Initial commit

rootmos · Oct 28, 2023 · 510c0c2 · 510c0c2
commit 510c0c2
Show file tree

Hide file tree

Showing 32 changed files with 2,485 additions and 0 deletions.
diff --git a/.github/workflows/tests.yaml b/.github/workflows/tests.yaml
@@ -0,0 +1,124 @@
+name: Run tests
+on:
+  push:
+    branches:
+      - main
+
+jobs:
+  sanity-example:
+    runs-on: ubuntu-latest
+    steps:
+    - name: Check out repository code
+      uses: actions/checkout@v4
+
+    - name: The example's specification is clean
+      run: scripts/is-clean example/openbsd.toml
+
+  sanity-script:
+    runs-on: ubuntu-latest
+    container:
+      image: alpine:3.18.4
+    steps:
+    - name: Install essentials
+      run: apk add python3
+
+    - name: Check out repository code
+      uses: actions/checkout@v4
+
+    - name: Script is footloose and fancy-free
+      run: scripts/load_module.py openbsd
+
+  base:
+    needs:
+      - sanity-script
+    strategy:
+      matrix:
+        version: [ 7.3, 7.4 ]
+        arch: [ amd64, i386 ]
+    runs-on: ubuntu-latest
+    container:
+      image: alpine:3.18.4
+    env:
+      OPENBSD_CACHE: /tmp/cache
+      WORKDIR: /${{github.job}}-${{github.run_id}}-${{github.run_number}}-${{github.run_attempt}}
+    steps:
+    - name: Install essentials
+      run: apk add bash python3 tar
+
+    - name: Check out repository code
+      uses: actions/checkout@v4
+
+    - name: Install dependencies
+      run: ./openbsd deps --install --arch=${{ matrix.arch }}
+
+    - name: Cache OpenBSD files
+      id: cache-openbsd
+      uses: actions/cache@v3
+      with:
+          path: ${{ env.OPENBSD_CACHE }}
+          key: openbsd-${{ matrix.version }}-${{ matrix.arch }}-${{ github.job }}
+          restore-keys: |
+              openbsd-${{ matrix.version }}-${{ matrix.arch }}-${{ github.job }}
+              openbsd-${{ matrix.version }}-${{ matrix.arch }}
+              openbsd-${{ matrix.version }}
+              openbsd
+
+    - name: Run test
+      run: tests/base -v ${{ matrix.version }} -a ${{ matrix.arch }}
+
+    - name: Keep artifacts
+      uses: actions/upload-artifact@v3
+      if: always()
+      with:
+        name: ${{ github.job }}-${{ matrix.version }}-${{ matrix.arch }}-${{github.run_id}}-${{github.run_number}}-${{github.run_attempt}}
+        retention-days: 3
+        path: /${{github.job}}-${{github.run_id}}-${{github.run_number}}-${{github.run_attempt}}/**/*
+
+  example:
+    needs:
+      - base
+      - sanity-script
+      - sanity-example
+    strategy:
+      matrix:
+        version: [ 7.4 ]
+        arch: [ amd64 ]
+    runs-on: ubuntu-latest
+    env:
+      OPENBSD_CACHE: /tmp/cache
+      WORKDIR: /${{github.job}}-${{github.run_id}}-${{github.run_number}}-${{github.run_attempt}}
+    container:
+      image: alpine:3.18.4
+
+    steps:
+    - name: Install essentials
+      run: apk add bash python3 tar
+
+    - name: Check out repository code
+      uses: actions/checkout@v4
+
+    - name: Install dependencies
+      run: ./openbsd deps --install --arch=${{ matrix.arch }}
+
+    - name: Cache OpenBSD files
+      id: cache-openbsd
+      uses: actions/cache@v3
+      with:
+          path: ${{ env.OPENBSD_CACHE }}
+          key: openbsd-${{ matrix.version }}-${{ matrix.arch }}-${{ github.job }}
+          restore-keys: |
+              openbsd-${{ matrix.version }}-${{ matrix.arch }}-${{ github.job }}
+              openbsd-${{ matrix.version }}-${{ matrix.arch }}
+              openbsd-${{ matrix.version }}
+              openbsd
+
+    - name: Run test
+      run: tests/example -v ${{ matrix.version }} -a ${{ matrix.arch }}
+
+    - name: Keep artifacts
+      uses: actions/upload-artifact@v3
+      if: always()
+      with:
+        name: ${{ github.job }}-${{ matrix.version }}-${{ matrix.arch }}-${{github.run_id}}-${{github.run_number}}-${{github.run_attempt}}
+        retention-days: 3
+        path: /${{github.job}}-${{github.run_id}}-${{github.run_number}}-${{github.run_attempt}}/**/*
diff --git a/.gitignore b/.gitignore
@@ -0,0 +1,4 @@
+.cache
+__pycache__
+
+workdir
diff --git a/example/Makefile b/example/Makefile
@@ -0,0 +1,10 @@
+ROOT := $(shell dirname $(realpath $(firstword $(MAKEFILE_LIST))))
+SCRIPTS ?= $(ROOT)/../scripts
+
+INTERCALATE ?= $(SCRIPTS)/intercalate
+
+.PHONY: spec
+spec: openbsd.toml
+
+openbsd.toml: $(wildcard parts/*.toml) | $(INTERCALATE)
+	$(INTERCALATE) $@ $^
diff --git a/example/openbsd.toml b/example/openbsd.toml
@@ -0,0 +1,62 @@
+version = "7.4"
+arch = "amd64"
+
+[base]
+hostname = "foo"
+disk.size = 4096
+sets = [ "man", "game", "comp" ]
+network.interface = "xnf0"
+
+[site]
+pkgs = [ "awscli" ]
+timeout = 1800
+
+[[site.patch.doas.files]]
+lines = [ "permit nopass :wheel" ]
+mode = 0o400
+dst = "/etc/doas.conf"
+
+[[site.patch.ntpd.files]]
+dst = "/etc/ntpd.conf"
+lines = [
+  "server 169.254.169.123 weight 2", # https://aws.amazon.com/blogs/aws/keeping-time-with-amazon-time-sync-service/
+  "servers pool.ntp.org",
+  "sensor *",
+  "constraints from openbsd.org",
+]
+
+[site.patch.nginx]
+pkg = "nginx"
+service = "nginx"
+
+[[site.patch.nginx.files]]
+src = "site/index.html"
+dst = "/var/www/htdocs/index.html"
+
+[[site.patch.nginx.files]]
+src = "site/nginx.conf"
+dst = "/etc/nginx/nginx.conf"
+
+[site.patch.echoip]
+pkgs = [ "go" ]
+services = [ "echoip" ]
+install = "site/echoip/install"
+
+[[site.patch.echoip.files]]
+src = "site/echoip/service"
+mode = 0o755
+dst = "/etc/rc.d/echoip"
+
+[[run.hostfwd.tcp]]
+hport = 8000
+gport = 80
+
+[aws.ami]
+name_template = "foo-%OS-%VERSION-%SALT"
+snapshot.s3.bucket = "rootmos-infra-artifacts"
+snapshot.s3.key_template = "uploads/foo-%TIMESTAMP-%SALT.img"
+vmimport_role = "arn:aws:iam::676237474471:role/infra-vmimport"
+
+[aws.ami.terraform]
+local = "image"
+output = "terraform/openbsd.tf"
diff --git a/example/parts/00.toml b/example/parts/00.toml
@@ -0,0 +1,2 @@
+version = "7.4"
+arch = "amd64"
diff --git a/example/parts/10.base.toml b/example/parts/10.base.toml
@@ -0,0 +1,5 @@
+[base]
+hostname = "foo"
+disk.size = 4096
+sets = [ "man", "game", "comp" ]
+network.interface = "xnf0"
diff --git a/example/parts/20.site.toml b/example/parts/20.site.toml
@@ -0,0 +1,3 @@
+[site]
+pkgs = [ "awscli" ]
+timeout = 1800
diff --git a/example/parts/21.site.patch.doas.toml b/example/parts/21.site.patch.doas.toml
@@ -0,0 +1,4 @@
+[[site.patch.doas.files]]
+lines = [ "permit nopass :wheel" ]
+mode = 0o400
+dst = "/etc/doas.conf"
diff --git a/example/parts/22.site.patch.ntpd.toml b/example/parts/22.site.patch.ntpd.toml
@@ -0,0 +1,8 @@
+[[site.patch.ntpd.files]]
+dst = "/etc/ntpd.conf"
+lines = [
+  "server 169.254.169.123 weight 2", # https://aws.amazon.com/blogs/aws/keeping-time-with-amazon-time-sync-service/
+  "servers pool.ntp.org",
+  "sensor *",
+  "constraints from openbsd.org",
+]
diff --git a/example/parts/23.site.patch.nginx.toml b/example/parts/23.site.patch.nginx.toml
@@ -0,0 +1,11 @@
+[site.patch.nginx]
+pkg = "nginx"
+service = "nginx"
+
+[[site.patch.nginx.files]]
+src = "site/index.html"
+dst = "/var/www/htdocs/index.html"
+
+[[site.patch.nginx.files]]
+src = "site/nginx.conf"
+dst = "/etc/nginx/nginx.conf"
diff --git a/example/parts/24.site.patch.echoip.toml b/example/parts/24.site.patch.echoip.toml
@@ -0,0 +1,9 @@
+[site.patch.echoip]
+pkgs = [ "go" ]
+services = [ "echoip" ]
+install = "site/echoip/install"
+
+[[site.patch.echoip.files]]
+src = "site/echoip/service"
+mode = 0o755
+dst = "/etc/rc.d/echoip"
diff --git a/example/parts/30.run.toml b/example/parts/30.run.toml
@@ -0,0 +1,3 @@
+[[run.hostfwd.tcp]]
+hport = 8000
+gport = 80
diff --git a/example/parts/40.aws.ami.toml b/example/parts/40.aws.ami.toml
@@ -0,0 +1,5 @@
+[aws.ami]
+name_template = "foo-%OS-%VERSION-%SALT"
+snapshot.s3.bucket = "rootmos-infra-artifacts"
+snapshot.s3.key_template = "uploads/foo-%TIMESTAMP-%SALT.img"
+vmimport_role = "arn:aws:iam::676237474471:role/infra-vmimport"
diff --git a/example/parts/41.aws.terraform.toml b/example/parts/41.aws.terraform.toml
@@ -0,0 +1,3 @@
+[aws.ami.terraform]
+local = "image"
+output = "terraform/openbsd.tf"
diff --git a/example/site/echoip/install b/example/site/echoip/install
@@ -0,0 +1,6 @@
+#!/bin/sh
+
+set -o errexit
+
+export GOPATH=$(pwd) GOCACHE=/tmp/go
+go install -v github.com/mpolden/echoip/...@d84665c
diff --git a/example/site/echoip/service b/example/site/echoip/service
@@ -0,0 +1,13 @@
+#!/bin/ksh
+
+BASE=/usr/patch/echoip
+
+daemon="$BASE/bin/echoip"
+daemon_user=nobody
+TEMPLATE_DIR=$(find "$BASE/pkg/mod/github.com/mpolden" -name html -type d)
+daemon_flags="-l :9000 -H X-Real-IP -r -p -t $TEMPLATE_DIR"
+rc_bg=YES
+
+. /etc/rc.d/rc.subr
+
+rc_cmd $1
diff --git a/example/site/index.html b/example/site/index.html
@@ -0,0 +1 @@
+<html><head></head><body>hello</body></html>
diff --git a/example/site/nginx.conf b/example/site/nginx.conf
@@ -0,0 +1,23 @@
+user www;
+worker_processes 1;
+
+events {
+  worker_connections 800;
+}
+
+http {
+  server {
+    listen 80;
+    server_name localhost;
+
+    root /var/www/htdocs;
+    index index.html;
+    rewrite ^/$ /index.html;
+
+    location ^~/ip/ {
+      proxy_pass http://127.0.0.1:9000/;
+      proxy_set_header X-Real-IP $remote_addr;
+      proxy_set_header Host $http_host;
+    }
+  }
+}
diff --git a/example/terraform/.gitignore b/example/terraform/.gitignore
@@ -0,0 +1 @@
+.terraform
diff --git a/example/terraform/.terraform.lock.hcl b/example/terraform/.terraform.lock.hcl
diff --git a/example/terraform/app.tf b/example/terraform/app.tf
@@ -0,0 +1,40 @@
+resource "aws_instance" "app" {
+  ami = local.image
+  instance_type = "t2.nano"
+
+  security_groups = [ aws_security_group.sg.name ]
+
+  tags = {
+    Name = "foo"
+    GitRepo = var.git-repo
+  }
+}
+
+resource "aws_security_group" "sg" {
+  name = "${var.prefix}sg"
+
+  ingress {
+    protocol = "tcp"
+    from_port = 22
+    to_port = 22
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+
+  ingress {
+    protocol = "tcp"
+    from_port = 80
+    to_port = 80
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+
+  egress {
+    protocol = "-1"
+    from_port = 0
+    to_port = 0
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+
+  tags = {
+    GitRepo = var.git-repo
+  }
+}