vop-services 0.3.5

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: 9e268137477755f60ca26cdd3ca4575041b5b822
+  data.tar.gz: 916fe9fe6706e0670ed1c8071a979b3bc6bcfa90
+SHA512:
+  metadata.gz: 6aff62d350acec63c8f38aab623e192bc3602e78ed937c8b66b7b095095e4b4b7da9052e883a108ae91d3e80ed586643d81601faf8e95b4f026f8538de9c7c76
+  data.tar.gz: d3d149e82dbbd20818205d73b2061690d468ec12e4905b0314fae499773edb556f173187857ec8cd757b03564d4042e6c80302c7b35129762018b2029f20c29c

data/Rakefile

@@ -0,0 +1 @@
+require "bundler/gem_tasks"

data/apache/apache.plugin

@@ -0,0 +1,2 @@
+# TODO is that still true?
+depends_on :libvirt

data/apache/commands/add_reverse_proxy.rb

@@ -0,0 +1,32 @@
+description "adds a name-based virtual host that acts as reverse proxy (forwarding incoming traffic to a remote backend)"
+
+param! :machine
+param! "server_name",
+  description: "the http domain served by this vhost",
+  default_param: true,
+  multi: true
+param! "target_url",
+  description: "http url to the backend",
+  multi: true
+param "port",
+  description: "the port number to serve on (80 or 443)",
+  default: 80
+param "timeout",
+  description: "configuration for the ProxyTimeout directive - timeout in seconds to wait for a proxied response",
+  default: 60
+
+run do |plugin, machine, server_name, target_url, port, params|
+  reverse_proxy_config = @op.read_template(
+    template: File.join(plugin.plugin_dir(:templates), "reverse.proxy.conf.erb"),
+    vars: {
+      "target_urls" => target_url,
+      "proxy_timeout" => params["timeout"]
+    }
+  )
+
+  machine.add_vhost(
+    server_name: server_name,
+    port: port,
+    vhost_config: reverse_proxy_config
+  )
+end

data/apache/commands/add_static_vhost.rb

@@ -0,0 +1,20 @@
+param! :machine
+param! "server_name",
+  description: "the http domain served by this vhost",
+  default_param: true,
+  multi: true
+param! "web_root"
+
+run do |machine, server_name, web_root, plugin|
+  static_vhost_config = @op.read_template(
+    template: File.join(plugin.plugin_dir(:templates), "static.conf.erb"),
+    vars: {
+      "document_root" => web_root
+    }
+  )
+
+  machine.add_vhost(
+    server_name: server_name,
+    vhost_config: static_vhost_config
+  )  
+end

data/apache/commands/add_vhost.rb

@@ -0,0 +1,38 @@
+param! :machine
+param! "server_name", default_param: true, multi: true
+param "vhost_config", default: ""
+param "port", default: 80
+
+run do |plugin, machine, server_name, vhost_config, port|
+  # write apache config
+  port_unless_80 = port != 80 ? "_#{port}" : ""
+  config_name = "#{server_name.first}#{port_unless_80}"
+  available_path = "/etc/apache2/sites-available/#{config_name}.conf"
+
+  vars = {
+    "server_names" => server_name,
+    "port" => port
+  }
+  machine.write_template(
+    template: File.join(plugin.plugin_dir(:templates), "vhost.conf.erb"),
+    to: available_path,
+    bind: OpenStruct.new(vars).instance_eval { binding }
+  )
+
+  # remove default template
+  if machine.file_exists "/etc/apache2/sites-enabled/000-default.conf"
+    machine.sudo "unlink /etc/apache2/sites-enabled/000-default.conf"
+  end
+
+  # enable vhost
+  unless machine.file_exists "/etc/apache2/sites-enabled/#{config_name}.conf"
+    machine.sudo "ln -s #{available_path} /etc/apache2/sites-enabled/"
+  end
+
+  # invalidate
+  machine.list_files! "/etc/apache2/sites-enabled"
+  machine.list_files! "/etc/apache2/sites-available"
+  machine.read_file! file: available_path
+
+  machine.sudo("service apache2 restart")
+end

data/apache/commands/parse_vhost_config.rb

@@ -0,0 +1,43 @@
+param! :machine
+param! "file", default_param: true
+param "raw", default: false
+
+run do |machine, file, raw|
+  result = {}
+  machine.read_file("file" => file).lines.each do |line|
+    line.strip!
+
+    if /^\s*([^#]+?\S+)\s+(.+)/ =~ line
+      (key, value) = [$1, $2]
+
+      case key
+      when "ProxyPass"
+        (path, url) = value.split(" ")
+
+        result["proxy"] = {
+          "path" => path,
+          "url" => url
+        }
+
+        if /^http(s?)\:\/\/([^\/]+)\/$/.match(url)
+          result["proxy"]["host"] = $2
+        end
+      when "ServerName"
+        result["domain"] = value
+      when "DocumentRoot"
+        result["web_root"] = value
+      # <VirtualHost : *:443>
+      when "<VirtualHost"
+        if value =~ /\:443/
+          result["https"] = true
+        end
+      end
+
+      if raw
+        result[key] = value
+      end
+    end
+  end
+
+  result
+end

data/apache/commands/tail_access_log.rb

@@ -0,0 +1,7 @@
+param :machine
+param "count"
+
+run do |machine, count|
+  count = count ? "-n#{count} " : ""
+  machine.sudo("tail #{count}/var/log/apache2/access.log")
+end

data/apache/entities/available_vhost.rb

@@ -0,0 +1,12 @@
+key "name"
+
+on :machine
+
+entity do |machine|
+  @op.machines[machine].list_files("/etc/apache2/sites-available").map do |file|
+    {
+      "name" => file["name"],
+      "enabled" => false
+    }
+  end
+end

data/apache/entities/enabled_vhost.rb

@@ -0,0 +1,14 @@
+key "name"
+
+on :machine
+
+entity do |machine|
+  @op.machines[machine].list_files("/etc/apache2/sites-enabled").map do |file|
+    (source, target) = file["name"].split("->").map(&:strip)
+    {
+      "name" => source,
+      "target" => target,
+      "enabled" => true
+    }
+  end
+end

data/apache/entities/vhost.rb

@@ -0,0 +1,32 @@
+key "name"
+
+on :machine
+
+show columns: [ "name", "enabled" ]
+
+entity do |machine|
+  machine = @op.machines[machine]
+
+  # result is made up of enabled_vhosts
+  result = machine.enabled_vhosts.map(&:data)
+
+  # + available_hosts that are not also enabled
+  enabled_names = result.map { |x| x["target"].split("/").last }
+  machine.available_vhosts.each do |vhost|
+    unless enabled_names.include? vhost["name"]
+      result << {
+        "name" => vhost["name"],
+        "enabled" => false
+      }
+    end
+  end
+
+  # read vhost config
+  result.each do |vhost|
+    vhost.merge! machine.parse_vhost_config(
+      "/etc/apache2/sites-available/#{vhost["name"]}"
+    )
+  end
+
+  result
+end

data/apache/services/apache.rb

@@ -0,0 +1,7 @@
+process_regex /httpd/
+process_regex /apache2/
+
+port tcp: 80
+icon "apache_16px.png"
+
+deploy package: "apache2"

data/apache/services/reverse_proxy.rb

@@ -0,0 +1,17 @@
+# TODO inherit from: "apache.apache"
+# (or: depend on: "apache.apache" ?)
+
+# disabled because we don't want duplicate apache service markers in the map
+#process_regex /httpd/
+#process_regex /apache2/
+
+port tcp: 80
+#icon "apache_16px.png"
+
+deploy package: ["apache2"]
+
+# --- reverse proxy specific ---
+
+deploy do |machine|
+  machine.sudo "a2enmod proxy proxy_balancer proxy_http"
+end

data/apache/templates/reverse.proxy.conf.erb

@@ -0,0 +1,18 @@
+<% if target_urls.size > 1 %>
+  <Proxy balancer://mycluster/>
+  <% target_urls.each do |target_url| %>
+    BalancerMember <%= target_url %>
+  <% end %>
+  </Proxy>
+  ProxyPass / balancer://mycluster/
+<% else %>
+  <% target_url = target_urls.first %>
+  <% target_url += "/" unless target_url.end_with? "/" %>
+  ProxyPass / <%= target_url %>
+  ProxyPassReverse / <%= target_url %>
+<% end %>
+
+ProxyPreserveHost On
+<% if proxy_timeout %>
+  ProxyTimeout <%= proxy_timeout %>
+<% end %>

data/apache/templates/static.conf.erb

@@ -0,0 +1 @@
+DocumentRoot <%= document_root %>

data/apache/templates/vhost.conf.erb

@@ -0,0 +1,15 @@
+<VirtualHost *:<%= port %>>
+	ServerName <%= server_names.first %>
+	<% server_names[1..server_names.size-1].each do |name| %>
+	ServerAlias <%= name %>
+	<% end %>
+
+	ServerAdmin webmaster@localhost
+
+	<%= vhost_config %>
+
+	ErrorLog ${APACHE_LOG_DIR}/error.log
+	CustomLog ${APACHE_LOG_DIR}/access.log combined
+</VirtualHost>
+
+# vim: syntax=apache ts=4 sw=4 sts=4 sr noet

data/certbot/certbot.plugin

@@ -0,0 +1 @@
+config_param! "eff_email", "email address for registration with the EFF"

data/certbot/commands/letsencrypt.rb

@@ -0,0 +1,21 @@
+param! :machine
+param! "domain", multi: true, default_param: true
+
+run do |plugin, machine, domain|
+  certbot_email = plugin.config["eff_email"]
+  if certbot_email.nil?
+    raise "missing configuration key 'eff_email'"
+  end
+
+  certbot_bin = "certbot"  
+
+  domain.each do |d|
+    certbot_cmd = "#{certbot_bin} --non-interactive -m #{certbot_email} --agree-tos --eff-email"
+    certbot_cmd += " --apache -d #{d}"
+    machine.sudo(certbot_cmd)
+  end
+
+  # invalidate
+  machine.list_files! "/etc/apache2/sites-enabled"
+  machine.list_files! "/etc/apache2/sites-available"
+end

data/certbot/services/certbot.rb

@@ -0,0 +1,8 @@
+deploy do |machine|
+  machine.install_package "software-properties-common"
+  machine.install_repo "ppa:certbot/certbot"
+  machine.install_package "python-certbot-apache"
+end
+
+binary_name "certbot"
+icon "letsencrypt_16px.png"

data/isoremix/commands/fetch_ubuntu_iso.rb

@@ -0,0 +1,40 @@
+param! :machine
+
+param! "version", :default => "16.04"
+
+run do |machine, version|
+  dir = isoremix_dir("clean")
+
+  upstream_url = "http://releases.ubuntu.com/#{version}"
+
+  input = machine.curl "#{upstream_url}/"
+  links = input.scan /<a href="(ubuntu-(#{version}[\.\d]+)-(.+?)-(.+?)\.([^>]+))">/
+
+  files = links.map do |link|
+    {
+      url: "#{upstream_url}/#{link[0]}",
+      version: link[1],
+      type: link[2],
+      arch: link[3],
+      extension: link[4]
+    }
+  end
+
+  isos = files.select do |file|
+    file[:extension] == "iso" &&
+    file[:arch] == "amd64" &&
+    file[:type] == "server"
+  end
+
+  iso = isos.first
+  raise "no ISO found" if iso.nil?
+
+  url = iso[:url]
+  $logger.info "found URL : #{url}"
+
+  file_name = url.split("/").last
+  machine.download_file(
+    url: url,
+    file: "#{dir}/#{file_name}"
+  )
+end

data/isoremix/commands/list_rebuilt_isos.rb

@@ -0,0 +1,9 @@
+param! :machine
+
+run do |machine|
+  machine.list_files isoremix_dir("rebuilt")
+end
+
+invalidate do |machine|
+  machine.list_files! isoremix_dir("rebuilt")
+end

data/isoremix/commands/list_remix_configs.rb

@@ -0,0 +1,9 @@
+param! :machine
+
+run do |machine|
+  machine.list_files isoremix_dir("config")
+end
+
+invalidate do |machine|
+  machine.list_files! isoremix_dir("config")
+end

data/isoremix/commands/list_source_isos.rb

@@ -0,0 +1,9 @@
+param! :machine
+
+run do |machine|
+  machine.list_files isoremix_dir("clean")
+end
+
+invalidate do |machine|
+  machine.list_files! isoremix_dir("clean")
+end

data/isoremix/commands/new_vm_from_iso.rb

@@ -0,0 +1,17 @@
+param! :machine
+
+param! "name"
+
+param "memory", description: "in MB", default: 512
+param "cpu_count", default: 1
+param "disk_size", description: "in GB", default: 25
+
+param! "iso", :lookup => lambda { |params| @op.list_rebuilt_isos("machine" => params["machine"]).map { |x| x["name"] } }
+
+run do |params|
+  base_path = isoremix_dir("rebuilt")
+  iso = params.delete("iso")
+  iso_path = File.join(base_path, iso)
+
+  @op.new_vm(params.merge({"iso_path" => iso_path}))
+end

data/isoremix/commands/new_vm_from_latest.rb

@@ -0,0 +1,22 @@
+param! :machine
+
+param! "name"
+
+param "memory", description: "in MB", default: 512
+param "cpu_count", default: 1
+param "disk_size", description: "in GB", default: 25
+
+param! "iso_regex", "a regular expression to filter ISO names against"
+
+run do |machine, params|
+  iso_regex = Regexp.new(params.delete("iso_regex"))
+
+  found = machine.list_rebuilt_isos.select do |iso|
+    iso["name"] =~ iso_regex
+  end
+  raise "no rebuilt ISO found matching name pattern #{iso_regex}" unless found && found.size > 0
+  iso_name = found.sort_by { |x| x["timestamp"] }.last["name"]
+
+  $logger.info "latest ISO found : #{iso_name}"
+  @op.new_vm_from_iso(params.merge({"iso" => iso_name}))
+end

data/isoremix/commands/new_vm_from_latest_ubuntu.rb

@@ -0,0 +1,19 @@
+param! :machine
+
+param! "name"
+
+param "memory", description: "in MB", default: 512
+param "cpu_count", default: 1
+param "disk_size", description: "in GB", default: 25
+
+run do |machine, name, params|
+  new_machine = @op.new_vm_from_latest(params.merge({"iso_regex" => "ubuntu"}))
+
+  @op.track_installation_status(
+    host_name: machine.name,
+    vm_name: name,
+    status: "base_installing"
+  )
+
+  new_machine.install_service("service" => "ubuntu.base_install")
+end

data/isoremix/commands/rebuild_debian_iso.rb

@@ -0,0 +1,62 @@
+param! :machine
+param! "source_iso", lookup: lambda { |params|
+  @op.list_source_isos(params["machine"]).map { |x| x["name"] }
+}
+
+param "just_kidding", default: false
+
+run do |machine, source_iso, just_kidding|
+  config_dir = isoremix_dir("config")
+
+  # prepare a directory to hold the config we've used
+  unless source_iso =~ /(.+)\.iso$/
+    raise "unexpected iso file extension"
+  end
+  base_name = $1
+  config_root = File.join(config_dir, "#{base_name}.config")
+  $logger.info "config base : #{config_root}"
+
+  last_config = machine.list_remix_configs.select do |config|
+    config["name"] =~ /^#{base_name}/
+  end.map { |x| x["name"] }.sort.last
+
+  idx = 1
+  if last_config =~ /config(\d+)$/
+    last_used_idx = $1.to_i
+    idx = last_used_idx + 1
+  end
+
+  config_name = "#{config_root}#{idx}"
+  $logger.info "storing config in #{config_name}"
+  # TODO make sure there does not exist a dir named config_name yet
+  machine.mkdirs(config_name)
+
+  # copy the config we've used
+  preseed_file = "/var/local/lib/isoremix/preseed.cfg"
+  machine.sudo("cp #{preseed_file} #{config_name}/")
+  preseed_file = "#{config_name}/preseed.cfg"
+
+  extra_dir = "/var/local/lib/isoremix/extra"
+  machine.sudo("cp -r #{extra_dir} #{config_name}/extra")
+  extra_dir = "#{config_name}/extra"
+
+  # figure out the name of the target ISO
+  source_path = "/var/local/lib/isoremix/clean/#{source_iso}"
+  target_path = "/var/local/lib/isoremix/rebuilt/#{base_name}.rebuild#{idx}.iso"
+
+  # and go
+  rebuild_cmd = "rebuild-debian-iso #{source_path} #{target_path} #{preseed_file} #{extra_dir}"
+
+  if just_kidding
+    puts "[noop] would run >>#{rebuild_cmd}<<"
+  else
+    output = machine.sudo(rebuild_cmd)
+    matched = /Output ISO generated:\s+(.+)/m.match(output)
+    iso_path = matched.captures.first.strip
+
+    machine.sudo "chown libvirt-qemu:kvm #{iso_path}"
+
+    machine.list_rebuilt_isos!
+    machine.list_remix_configs!
+  end
+end

data/isoremix/files/rebuild-debian-iso

@@ -0,0 +1,75 @@
+#!/usr/bin/env bash
+
+# from https://github.com/cdown/rebuild-debian-iso
+
+shopt -s globstar
+
+input_iso=$1
+output_iso=$2
+preseed=$3
+input_file_dir=$4
+
+msg() {
+    printf '>>> %s\n' "$@"
+}
+
+if ! [[ -r $input_iso && -r $preseed ]]; then
+    printf '%s\n' \
+        "Usage: ${0##*/} <input-iso> <output-iso> <preseed-file> [file-dir]" \
+        "" \
+        "input-iso:    the debian iso to modify" \
+        "output-iso:   where to store the modified iso" \
+        "preseed-file: the location of a preseed file to inject" \
+        "file-dir:     an optional directory to be put at extra/ in the iso"
+    exit 1
+fi
+
+iso_dir=$(mktemp -d)
+initrd_dir=$(mktemp -d)
+
+msg "Extracting source image"
+# TODO check that bsdtar is installed
+bsdtar -C "$iso_dir" -xf "$input_iso"
+
+ls $iso_dir/install
+initrd=$iso_dir/install/initrd.gz
+
+(
+cd "$initrd_dir"
+msg "Extracting initrd"
+gzip -d < "$initrd" | cpio -i --no-absolute-filenames
+)
+
+msg "Injecting preseed"
+cp "$preseed" "$initrd_dir/preseed.cfg"
+
+(
+msg "Rebuilding initrd"
+cd "$initrd_dir"
+find . -print0 | cpio -H newc -o -0 | gzip -9 > "$initrd"
+)
+
+msg "Setting up automatic booting to preseed"
+sed -i 's/timeout 0/timeout 5/' "$iso_dir/isolinux/isolinux.cfg"
+sed -i '/^\tappend/d' "$iso_dir/isolinux/txt.cfg"
+printf '\tappend vga=788 initrd=/install.amd/initrd.gz auto text\n' >> "$iso_dir/isolinux/txt.cfg"
+
+if [[ $input_file_dir ]]; then
+    msg "Adding custom files to 'extra' dir on image"
+    cp -a "$input_file_dir" "$iso_dir/extra"
+fi
+
+msg "Generating md5sums"
+( cd "$iso_dir" && find . -type f -exec md5sum {} + > md5sum.txt )
+
+msg "Generating output ISO image"
+mkisofs -quiet \
+    -o "$output_iso" \
+    -r -J -no-emul-boot -boot-load-size 4 -boot-info-table \
+    -b isolinux/isolinux.bin -c isolinux/boot.cat \
+    "$iso_dir"
+
+msg "Removing temporary directories"
+rm -rf "$iso_dir" "$initrd_dir"
+
+msg "Output ISO generated: $output_iso"

data/isoremix/helpers/isoremix_dir.rb

@@ -0,0 +1,3 @@
+def isoremix_dir(sub)
+  File.join(@plugin.config["isoremix_root"], sub)
+end

data/isoremix/isoremix.plugin

@@ -0,0 +1,10 @@
+config_param "isoremix_root", default: "/var/local/lib/isoremix"
+
+config_param! "root_password"
+config_param "normal_user_name"
+config_param "normal_user_full_name"
+config_param "normal_user_password"
+
+config_param "authorized_keys", multi: true, default: [
+  'ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA21N2+aa0coKsw4nKlsQXOE0+ppSj5vMIbbNzzbp3Pw78DmYVUXuKiD+IZIwttK6MWMFyEt8Iv7SfeGWXMNTBHKTFi4ikbHIf2PnwGOBnF9/wiA18LlIsSAaYWdA9UOEGiJ8GkFs2TpP5yW25buXAD0mJtVi9PWrt1myeA0MWO0JLJ/1T7v8YFSU3iRxmN+cEto3eX4II2a7UkID/3Wy9qEoANDYHes6Nm008Z9jwg8zW1On6fTacaShIemWBv/ilTa41bYNywgqJqRtsMVp3fYdcWRff2hdqja8fIq1HAIGfMNOU+lqVUgXY7nXQc2nzzPtqaYEI/P4xOM3n2jYTNw== philipp@deepthinkpad'
+]

data/isoremix/services/isoremix.rb

@@ -0,0 +1,29 @@
+isoremix_root = @plugin.config["isoremix_root"]
+bin_path = "/usr/local/bin"
+
+deploy create: {
+  in: isoremix_root,
+  dirs: ["config", "clean", "rebuilt", "extra"]
+}
+
+deploy files: "rebuild-debian-iso",
+  to: isoremix_root
+
+deploy template: "preseed.cfg.erb",
+  to: "#{isoremix_root}/preseed.cfg"
+
+deploy template: "post_install.sh.erb",
+  to: "#{isoremix_root}/extra/post_install.sh"
+
+  deploy template: "authorized_keys.erb",
+    to: "#{isoremix_root}/extra/authorized_keys"
+
+deploy package: ["bsdtar", "genisoimage"]
+
+deploy do |machine|
+  machine.chmod(file: "#{bin_path}/rebuild-debian-iso", permissions: "+x")
+
+  machine.list_source_isos!
+  machine.list_remix_configs!
+  machine.list_rebuilt_isos!
+end

data/isoremix/templates/authorized_keys.erb

@@ -0,0 +1 @@
+<%= service.plugin.config["authorized_keys"].join("\n") %>

data/isoremix/templates/post_install.sh.erb

@@ -0,0 +1,20 @@
+#!/bin/bash
+
+SCRIPT_DIR=$( cd "$( dirname "${BASH_SOURCE[0]}" )/.." && pwd )
+
+SSH_DIR=/home/marvin/.ssh
+THE_USER=marvin
+
+mkdir $SSH_DIR
+chmod 0700 $SSH_DIR
+chown $THE_USER $SSH_DIR
+
+if [[ -f $SCRIPT_DIR/authorized_keys ]]; then
+  cp -v $SCRIPT_DIR/authorized_keys $SSH_DIR/authorized_keys
+fi
+chmod 0600 $SSH_DIR/authorized_keys
+chown $THE_USER $SSH_DIR/authorized_keys
+
+echo "$THE_USER ALL=(ALL) NOPASSWD: ALL" > /etc/sudoers.d/$THE_USER
+
+echo "post-install script completed at `date`; configured SSH access and sudo permissions for $THE_USER" > /var/log/post_install.log

data/isoremix/templates/preseed.cfg.erb

@@ -0,0 +1,59 @@
+# see https://help.ubuntu.com/lts/installation-guide/example-preseed.txt
+d-i debian-installer/locale string en_US
+d-i console-setup/ask_detect boolean false
+d-i keyboard-configuration/xkb-keymap select us
+d-i keyboard-configuration/layout select English (US)
+d-i keyboard-configuration/variant select English (US)
+d-i netcfg/choose_interface select eth0
+d-i base-installer/kernel/override-image string linux-server
+d-i clock-setup/utc-auto boolean true
+d-i clock-setup/utc boolean true
+d-i time/zone string Europe/Berlin
+d-i clock-setup/ntp boolean true
+d-i apt-setup/use_mirror boolean true
+d-i mirror/country string DE
+d-i mirror/http/proxy string
+d-i mirror/http/mirror select debian.charite.de
+d-i pkgsel/install-language-support boolean true
+d-i pkgsel/update-policy select none
+tasksel tasksel/first multiselect server
+d-i pkgsel/include string openssh-server
+d-i netcfg/get_hostname string unassigned-hostname
+d-i netcfg/get_domain string unassigned-domain
+d-i partman-auto/method string lvm
+d-i partman-lvm/device_remove_lvm boolean true
+d-i partman-md/device_remove_md boolean true
+d-i partman-lvm/confirm boolean true
+d-i partman-lvm/confirm_nooverwrite boolean true
+d-i partman-auto-lvm/guided_size string max
+d-i partman-auto/choose_recipe select atomic
+d-i partman/default_filesystem string xfs
+d-i partman-partitioning/confirm_write_new_label boolean true
+d-i partman/choose_partition select finish
+d-i partman/confirm boolean true
+d-i partman/confirm_nooverwrite boolean true
+d-i partman-md/confirm boolean true
+d-i partman-partitioning/confirm_write_new_label boolean true
+d-i partman/choose_partition select finish
+d-i partman/confirm boolean true
+d-i partman/confirm_nooverwrite boolean true
+d-i partman/unmount_active boolean false
+d-i passwd/make-user boolean true
+d-i passwd/root-login boolean true
+d-i passwd/root-password password <%= service.plugin.config["root_password"] %>
+d-i passwd/root-password-again password <%= service.plugin.config["root_password"] %>
+<% if service.plugin.config.has_key? "normal_user_name" %>
+d-i passwd/user-fullname string <%= service.plugin.config["normal_user_full_name"] %>
+d-i passwd/username string <%= service.plugin.config["normal_user_name"] %>
+d-i passwd/user-password password <%= service.plugin.config["normal_user_password"] %>
+d-i passwd/user-password-again password <%= service.plugin.config["normal_user_password"] %>
+d-i user-setup/encrypt-home boolean false
+<% end %>
+d-i grub-installer/only_debian boolean true
+d-i grub-installer/with_other_os boolean true
+d-i finish-install/reboot_in_progress note
+d-i preseed/late_command string \
+cp /cdrom/extra/post_install.sh /target/root/; \
+cp /cdrom/extra/authorized_keys /target/root/; \
+in-target chmod +x /root/post_install.sh; \
+in-target /root/post_install.sh

data/ubuntu/commands/inspect_package.rb

@@ -0,0 +1,6 @@
+param! :machine
+param! "package", lookup: lambda { |params| @op.list_packages(params).map { |x| x["name"] } }
+
+run do |machine, package|
+  machine.ssh "dpkg -L #{package}"
+end

data/ubuntu/commands/install_package.rb

@@ -0,0 +1,7 @@
+param! :machine
+param! "package", multi: true, default_param: true
+
+run do |machine, package|
+  packages = package.join(" ")
+  machine.sudo "apt-get install -y #{packages}"
+end

data/ubuntu/commands/install_repo.rb

@@ -0,0 +1,7 @@
+param! :machine
+param! "repo_line", default_param: true
+
+run do |machine, repo_line|
+  machine.sudo("apt-add-repository -y #{repo_line}")
+  machine.sudo("apt-get update")
+end

data/ubuntu/commands/list_packages.rb

@@ -0,0 +1,8 @@
+param! :machine
+
+run do |machine|
+  ssh_regex(machine, "dpkg -l",
+    /^(\w{2})\s+(\S+)\s+(\S+)\s+(\S+)\s+(.+)$/,
+    ["status", "name", "version", "architecture", "description"]
+  )
+end

data/ubuntu/services/base_install.rb

@@ -0,0 +1,10 @@
+deploy do |machine|
+  machine.set_hostname machine.name.split(".").first
+  # TODO set the domain as well?
+
+  machine.sudo "apt-get update"
+  # thanks https://askubuntu.com/questions/146921/how-do-i-apt-get-y-dist-upgrade-without-a-grub-config-prompt#answer-147079
+  machine.sudo "DEBIAN_FRONTEND=noninteractive apt-get -o Dpkg::Options::='--force-confdef' -o Dpkg::Options::='--force-confold' upgrade -y"
+
+  machine.install_package "apt-transport-https"
+end

data/ubuntu/services/host_install.rb

@@ -0,0 +1,14 @@
+deploy do |machine|
+    machine.install_service(service: "libvirt.libvirt")
+    machine.list_vms!
+
+    # TODO persist iptables
+    iptables_script = machine.generate_iptables_script
+    machine.ssh(iptables_script)
+    iptables_script
+
+    machine.install_service(service: "isoremix.isoremix")
+
+    machine.fetch_ubuntu_iso(version: "17.10")
+    machine.rebuild_debian_iso(source_iso: "ubuntu-17.10.1-server-amd64.iso")
+end

data/ubuntu/services/preferences.rb

@@ -0,0 +1 @@
+deploy package: %w|vim curl|

data/ubuntu/ubuntu.plugin

@@ -0,0 +1 @@
+depends_on :ssh

data/vop/services/vop.rb

@@ -0,0 +1,6 @@
+deploy package: %w|ruby ruby-dev redis-server|
+deploy package: "openssh-server"
+deploy gem: %w|vop vop-plugins vop-services|
+
+binary_name "vop"
+icon "vop_16px.png"

data/vop-services.gemspec

@@ -0,0 +1,22 @@
+# encoding: utf-8
+
+Gem::Specification.new do |spec|
+  spec.name          = "vop-services"
+  spec.version       = "0.3.5"
+  spec.authors       = ["Philipp T."]
+  spec.email         = ["philipp@virtualop.org"]
+
+  spec.summary       = %q{Service descriptors for the virtualop (see gem "vop").}
+  spec.description   = %q{Metadata for how to install and operate services.}
+  spec.licenses      = ['WTFPL']
+  spec.homepage      = "http://www.virtualop.org"
+
+  spec.files         = `git ls-files -z`.split("\x0").reject { |f| f.match(%r{^(test|spec|features)/}) }
+  spec.bindir        = "exe"
+  spec.executables   = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
+  spec.require_paths = ["lib"]
+
+  spec.add_development_dependency "bundler", "~> 1.10"
+  spec.add_development_dependency "rake", "~> 0"
+  spec.add_development_dependency "rspec", "~> 0"
+end

metadata

@@ -0,0 +1,133 @@
+--- !ruby/object:Gem::Specification
+name: vop-services
+version: !ruby/object:Gem::Version
+  version: 0.3.5
+platform: ruby
+authors:
+- Philipp T.
+autorequire: 
+bindir: exe
+cert_chain: []
+date: 2018-04-03 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: bundler
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.10'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.10'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0'
+description: Metadata for how to install and operate services.
+email:
+- philipp@virtualop.org
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- Rakefile
+- apache/apache.plugin
+- apache/commands/add_reverse_proxy.rb
+- apache/commands/add_static_vhost.rb
+- apache/commands/add_vhost.rb
+- apache/commands/parse_vhost_config.rb
+- apache/commands/tail_access_log.rb
+- apache/entities/available_vhost.rb
+- apache/entities/enabled_vhost.rb
+- apache/entities/vhost.rb
+- apache/files/apache_16px.png
+- apache/services/apache.rb
+- apache/services/reverse_proxy.rb
+- apache/templates/reverse.proxy.conf.erb
+- apache/templates/static.conf.erb
+- apache/templates/vhost.conf.erb
+- certbot/certbot.plugin
+- certbot/commands/letsencrypt.rb
+- certbot/files/letsencrypt_16px.png
+- certbot/services/certbot.rb
+- isoremix/commands/fetch_ubuntu_iso.rb
+- isoremix/commands/list_rebuilt_isos.rb
+- isoremix/commands/list_remix_configs.rb
+- isoremix/commands/list_source_isos.rb
+- isoremix/commands/new_vm_from_iso.rb
+- isoremix/commands/new_vm_from_latest.rb
+- isoremix/commands/new_vm_from_latest_ubuntu.rb
+- isoremix/commands/rebuild_debian_iso.rb
+- isoremix/files/rebuild-debian-iso
+- isoremix/helpers/isoremix_dir.rb
+- isoremix/isoremix.plugin
+- isoremix/services/isoremix.rb
+- isoremix/templates/authorized_keys.erb
+- isoremix/templates/post_install.sh.erb
+- isoremix/templates/preseed.cfg.erb
+- ubuntu/commands/inspect_package.rb
+- ubuntu/commands/install_package.rb
+- ubuntu/commands/install_repo.rb
+- ubuntu/commands/list_packages.rb
+- ubuntu/services/base_install.rb
+- ubuntu/services/host_install.rb
+- ubuntu/services/preferences.rb
+- ubuntu/ubuntu.plugin
+- vop-services.gemspec
+- vop/files/vop_16px.png
+- vop/services/vop.rb
+- vop/vop.plugin
+homepage: http://www.virtualop.org
+licenses:
+- WTFPL
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.5.2.1
+signing_key: 
+specification_version: 4
+summary: Service descriptors for the virtualop (see gem "vop").
+test_files: []