ConfigLMM 0.1.0 → 0.3.0

data/Plugins/Apps/gollum/gollum.conf.erb

@@ -1,22 +1,37 @@
 
 server {
 
-    <% if !config['TLS'] %>
-        listen       <%= config['Port'] %>;
-        listen  [::]:<%= config['Port'] %>;
-    <% else %>
-        listen       <%= config['Port'] %> ssl;
-        listen  [::]:<%= config['Port'] %> ssl;
+    <% if config['NginxVersion'] >= 1.25 %>
+        <% if !config['TLS'] %>
+            listen       <%= config['Port'] %>;
+            listen  [::]:<%= config['Port'] %>;
+        <% else %>
+            listen       <%= config['Port'] %> ssl;
+            listen  [::]:<%= config['Port'] %> ssl;
+
+            include config-lmm/ssl.conf;
+        <% end %>
         http2 on;
-        include config-lmm/ssl.conf;
+        http3 on;
+        quic_retry on;
+        add_header Alt-Svc 'h3=":443"; ma=86400';
+    <% else %>
+        <% if !config['TLS'] %>
+            listen       <%= config['Port'] %>;
+            listen  [::]:<%= config['Port'] %>;
+        <% else %>
+            listen       <%= config['Port'] %> ssl http2;
+            listen  [::]:<%= config['Port'] %> ssl http2;
+
+            include config-lmm/ssl.conf;
+        <% end %>
     <% end %>
 
     server_name <%= config['Domain'] %>;
 
-    root               <%= config['Root'] %>;
-    passenger_app_root /srv/gollum;
-
-    try_files    $uri @Passenger;
+    <% if config['Root'] %>
+        root               <%= config['Root'] %>;
+    <% end %>
 
     access_log  /var/log/nginx/gollum.access.log;
     error_log   /var/log/nginx/gollum.error.log;
@@ -30,12 +45,24 @@ server {
         ssl_trusted_certificate "/etc/letsencrypt/live/<%= config['CertName'] %>/chain.pem";
     <% end %>
 
-    location @Passenger {
-        passenger_enabled on;
-        passenger_min_instances 1;
-        rails_env production;
+    <% if config['Passenger'] %>
+        passenger_app_root /srv/gollum;
 
-        #passenger_set_cgi_param HTTP_X_FORWARDED_PROTO https;
-        #limit_req zone=one burst=5;
-    }
+        try_files    $uri @Passenger;
+
+        location @Passenger {
+            passenger_enabled on;
+            passenger_min_instances 1;
+            rails_env production;
+
+            #passenger_set_cgi_param HTTP_X_FORWARDED_PROTO https;
+            #limit_req zone=one burst=5;
+        }
+    <% else %>
+        location / {
+            proxy_pass <%= config['Server'] %>;
+
+            include config-lmm/proxy.conf;
+        }
+    <% end %>
 }

data/Plugins/Apps/gollum/gollum.container

@@ -0,0 +1,12 @@
+[Unit]
+Description=gollum container
+After=local-fs.target
+
+[Container]
+Image=gollumwiki/gollum:master
+PublishPort=0.0.0.0:14567:4567
+UserNS=keep-id:uid=1000,gid=1000
+Volume=/srv/gollum/repo:/wiki
+
+[Install]
+WantedBy=multi-user.target default.target

data/Plugins/Apps/gollum/gollum.lmm.rb

@@ -4,12 +4,11 @@ module ConfigLMM
         class Gollum < Framework::NginxApp
 
             NAME = 'gollum'
+            USER = 'gollum'
             GOLLUM_PATH = '/srv/gollum'
+            HOME_DIR = '/var/lib/authentik'
 
             def actionGollumBuild(id, target, activeState, context, options)
-                if !target['Root'] && (!target['Location'] || target['Location'] == '@me')
-                    target['Root'] = File.dirname(`gem which gollum`.strip) + '/gollum/public'
-                end
                 writeNginxConfig(__dir__, NAME, id, target, activeState, context, options)
                 targetDir = options['output'] + GOLLUM_PATH
                 mkdir(targetDir, options['dry'])
@@ -22,16 +21,46 @@ module ConfigLMM
             end
 
             def actionGollumDeploy(id, target, activeState, context, options)
-                if !target['Location'] || target['Location'] == '@me'
+                if target['Location'] && target['Location'] != '@me'
+                    uri = Addressable::URI.parse(target['Location'])
+                    self.class.sshStart(uri) do |ssh|
+                        if !target.key?('Proxy') || !!target['Proxy']
+                            self.class.prepareNginxConfig(target, ssh)
+                            if !target['Root']
+                                gollumPath = ssh.exec!('gem which gollum').strip
+                                target['Root'] = File.dirname(gollumPath) + '/gollum/public'
+                            end
+                            writeNginxConfig(__dir__, NAME, id, target, state, context, options)
+                            deployNginxConfig(id, target, activeState, context, options)
+                        end
+                        if !target.key?('Proxy') || target['Proxy'] != 'only'
+                            distroInfo = Framework::LinuxApp.currentDistroInfo(ssh)
+                            Framework::LinuxApp.configurePodmanServiceOverSSH(USER, GOLLUM_PATH, 'gollum', distroInfo, ssh)
+                            self.class.uploadFolder(options['output'] + GOLLUM_PATH, '/srv', ssh)
+                            path = Framework::LinuxApp::SYSTEMD_CONTAINERS_PATH.gsub('~', GOLLUM_PATH)
+                            ssh.scp.upload!(__dir__ + '/gollum.container', path)
+                            self.class.sshExec!(ssh, "chown -R #{USER}:#{USER} #{GOLLUM_PATH}")
+                            self.class.sshExec!(ssh, "systemctl --user --machine=#{USER}@ daemon-reload")
+                            self.class.sshExec!(ssh, "systemctl --user --machine=#{USER}@ start gollum")
+                        end
+                    end
+                else
                     targetDir = GOLLUM_PATH
                     mkdir(targetDir, options['dry'])
-                    deployNginxConfig(id, target, activeState, context, options)
-                    copy(options['output'] + GOLLUM_PATH + '/config.ru', GOLLUM_PATH, options['dry'])
-                    copyNotPresent(options['output'] + GOLLUM_PATH + '/repo', GOLLUM_PATH, options['dry'])
-                    chown('http', 'http', GOLLUM_PATH, options['dry'])
+                    if !target.key?('Proxy') || !!target['Proxy']
+                        self.class.prepareNginxConfig(target)
+                        if !target['Root']
+                            target['Root'] = File.dirname(`gem which gollum`.strip) + '/gollum/public'
+                        end
+                        writeNginxConfig(__dir__, NAME, id, target, state, context, options)
+                        deployNginxConfig(id, target, activeState, context, options)
+                    end
+                    if !target.key?('Proxy') || target['Proxy'] != 'only'
+                        copy(options['output'] + GOLLUM_PATH + '/config.ru', GOLLUM_PATH, options['dry'])
+                        copyNotPresent(options['output'] + GOLLUM_PATH + '/repo', GOLLUM_PATH, options['dry'])
+                        chown('http', 'http', GOLLUM_PATH, options['dry'])
+                    end
                     activeState['Location'] = '@me'
-                else
-                    # TODO
                 end
             end
 

data/Plugins/OS/Linux/Distributions.yaml

@@ -0,0 +1,16 @@
+
+opensuse-leap:
+    Name: openSUSE Leap
+    InstallPackage: zypper install --no-confirm
+    AutoStartService: systemctl enable
+    StartService: systemctl start
+    CreateServiceUser: useradd --system --shell /usr/sbin/nologin --user-group
+    ModifyUser: usermod
+
+arch:
+    Name: Arch Linux
+    InstallPackage: pacman -S --noconfirm --needed
+    AutoStartService: systemctl enable
+    StartService: systemctl start
+    CreateServiceUser: useradd --system --shell /usr/sbin/nologin --user-group
+    ModifyUser: usermod

data/Plugins/OS/Linux/Linux.lmm.rb

@@ -0,0 +1,389 @@
+
+require 'addressable/uri'
+require 'http'
+require 'securerandom'
+require 'shellwords'
+
+module ConfigLMM
+    module LMM
+        class Linux < Framework::LinuxApp
+
+            ISO_LOCATION = '~/.cache/configlmm/images/'
+            HOSTS_FILE = '/etc/hosts'
+            FSTAB_FILE = '/etc/fstab'
+            SSH_CONFIG = '~/.ssh/config'
+            SYSCTL_FILE = '/etc/sysctl.d/90-configlmm.conf'
+            FIREWALL_PACKAGE = 'firewalld'
+            FIREWALL_SERVICE = 'firewalld'
+
+            def actionLinuxBuild(id, target, activeState, context, options)
+                prepareConfig(target)
+                buildHostsFile(id, target, options)
+                buildSSHConfig(id, target, options)
+                buildAutoYaST(id, target, options)
+            end
+
+            def actionLinuxDeploy(id, target, activeState, context, options)
+                prepareConfig(target)
+                if target['Location'] && target['Location'] != '@me'
+                    uri = Addressable::URI.parse(target['Location'])
+                    case uri.scheme
+                    when 'qemu'
+                        deployOverLibvirt(id, target, activeState, context, options)
+                    when 'ssh'
+                        deployOverSSH(uri, id, target, activeState, context, options)
+                    else
+                        raise Framework::PluginProcessError.new("#{id}: Unknown protocol: #{uri.scheme}!")
+                    end
+                else
+                    deployLocal(target, options)
+                end
+                if target['AlternativeLocation']
+                    uri = Addressable::URI.parse(target['AlternativeLocation'])
+                    raise Framework::PluginProcessError.new("#{id}: Unsupported protocol: #{uri.scheme}!") if uri.scheme != 'ssh'
+                    deployOverSSH(uri, id, target, activeState, context, options)
+                end
+            end
+
+            def deployOverSSH(locationUri, id, target, activeState, context, options)
+                self.class.sshStart(locationUri) do |ssh|
+                    if target['Domain'] || target['Hosts']
+                        hostsLines = []
+                        if target['Domain']
+                            envs = self.class.sshExec!(ssh, "env").split("\n")
+                            envVars = Hash[envs.map { |vars| vars.split('=', 2) }]
+                            ipAddr = envVars['SSH_CONNECTION'].split[-2]
+                            hostsLines << ipAddr.ljust(16) + target['Domain'] + ' ' + target['Name'] + "\n"
+                        end
+                        target['Hosts'].to_a.each do |ip, entries|
+                            hostsLines << ip.ljust(16) + entries.join(' ') + "\n"
+                        end
+                        updateRemoteFile(ssh, HOSTS_FILE, options, false) do |fileLines|
+                            fileLines + hostsLines
+                        end
+                    end
+                    distroInfo = self.class.currentDistroInfo(ssh)
+                    if target['Network']
+                        if distroInfo['Name'] == 'openSUSE Leap'
+                            networkFile = '/etc/sysconfig/network/ifcfg-eth0'
+                            if target['Network'] == 'dhcp'
+                                self.class.sshExec!(ssh, "sed -i \"s|^BOOTPROTO=.*|BOOTPROTO='dhcp'|\" #{networkFile}")
+                            else
+                                self.class.sshExec!(ssh, "sed -i \"s|^BOOTPROTO=.*|BOOTPROTO='static'|\" #{networkFile}")
+                                updateRemoteFile(ssh, networkFile, options, false) do |fileLines|
+                                    fileLines << "\n"
+                                    if target['Network']['IP']
+                                        if target['Network']['IP'].is_a?(Array)
+                                            # TODO
+                                        else
+                                            self.class.sshExec!(ssh, "sed -i 's|^IPADDR=|#IPADDR=|' #{networkFile}")
+                                            fileLines << "IPADDR=#{target['Network']['IP']}\n"
+                                        end
+                                    end
+                                    fileLines
+                                end
+                                if target['Network']['DNS']
+                                    configFile = '/etc/sysconfig/network/config'
+                                    dns = target['Network']['DNS']
+                                    dns = [dns] unless dns.is_a?(Array)
+                                    self.class.sshExec!(ssh, "sed -i 's|^NETCONFIG_DNS_STATIC_SERVERS=.*|NETCONFIG_DNS_STATIC_SERVERS=\"#{dns.join(' ')}\"|' #{configFile}")
+                                end
+                                if target['Network']['Gateway']
+                                    routesFile = '/etc/sysconfig/network/routes'
+                                    self.class.sshExec!(ssh, "sed -i 's|^default |#default |' #{routesFile}")
+                                    updateRemoteFile(ssh, routesFile, options) do |fileLines|
+                                        fileLines << "default #{target['Network']['Gateway']}\n"
+                                    end
+                                end
+                            end
+                        else
+                            # TODO
+                            raise 'Not Unimplemented!'
+                        end
+                    end
+                    if target['Tmpfs']
+                        self.class.sshExec!(ssh, "sed -i '/ \\/tmp /d' #{FSTAB_FILE}")
+                        updateRemoteFile(ssh, FSTAB_FILE, options, false) do |fileLines|
+                            fileLines << "tmpfs                                      /tmp                    tmpfs  nodev,nosuid,size=#{target['Tmpfs']}          0  0\n"
+                        end
+                    end
+                    if target['Sysctl']
+                        updateRemoteFile(ssh, SYSCTL_FILE, options, false) do |fileLines|
+                            target['Sysctl'].each do |name, value|
+                                fileLines << "#{name} = #{value}\n"
+                                self.class.sshExec!(ssh, "sysctl #{name}=#{value}")
+                            end
+                            fileLines
+                        end
+                    end
+                    if target['Users']
+                        target['Users'].each do |name, info|
+                            userId = ssh.exec!("id -u #{name} 2>/dev/null").strip
+                            if userId.empty?
+                                shell = ''
+                                if info['Shell']
+                                    shell = "--shell '/usr/bin/#{info['Shell']}'"
+                                end
+                                badname = '--badname'
+                                badname = '--badnames' if distroInfo['Name'] == 'openSUSE Leap'
+                                self.class.sshExec!(ssh, "useradd #{badname} --create-home --user-group #{shell} #{name}")
+                            end
+                            homeDir = self.class.sshExec!(ssh, "getent passwd #{name} | cut -d ':' -f 6").strip
+                            keyFile = homeDir + "/.ssh/id_ed25519"
+                            if info['SSHKey'] && !self.class.remoteFilePresent?(keyFile, ssh)
+                                self.class.sshExec!(ssh, "mkdir -p #{homeDir}/.ssh")
+                                self.class.sshExec!(ssh, "ssh-keygen -t ed25519 -f #{keyFile} -P ''")
+                                self.class.sshExec!(ssh, "chown -R #{name}:#{name} #{homeDir}/.ssh")
+                            end
+                        end
+                    end
+                    self.executeCommands(target['Execute'], ssh)
+                end
+                if target['Firewall'] && target['Firewall'] != 'no'
+                    self.ensurePackage(FIREWALL_PACKAGE, locationUri)
+                    self.ensureServiceAutoStart(FIREWALL_SERVICE, locationUri)
+                    self.startService(FIREWALL_SERVICE, locationUri)
+                end
+            end
+
+            def deployLocal(target, options)
+                deployLocalHostsFile(target, options)
+                deployLocalSSHConfig(target, options)
+                if target['Sysctl']
+                    updateLocalFile(SYSCTL_FILE, options) do |fileLines|
+                        target['Sysctl'].each do |name, value|
+                            fileLines << "#{name} = #{value}\n"
+                            `sysctl #{name}=#{value}`
+                        end
+                        fileLines
+                    end
+                end
+                if target['Users']
+                    target['Users'].each do |name, info|
+                        userId = self.class.exec("id -u #{name} 2>/dev/null", nil, true).strip
+                        if userId.empty?
+                            shell = ''
+                            if info['Shell']
+                                shell = "--shell '/usr/bin/#{info['Shell']}'"
+                            end
+                            distroInfo = self.class.currentDistroInfo(nil)
+                            badname = '--badname'
+                            badname = '--badnames' if distroInfo['Name'] == 'openSUSE Leap'
+                            self.class.exec("useradd #{badname} --create-home --user-group #{shell} #{name}")
+                        end
+                        homeDir = self.class.exec("getent passwd #{name} | cut -d ':' -f 6").strip
+                        keyFile = homeDir + "/.ssh/id_ed25519"
+                        if info['SSHKey'] && !self.class.filePresent?(keyFile)
+                            self.class.exec("mkdir -p #{homeDir}/.ssh")
+                            self.class.exec("ssh-keygen -t ed25519 -f #{keyFile} -P ''")
+                            self.class.exec("chown -R #{name}:#{name} #{homeDir}/.ssh")
+                        end
+                    end
+                end
+                if target['Firewall'] && target['Firewall'] != 'no'
+                    self.ensurePackage(FIREWALL_PACKAGE, locationUri)
+                    self.ensureServiceAutoStart(FIREWALL_SERVICE, locationUri)
+                    self.startService(FIREWALL_SERVICE, locationUri)
+                end
+                self.executeCommands(target['Execute'])
+            end
+
+            def executeCommands(commands, ssh = nil)
+                return unless commands
+
+                commands.each do |type, data|
+                    case type
+                    when 'sh'
+                        data = [data] unless data.is_a?(Array)
+                        data.each do |cmd|
+                            self.class.exec(cmd, ssh)
+                        end
+                    else
+                        raise 'Unimplemented!'
+                    end
+                end
+            end
+
+            def deployOverLibvirt(id, target, activeState, context, options)
+                location = Libvirt.getLocation(target['Location'])
+                iso = installationISO(target['Distro'], location)
+                iso = buildISOAutoYaST(id, iso, target, options) if target['Distro'] == SUSE_NAME
+                plugins[:Libvirt].createVM(target['Name'], target, target['Location'], iso, activeState)
+            end
+
+            def buildHostsFile(id, target, options)
+                if target['Hosts']
+                    hosts  = "#\n"
+                    hosts += "# /etc/hosts: static lookup table for host names\n"
+                    hosts += "#\n\n"
+                    hosts += "#<ip-address>   <hostname.domain.org>   <hostname>\n"
+                    hosts += "127.0.0.1       localhost\n"
+                    hosts += "::1             localhost\n\n"
+                    hosts += CONFIGLMM_SECTION_BEGIN
+                    target['Hosts'].each do |ip, entries|
+                        hosts += ip.ljust(16) + entries.join(' ') + "\n"
+                    end
+                    hosts += CONFIGLMM_SECTION_END
+
+                    path = options['output'] + '/' + id
+                    mkdir(path + '/etc', options[:dry])
+                    fileWrite(path + HOSTS_FILE, hosts, options[:dry])
+                end
+            end
+
+            def buildSSHConfig(id, target, options)
+                if !target['SSH']['Config'].empty?
+                    sshConfig  = "\n"
+                    sshConfig += CONFIGLMM_SECTION_BEGIN
+                    target['SSH']['Config'].each do |name, info|
+                        sshConfig += "Host #{name} #{info['HostName']}\n"
+                        sshConfig += "    HostName " + info['HostName'] + "\n" if info['HostName']
+                        sshConfig += "    Port " + info['Port'] + "\n" if info['Port']
+                        sshConfig += "    User " + info['User'] + "\n" if info['User']
+                        sshConfig += "    IdentityFile " + info['IdentityFile'] + "\n" if info['IdentityFile']
+                        sshConfig += "\n"
+                    end
+                    sshConfig += CONFIGLMM_SECTION_END
+                    sshConfig += "\n"
+
+                    configPath = options['output'] + '/' + id
+                    mkdir(configPath + '/root/.ssh', options[:dry])
+                    fileWrite(configPath + SSH_CONFIG.gsub('~', '/root'), sshConfig, options[:dry])
+                end
+            end
+
+            def buildAutoYaST(id, target, options)
+                if target['Distro'] == SUSE_NAME
+                    outputFolder = options['output'] + '/' + id + '/'
+                    template = ERB.new(File.read(__dir__ + '/openSUSE/autoinst.xml.erb'))
+                    renderTemplate(template, target, outputFolder + 'autoinst.xml', options)
+                end
+            end
+
+            def deployLocalHostsFile(target, options)
+                if target['Hosts']
+                    updateLocalFile(HOSTS_FILE, options) do |hostsLines|
+                        target['Hosts'].each do |ip, entries|
+                            hostsLines << ip.ljust(16) + entries.join(' ') + "\n"
+                        end
+                        hostsLines
+                    end
+                end
+            end
+
+            def deployLocalSSHConfig(target, options)
+                if !target['SSH']['Config'].empty?
+                    updateLocalFile(File.expand_path(SSH_CONFIG), options) do |configLines|
+                        target['SSH']['Config'].each do |name, info|
+                            configLines << "Host #{name} #{info['HostName']}\n"
+                            configLines << "    HostName " + info['HostName'] + "\n" if info['HostName']
+                            configLines << "    Port " + info['Port'] + "\n" if info['Port']
+                            configLines << "    User " + info['User'] + "\n" if info['User']
+                            configLines << "    IdentityFile " + info['IdentityFile'] + "\n" if info['IdentityFile']
+                        end
+                        configLines
+                    end
+                end
+            end
+
+            def installationISO(distro, location)
+                url = nil
+                case distro
+                when SUSE_NAME
+                    if location.empty?
+                        # TODO automatically fetch latest version from website
+                        url = 'https://download.opensuse.org/distribution/leap/15.6/iso/openSUSE-Leap-15.6-NET-x86_64-Media.iso'
+                    else
+                        raise Framework::PluginProcessError.new("#{id}: Unimplemented!")
+                    end
+                else
+                    raise Framework::PluginProcessError.new("#{id}: Unknown Linux Distro: #{distro}!")
+                end
+
+                filename = File.basename(Addressable::URI.parse(url).path)
+                iso = File.expand_path(ISO_LOCATION + filename)
+                if !File.exist?(iso)
+                    mkdir(File.expand_path(ISO_LOCATION), false)
+                    prompt.say('Downloading... ' + url)
+                    response = HTTP.follow.get(url)
+                    raise "Failed to download file: #{response.status}" unless response.status.success?
+                    File.open(iso, 'wb') do |file|
+                        response.body.each do |chunk|
+                            file.write(chunk)
+                        end
+                    end
+                end
+                iso
+            end
+
+            def buildISOAutoYaST(id, iso, target, options)
+                outputFolder = options['output'] + '/iso/'
+                mkdir(outputFolder, false)
+                `xorriso -osirrox on -indev #{iso} -extract / #{outputFolder} 2>&1 >/dev/null`
+                FileUtils.chmod_R(0750, outputFolder) # Need to make it writeable so it can be deleted
+                copy(options['output'] + '/' + id + '/autoinst.xml', outputFolder, false)
+
+                cfg = outputFolder + "boot/x86_64/loader/isolinux.cfg"
+                `sed -i 's|default harddisk|default linux|' #{cfg}`
+                `sed -i 's|append initrd=initrd splash=silent showopts|append initrd=initrd splash=silent autoyast=device://sr0/autoinst.xml|' #{cfg}`
+                `sed -i 's|prompt		1|prompt		0|' #{cfg}`
+                `sed -i 's|timeout		600|timeout		1|' #{cfg}`
+
+                patchedIso = File.dirname(iso) + '/patched.iso'
+                `xorriso -as mkisofs -no-emul-boot -boot-load-size 4 -boot-info-table -iso-level 4 -b boot/x86_64/loader/isolinux.bin -c boot/x86_64/loader/boot.cat -eltorito-alt-boot -e boot/x86_64/efi -no-emul-boot -o #{patchedIso} #{outputFolder} 2>&1 >/dev/null`
+                patchedIso
+            end
+
+            def prepareConfig(target)
+                target['SSH'] ||= {}
+                target['SSH']['Config'] ||= {}
+                target['Users'] ||= {}
+                target['HostName'] = target['Name'] unless target['HostName']
+
+                if ENV['LINUX_ROOT_PASSWORD_HASH']
+                    target['Users']['root'] ||= {}
+                    target['Users']['root']['PasswordHash'] = ENV['LINUX_ROOT_PASSWORD_HASH']
+                elsif ENV['LINUX_ROOT_PASSWORD']
+                    target['Users']['root'] ||= {}
+                    target['Users']['root']['PasswordHash'] = self.class.linuxPasswordHash(ENV['LINUX_ROOT_PASSWORD'])
+                elsif target['Users'].key?('root')
+                    if !target['Users']['root']['Password'] &&
+                       !target['Users']['root']['PasswordHash']
+                        rootPassword = SecureRandom.urlsafe_base64(12)
+                        prompt.say("Root password: #{rootPassword}", :color => :magenta)
+                        target['Users']['root']['PasswordHash'] = self.class.linuxPasswordHash(rootPassword)
+                    elsif target['Users']['root']['Password'] == 'no'
+                        target['Users']['root'].delete('Password')
+                    end
+                end
+
+                target['Users'].each do |user, info|
+                    newKeys = []
+                    info['AuthorizedKeys'].to_a.each do |key|
+                        if key.start_with?('/') || key.start_with?('~')
+                            newKeys << File.read(File.expand_path(key)).strip
+                        else
+                            newKeys << key
+                        end
+                    end
+                    info['AuthorizedKeys'] = newKeys
+                end
+
+                packages = YAML.load_file(__dir__ + '/Packages.yaml')
+                newApps = []
+                target['Services'] ||= []
+                if target['Apps'].to_a.include?('sshd')
+                    target['Services'] << 'sshd'
+                    target['Services'].uniq!
+                end
+                target['Apps'] = self.class.mapPackages(target['Apps'], target['Distro'])
+            end
+
+            def self.linuxPasswordHash(password)
+                salt = SecureRandom.alphanumeric(16)
+                password.crypt('$6$' + salt)
+            end
+
+        end
+    end
+end

data/Plugins/OS/Linux/Packages.yaml

@@ -0,0 +1,51 @@
+Arch Linux:
+    Cassandra: AUR|cassandra
+    CertBotNginx:
+        - certbot-nginx
+        - certbot-dns-rfc2136
+    CyrusSASL: cyrus-sasl
+    Dovecot: dovecot
+    firewalld: firewalld
+    Nextcloud: nextcloud
+    nginx: nginx
+    PHP-FPM: php-fpm
+    php-pecl: php-pecl
+    Podman: podman
+    PostgreSQL: postgresql
+    Postfix: postfix
+    PowerDNS: powerdns
+    sshd: openssh
+    Valkey: redis
+    WireGuard: wireguard-tools
+    Yarn: yarn
+
+openSUSE Leap:
+    Cassandra: home:davispuh:branches:server:database|cassandra
+    CertBotNginx:
+        - python3-certbot-nginx
+        - certbot-systemd-timer
+        - python3-certbot-dns-rfc2136
+    CyrusSASL: cyrus-sasl-plain
+    Dovecot: dovecot
+    firewalld: firewalld
+    Nextcloud: server:php:applications|nextcloud
+    nginx: nginx
+    PHP-FPM:
+        - php8-devel
+        - php8-mbstring
+        - php8-fpm
+        - php8-redis
+        - php8-pgsql
+        - php8-mysql
+    php-pecl: php8-pecl
+    Podman: podman
+    PostgreSQL: postgresql-server
+    Postfix: postfix
+    PowerDNS:
+        - pdns-backend-geoip
+        - pdns-backend-sqlite3
+        - pdns-backend-postgresql
+    sshd: openssh
+    Valkey: redis
+    WireGuard: wireguard-tools
+    Yarn: yarn