameter to ensure that nftables is
+          installed before the *__firewall* type is run
+* 2020-05-13
+*** cdist #5: Generating Code & Exploring
+**** Lecture content
+***** Objective
+      - Understand how to *generate code* and when to use it
+      - Exploring explorers
+***** DONE Code generation steps
+      CLOSED: [2020-05-14 목 00:54]
+      - Modify the previously created type *__my_nginx_site*
+      - Read about cdist messaging
+      - If there was a change in the nginx configuration file, reload nginx
+***** DONE Explorer steps
+      CLOSED: [2020-05-14 목 00:54]
+      - Modify the *__my_nginx_site* type to use the *os explorer*
+      - Adjust your type to work on Alpine Linux and Debian (or two
+        other Linux distributions of your choice)
+      - Set the nginx configuration directory accordingly
+***** DONE Documentation
+      CLOSED: [2020-05-14 목 00:54]
+      - Explain the following in your cdist.org file
+      - What is the difference between gencode-remote and the remote code?
+      - What is the difference between gencode-local and gencode-remote?
+      - Locate a type that comes with upstream cdist that uses
+        gencode-local - which one is it? Why does it need gencode-local?
+* 2020-05-11
+*** cdist #4: Requirements
+**** Lecture content
+***** Objective
+      - Understand how requirements work
+***** DONE Create a new type *__my_nginx*
+      CLOSED: [2020-05-12 화 02:22]
+      - Make it a *singleton*
+      - Make it install nginx
+      - Configure a host with it
+      - Usually nginx is configured includes some files
+      - On the target host find out which directory nginx includes
+      - We name this directory *nginx_config_dir*
+***** DONE Create a new type *__my_nginx_site*
+      CLOSED: [2020-05-12 화 02:22]
+      - Assume the *object_id* is a *domain*
+      - In the __my_nginx_site create a file inside the *nginx_config_dir*
+      - The filename is *${domain}.conf*
+      - When using *__file*, it should *require* the *nginx package*
+        - Read about cdist dependencies
+      - The file should be a valid nginx configuration
+      - The *server name* should be set to the specified domain
+      - The *root* directive should point to /var/www/html/DOMAIN
+        - (replace DOMAIN with the actual domain)
+***** DONE Use both types in the initial manifest to configure the target host
+      CLOSED: [2020-05-15 금 21:07]
+      - Create at least two domains
+***** DONE Configure the target host
+      CLOSED: [2020-05-15 금 21:08]
+      - Verify that the configuration files are properly created
+***** DONE Delete the nginx package manually on the target host
+      CLOSED: [2020-05-15 금 21:08]
+***** DONE Comment out *__my_nginx* from the initial manifest, keep the *__my_nginx_site*
+      CLOSED: [2020-05-15 금 21:08]
+      - Explain the error that you get (in your cdist.org file)
+* 2020-05-08
+*** cdist #3: type parameters
+**** Lecture content
+***** DONE Create a new type named *__colourful_file*
+      CLOSED: [2020-05-15 금 20:29]
+      - The objective is to create a type that creates colourful file
+      - The content of the file should be "colour=...", where "..." is a colour specified by a parameter
+      - Add an *optional parameter* named *colour*
+      - Use the **__file** type inside your type to create a file
+      - Use the *$__object_id* variable inside your type
+***** DONE Extend your type to be more colourful
+      CLOSED: [2020-05-15 금 20:29]
+      - Modify the *optional parameter* to be able to be specified *multiple times*
+      - For each time it is specified, add a line "colour=..." to the file
+***** DONE Create a new type *__my_dotfiles*
+      CLOSED: [2020-05-15 금 21:07]
+      - Objective is to manage the dotfiles in your home directory
+      - Make it a *singleton* type
+      - Create a sub directory *files* in the type
+      - Add your .emacs config to the files folder
+      - Add a *for* loop to your type to deploy .[A-z]* to your home directory
+      - Add a .bashrc or .zshrc to the files folder (depending on your shell)
+      - In the initial manifest, add __my_dotfiles when the target host is localhost
+***** DONE As usual commit all changes to your ungleich-learning-circle repo
+      CLOSED: [2020-05-15 금 21:07]
 * 2020-05-06
 ** cdist #2: Your first cdist type
 **** Lecture content