pmcf 1.0.0

package/LICENSE

@@ -0,0 +1,12 @@
+Copyright (C) 2025 by arlac77
+
+Permission to use, copy, modify, and/or distribute this software for any
+purpose with or without fee is hereby granted.
+
+THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES WITH
+REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT,
+INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR
+OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+PERFORMANCE OF THIS SOFTWARE.

package/README.md

@@ -0,0 +1,24 @@
+[![npm](https://img.shields.io/npm/v/pmcf.svg)](https://www.npmjs.com/package/pmcf)
+[![License](https://img.shields.io/badge/License-0BSD-blue.svg)](https://spdx.org/licenses/0BSD.html)
+[![bundlejs](https://deno.bundlejs.com/?q=pmcf\&badge=detailed)](https://bundlejs.com/?q=pmcf)
+[![downloads](http://img.shields.io/npm/dm/pmcf.svg?style=flat-square)](https://npmjs.org/package/pmcf)
+[![GitHub Issues](https://img.shields.io/github/issues/arlac77/pmcf.svg?style=flat-square)](https://github.com/arlac77/pmcf/issues)
+[![Build Status](https://img.shields.io/endpoint.svg?url=https%3A%2F%2Factions-badge.atrox.dev%2Farlac77%2Fpmcf%2Fbadge\&style=flat)](https://actions-badge.atrox.dev/arlac77/pmcf/goto)
+[![Styled with prettier](https://img.shields.io/badge/styled_with-prettier-ff69b4.svg)](https://github.com/prettier/prettier)
+[![Commitizen friendly](https://img.shields.io/badge/commitizen-friendly-brightgreen.svg)](http://commitizen.github.io/cz-cli/)
+[![Known Vulnerabilities](https://snyk.io/test/github/arlac77/pmcf/badge.svg)](https://snyk.io/test/github/arlac77/pmcf)
+[![Coverage Status](https://coveralls.io/repos/arlac77/pmcf/badge.svg)](https://coveralls.io/github/arlac77/pmcf)
+
+# pmcf
+
+## Poor mans configuration management
+
+# API
+
+# install
+
+With [npm](http://npmjs.org) do:
+
+```shell
+npm install pmcf
+```

package/bin/gen-host-defs

@@ -0,0 +1,181 @@
+#!/usr/bin/env node
+
+import { writeFile, mkdir, copyFile, glob } from "node:fs/promises";
+import { cwd, argv } from "node:process";
+import { join } from "node:path";
+import { World, writeLines, sectionLines } from "../src/model.mjs";
+
+const world = new World(argv[2] || cwd());
+
+const hostName = argv[3];
+
+const host = await world.host(hostName);
+
+const targetDir = argv[4] || `pkg/host-${host.hostName}`;
+
+await generateNetworkDefs(host, targetDir);
+await generateMachineInfo(host, targetDir);
+await copySshKeys(host, targetDir);
+await generateKnownHosts(world.hosts(), join(targetDir, "root", ".ssh"));
+
+console.log("provides", "host", ...host.provides);
+console.log("depends", `location-${host.location.name}`, ...host.depends);
+console.log("replaces", `mf-${host.hostName}`, ...host.replaces);
+console.log("description", `host definitions for ${host.domainName}`);
+console.log("backup", "root/.ssh/known_hosts");
+
+async function generateMachineInfo(host, dir) {
+  const etcDir = join(dir, "etc");
+  await writeLines(
+    etcDir,
+    "machine-info",
+    Object.entries({
+      CHASSIS: host.model.chassis,
+      DEPLOYMENT: host.deployment,
+      LOCATION: host.location.name,
+      HARDWARE_VENDOR: host.model.vendor,
+      HARDWARE_MODEL: host.modelName
+    }).map(([k, v]) => `${k}=${v}`)
+  );
+
+  await writeLines(etcDir, "machine-id", [host["machine-id"]]);
+  await writeLines(etcDir, "hostname", [host.hostName]);
+}
+
+async function generateNetworkDefs(host, dir) {
+  const networkDir = join(dir, "etc/systemd/network");
+
+  for (const [name, network] of Object.entries(
+    host.networkInterfaces || { [host.interface || "eth0"]: host }
+  )) {
+    if (name !== "eth0" && network.hwaddr) {
+      await writeLines(networkDir, `${name}.link`, [
+        sectionLines("Match", { MACAddress: network.hwaddr }),
+        "",
+        sectionLines("Link", { Name: name })
+      ]);
+    }
+
+    const networkSections = [
+      sectionLines("Match", { Name: name }),
+      "",
+      sectionLines("Address", {
+        Address: network.ipv4 + "/" + network.network.ipv4_netmask
+      })
+    ];
+
+    if (network["link-local-ipv6"]) {
+      networkSections.push(
+        "",
+        sectionLines("Address", {
+          Address: network["link-local-ipv6"]
+        })
+      );
+    }
+
+    switch (network?.network?.kind) {
+      case "ethernet":
+      case "wifi":
+        const routeSectionExtra = network?.destination
+          ? { Destination: network.destination }
+          : { Gateway: host.location.gateway_ipv4 };
+
+        const networkSectionExtra = network.arpbridge
+          ? {
+              IPForward: "yes",
+              IPv4ProxyARP: "yes"
+            }
+          : {};
+
+        networkSections.push(
+          "",
+          sectionLines("Network", {
+            ...networkSectionExtra,
+            DHCP: "no",
+            DHCPServer: "no",
+            MulticastDNS: "yes",
+            LinkLocalAddressing: "ipv6",
+            IPv6LinkLocalAddressGenerationMode: "stable-privacy"
+          }),
+          "",
+          sectionLines("Route", {
+            ...routeSectionExtra,
+            Scope: network?.network.scope || "global",
+            Metric: network?.network.metric || 1004,
+            InitialCongestionWindow: 20,
+            InitialAdvertisedReceiveWindow: 20
+          }),
+          "",
+          sectionLines("IPv6AcceptRA", {
+            UseAutonomousPrefix: "true",
+            UseOnLinkPrefix: "true",
+            DHCPv6Client: "false",
+            Token: "eui64"
+          })
+        );
+
+        if (network.arpbridge) {
+          networkSections.push(
+            "",
+            sectionLines("Link", { Promiscuous: "yes" })
+          );
+        }
+    }
+
+    await writeLines(networkDir, `${name}.network`, networkSections);
+
+    switch (network?.network?.kind) {
+      case "wireguard":
+        {
+        }
+        break;
+      case "wifi": {
+        const d = join(dir, "etc/wpa_supplicant");
+        await mkdir(d, { recursive: true });
+        writeFile(
+          join(d, `wpa_supplicant-${name}.conf`),
+          `country=${host.location.country}
+ctrl_interface=DIR=/run/wpa_supplicant GROUP=netdev
+update_config=1
+p2p_disabled=1
+network={
+  ssid="${network.ssid || network.network?.ssid}"
+  psk=${network.psk || network.network?.psk}
+  scan_ssid=1
+}`,
+          "utf8"
+        );
+
+        host.postinstall.push(
+          `systemctl enable wpa_supplicant@${name}.service`
+        );
+      }
+    }
+  }
+}
+
+async function copySshKeys(host, dir) {
+  const sshDir = join(dir, "etc", "ssh");
+
+  await mkdir(sshDir, { recursive: true });
+
+  for await (const file of glob("ssh_host_*", { cwd: host.directory })) {
+    copyFile(join(host.directory, file), join(sshDir, file));
+  }
+}
+
+async function generateKnownHosts(hosts, dir) {
+  const keys = [];
+  for await (const host of hosts) {
+    try {
+      const [alg, key, desc] = (await host.publicKey("ed25519")).split(/\s+/);
+      keys.push(`${host.domainName} ${alg} ${key}`);
+
+      for await (const addr of host.networkAddresses()) {
+        keys.push(`${addr.address} ${alg} ${key}`);
+      }
+    } catch {}
+  }
+
+  await writeLines(dir, "known_hosts", keys);
+}

package/bin/gen-location-defs

@@ -0,0 +1,63 @@
+#!/usr/bin/env node
+
+import { cwd, argv } from "node:process";
+import { mkdir, copyFile } from "node:fs/promises";
+import { join } from "node:path";
+import { World, writeLines, sectionLines } from "../src/model.mjs";
+
+const world = new World(argv[2] || cwd());
+const location = await world.location(argv[3] || "SW");
+const targetDir = argv[4];
+
+await generateLocationDefs(location, targetDir);
+
+console.log("provides", "location", "mf-location", `mf-location-${location.name}`);
+console.log("replaces", `mf-location-${location.name}`);
+console.log("description", `location definitions for ${location.name}`);
+
+async function generateLocationDefs(location, dir) {
+  const sl = location.dns_servers;
+  const s1 = sl.shift();
+
+  await writeLines(
+    join(dir, "etc/systemd/resolved.conf.d"),
+    `${location.name}.conf`,
+    sectionLines("Resolve", {
+      DNS: s1,
+      FallbackDNS: sl.join(","),
+      Domains: location.domain,
+      DNSSEC: "no",
+      MulticastDNS: "yes",
+      LLMNR: "no"
+    })
+  );
+
+  await writeLines(
+    join(dir, "etc/systemd/journald.conf.d"),
+    `${location.name}.conf`,
+    sectionLines("Journal", {
+      Compress: "yes",
+      SystemMaxUse: "500M",
+      SyncIntervalSec: "15m"
+    })
+  );
+
+  await writeLines(
+    join(dir, "etc/systemd/timesyncd.conf.d"),
+    `${location.name}.conf`,
+    sectionLines("Time", {
+      NTP: location.ntp_servers.join(" "),
+      PollIntervalMinSec: 60,
+      SaveIntervalSec: 3600
+    })
+  );
+
+  const locationDir = join(dir, "etc", "location");
+
+  await mkdir(locationDir, { recursive: true });
+
+  copyFile(
+    join(location.directory, "location.json"),
+    join(locationDir, "location.json")
+  );
+}

package/bin/gen-named-defs

@@ -0,0 +1,211 @@
+#!/usr/bin/env node
+
+import { cwd, argv } from "node:process";
+import { join } from "node:path";
+import { createHmac } from "node:crypto";
+
+import { World, writeLines } from "../src/model.mjs";
+
+const world = new World(argv[2] || cwd());
+const location = await world.location(argv[3] || "SW");
+const targetDir = argv[4] || `pkg/mf-named-${location.name}`;
+const ttl = location.dnsRecordTTL;
+const updates = [
+  Math.ceil(Date.now() / 1000),
+  36000,
+  72000,
+  600000,
+  60000
+].join(" ");
+
+const NAME_LEN = 35;
+
+await generateNamedDefs(location, targetDir);
+
+console.log("depends", "mf-named");
+console.log("replaces", "mf-named-zones");
+console.log("description", `named defintions for ${location.name}`);
+
+/*for await (const location of world.locations()) {
+  await generateNamedDefs(location, targetDir);
+}*/
+
+async function generateNamedDefs(location, targetDir) {
+  const domain = location.domain;
+
+  if (domain) {
+    const zones = [];
+    const records = new Set();
+
+    const nameserver = (await location.service({ type: "dns" }))?.owner;
+    const rname = location.administratorEmail.replace(/@/,'.');
+
+    for await (const mail of location.services({ type: "smtp" })) {
+      records.add(
+        `${"@".padEnd(NAME_LEN, " ")} ${ttl} IN MX    ${mail.priority} ${
+          mail.owner.domainName
+        }.`
+      );
+    }
+
+    console.log(
+      location.name,
+      location.domain,
+      nameserver?.hostName,
+      rname
+    );
+
+    const catalogZone = {
+      id: `catalog.${domain}`,
+      file: `catalog.${domain}.zone`,
+      records: new Set([
+        `${"@".padEnd(NAME_LEN, " ")} ${ttl} IN SOA   ${
+          nameserver.domainName
+        }. ${rname}. (${updates})`,
+        `${"@".padEnd(NAME_LEN, " ")} ${ttl} IN NS    ${nameserver.ipAddress}.`,
+        `${("version."+domain+'.').padEnd(NAME_LEN, " ")}    IN TXT   "2"`
+      ])
+    };
+
+    const zone = {
+      id: domain,
+      file: `${domain}.zone`,
+      records: new Set([
+        `${"@".padEnd(NAME_LEN, " ")} ${ttl} IN SOA   ${
+          nameserver.domainName
+        }. ${rname}. (${updates})`,
+        `${"@".padEnd(NAME_LEN, " ")} ${ttl} IN NS    ${nameserver.ipAddress}.`,
+        ...records
+      ])
+    };
+    zones.push(zone);
+
+    for await (const subnet of location.subnets()) {
+      if (subnet.address) {
+        const reverse = reverseAddress(subnet.address);
+        const reverseArpa = reverseArpaAddress(subnet.address);
+        const zone = {
+          id: reverseArpa,
+          file: `${reverse}.zone`,
+          records: new Set([
+            `${"@".padEnd(NAME_LEN, " ")} ${ttl} IN SOA   ${
+              nameserver.domainName
+            }. ${rname}. (${updates})`,
+            `${(reverseArpa + ".").padEnd(NAME_LEN, " ")} ${ttl} IN NS    ${
+              nameserver.domainName
+            }.`
+          ])
+        };
+        zones.push(zone);
+        subnet.reverseZone = zone;
+      }
+    }
+
+    for await (const {
+      address,
+      networkInterface
+    } of location.networkAddresses()) {
+      const host = networkInterface.host;
+      zone.records.add(
+        `${host.hostName.padEnd(NAME_LEN, " ")} ${ttl} IN ${
+          address.indexOf(".") >= 0 ? "A   " : "AAAA"
+        }  ${normalizeIPAddress(address)}`
+      );
+
+      for (const service of Object.values(host.services)) {
+        if (service.master && service.alias) {
+          zone.records.add(
+            `${service.alias.padEnd(NAME_LEN, " ")} ${ttl} IN CNAME ${
+              host.domainName
+            }.`
+          );
+        }
+
+        if (service.prefix) {
+          zone.records.add(
+            `${`${service.prefix}.${host.domainName}.`.padEnd(
+              NAME_LEN,
+              " "
+            )} ${ttl} IN SRV   ${String(service.priority).padStart(4)} ${String(
+              service.weight
+            ).padStart(3)} ${String(service.port).padStart(5)} ${
+              host.domainName
+            }.`
+          );
+        }
+      }
+
+      const reverseZone = networkInterface.network.subnet?.reverseZone;
+
+      if (reverseZone && address.indexOf(".") >= 0) {
+        reverseZone.records.add(
+          `${(reverseArpaAddress(address) + ".").padEnd(
+            NAME_LEN,
+            " "
+          )} ${ttl} IN PTR   ${networkInterface.host.domainName}.`
+        );
+      }
+    }
+
+    const zoneConfig = [];
+
+    zones.push(catalogZone);
+
+    for (const zone of zones) {
+      if(zone !== catalogZone) {
+        const hash = createHmac("md5", zone.id).digest("hex");
+        catalogZone.records.add(`${hash}.zones.${domain}. IN PTR   ${zone.id}.`);
+      }
+
+      zoneConfig.push(`zone \"${zone.id}\" {`);
+      zoneConfig.push(`  type master;`);
+      zoneConfig.push(`  file \"${zone.file}\";`);
+
+      const u = location.dnsAllowedUpdates;
+      zoneConfig.push(`  allow-update { ${u.length ? u.join(';') : "none" }; };`);
+      zoneConfig.push(`  notify yes;`);
+      zoneConfig.push(`};`);
+      zoneConfig.push("");
+
+      writeLines(join(targetDir, "var/lib/named"), zone.file, zone.records);
+    }
+
+    writeLines(
+      join(targetDir, "etc/named.d/zones"),
+      `${domain}.zone.conf`,
+      zoneConfig
+    );
+  }
+}
+
+export function reverseAddress(address) {
+  if (address.indexOf(".") >= 0) {
+    return address.split(".").reverse().join(".");
+  }
+
+  return normalizeIPAddress(address)
+    .replaceAll(":", "")
+    .split("")
+    .reverse()
+    .join(".");
+}
+
+export function reverseArpaAddress(address) {
+  return (
+    reverseAddress(address) +
+    (address.indexOf(".") >= 0 ? ".in-addr.arpa" : ".ip6.arpa")
+  );
+}
+
+export function normalizeIPAddress(address) {
+  if (address.indexOf(".") >= 0) {
+    return address;
+  }
+  address = address.replace(/\/\d+$/, "");
+  const parts = address.split(":");
+  const i = parts.indexOf("");
+  if (i >= 0) {
+    parts.splice(i, 1, ..."0".repeat(9 - parts.length));
+  }
+  return parts.map(s => s.padStart(4, "0")).join(":");
+}

package/bin/host-info

@@ -0,0 +1,16 @@
+#!/usr/bin/env node
+import { cwd, argv } from "node:process";
+import { World } from "../src/model.mjs";
+
+const world = new World(argv[2] || cwd());
+
+const hostName = argv[3];
+
+if (hostName) {
+  const host = await world.host(hostName);
+  console.log(host.toJSON());
+} else {
+  for await (const host of world.hosts()) {
+    console.log(host.name);
+  }
+}

package/bin/location-info

@@ -0,0 +1,18 @@
+#!/usr/bin/env node
+import { cwd, argv } from "node:process";
+import { World } from "../src/model.mjs";
+
+const world = new World(argv[2] || cwd());
+
+const locationName = argv[3];
+
+if (locationName) {
+  const location = await world.location(locationName);
+  await location.load();
+  console.log(location.toJSON());
+} else {
+  for await (const location of world.locations()) {
+    console.log(location.name);
+    console.log("  ", (await location.service({ type: "dns"}))?.toString());
+  }
+}

package/bin/network

@@ -0,0 +1,40 @@
+#!/usr/bin/env node
+
+import { cwd, argv } from "node:process";
+import { World } from "../src/model.mjs";
+
+const world = new World(argv[2] || cwd());
+const location = await world.location(argv[3] || "SW");
+
+function q(str) {
+  return str.match(/^\w+$/) ? str : `"${str}"`;
+}
+function id(str) {
+  return str.replaceAll(/-/g,'');
+}
+
+console.log("graph G {");
+console.log("  node [shape=record];");
+for await (const host of location.hosts()) {
+  console.log(
+    `  ${id(host.name)} [label="${host.name}|{${Object.entries(
+      host.networkInterfaces
+    )
+      .map(([n, i]) => `<${id(n)}> ${n}`)
+      .join("|")}}"];`
+  );
+}
+
+for await (const network of location.networks()) {
+  console.log(`  ${id(network.name)} [label="${network.name}\\n${network.ipv4}" shape=circle];`);
+
+  for await (const host of network.hosts()) {
+    for (const [n, i] of Object.entries(host.networkInterfaces)) {
+      if (i.network === network) {
+        console.log(`  ${id(network.name)} -- ${id(host.name)}:${id(n)};`);
+      }
+    }
+  }
+}
+
+console.log("}");

package/package.json

@@ -0,0 +1,58 @@
+{
+  "name": "pmcf",
+  "version": "1.0.0",
+  "publishConfig": {
+    "access": "public"
+  },
+  "description": "Poor mans configuration management",
+  "keywords": [
+    "config management",
+    "config"
+  ],
+  "contributors": [
+    {
+      "name": "Markus Felten",
+      "email": "markus.felten@gmx.de"
+    }
+  ],
+  "license": "0BSD",
+  "bin": {
+    "gen-host-defs": "./bin/gen-host-defs",
+    "gen-location-defs": "./bin/gen-location-defs",
+    "gen-named-defs": "./bin/gen-named-defs",
+    "host-info": "./bin/host-info",
+    "location-info": "./bin/location-info",
+    "network": "./bin/network"
+  },
+  "scripts": {
+    "test": "node --run test:ava",
+    "test:ava": "ava --timeout 4m tests/*-ava.mjs tests/*-ava-node.mjs",
+    "cover": "c8 -x 'tests/**/*' --temp-directory build/tmp ava --timeout 4m tests/*-ava.mjs tests/*-ava-node.mjs && c8 report -r lcov -o build/coverage --temp-directory build/tmp",
+    "docs": "documentation readme --section=API ./src**/*.mjs",
+    "lint": "node --run lint:docs",
+    "lint:docs": "documentation lint ./src**/*.mjs"
+  },
+  "devDependencies": {
+    "ava": "^6.2.0",
+    "c8": "^10.1.3",
+    "documentation": "^14.0.3",
+    "semantic-release": "^24.2.1"
+  },
+  "engines": {
+    "node": ">=22.13.0"
+  },
+  "repository": {
+    "type": "git",
+    "url": "git+https://github.com/arlac77/pmcf.git"
+  },
+  "bugs": {
+    "url": "https://github.com/arlac77/pmcf/issues"
+  },
+  "homepage": "https://github.com/arlac77/pmcf#readme",
+  "template": {
+    "inheritFrom": [
+      "arlac77/template-arlac77-github",
+      "arlac77/template-node-app"
+    ]
+  }
+}

package/pkg/host-host1/etc/hostname

@@ -0,0 +1 @@
+host1

package/pkg/host-host1/etc/machine-info

@@ -0,0 +1,5 @@
+CHASSIS=server
+DEPLOYMENT=undefined
+LOCATION=L1
+HARDWARE_VENDOR=undefined
+HARDWARE_MODEL=m1

package/src/model.mjs

@@ -0,0 +1,757 @@
+import { readFile, writeFile, mkdir, glob } from "node:fs/promises";
+import { join } from "node:path";
+
+class Base {
+  owner;
+  name;
+
+  static get typeName() {
+    return "base";
+  }
+
+  static get typeFileName() {
+    return this.typeName + ".json";
+  }
+
+  static get fileNameGlob() {
+    return "**/" + this.typeFileName;
+  }
+
+  static baseName(name) {
+    if (!name) {
+      return undefined;
+    }
+
+    if (name.endsWith("/" + this.typeFileName)) {
+      return name.substring(0, name.length - this.typeFileName.length - 1);
+    }
+
+    return name;
+  }
+
+  constructor(owner, data) {
+    this.owner = owner;
+    if (data?.name) {
+      this.name = data.name;
+    }
+  }
+
+  get typeName()
+  {
+    return this.constructor.typeName;
+  }
+
+  get host()
+  {
+    if(this instanceof Host) { return this; }
+    return this.owner.host;
+  }
+
+  get network()
+  {
+    if(this instanceof Network) { return this; }
+    return this.owner.network;
+  }
+
+  expand(object) {
+    if (typeof object === "string") {
+      return object.replaceAll(/\$\{([^\}]*)\}/g, (match, m1) => {
+        return this[m1] || "${" + m1 + "}";
+      });
+    }
+
+    if (Array.isArray(object)) {
+      return object.map(e => this.expand(e));
+    }
+
+    if (object instanceof Set) {
+      return new Set([...object].map(e => this.expand(e)));
+    }
+
+    return object;
+  }
+
+  toString() {
+    return this.typeName + ":" + this.owner.name + "/" + this.name;
+  }
+
+  toJSON() {
+    return {
+      name: this.name,
+      owner: this.owner.name
+    };
+  }
+}
+
+export class World {
+  baseDir;
+  /** @typedef {Map<string,Location>} */ #locations = new Map();
+  /** @typedef {Map<string,Host>} */ #hosts = new Map();
+
+  constructor(baseDir) {
+    this.baseDir = baseDir;
+  }
+
+  get name() {
+    return "";
+  }
+
+  async *locations() {
+    if (this.#locations.size > 0) {
+      for (const location of this.#locations.values()) {
+        yield location;
+      }
+    }
+
+    for await (const name of glob(Location.fileNameGlob, {
+      cwd: this.baseDir
+    })) {
+      yield this.location(name);
+    }
+  }
+
+  async *hosts() {
+    if (this.#hosts.size > 0) {
+      for (const host of this.#hosts.values()) {
+        yield host;
+      }
+    }
+
+    for await (const name of glob(Host.fileNameGlob, {
+      cwd: this.baseDir
+    })) {
+      yield this.host(name);
+    }
+  }
+
+  async *domains() {
+    for await (const location of this.locations()) {
+      yield location.domain;
+    }
+  }
+
+  async location(name) {
+    name = Location.baseName(name);
+    if (name === undefined) {
+      return undefined;
+    }
+
+    let location = this.#locations.get(name);
+    if (location) {
+      return location;
+    }
+
+    const directory = join(this.baseDir, name);
+    try {
+      const data = JSON.parse(
+        await readFile(join(directory, Location.typeFileName), "utf8")
+      );
+
+      data.directory = directory;
+      data.name = name;
+
+      location = new Location(this, data);
+    } catch {} // TODO
+    this.#locations.set(name, location);
+    return location;
+  }
+
+  async host(name) {
+    name = Host.baseName(name);
+
+    if (name === undefined) {
+      return undefined;
+    }
+
+    let host = this.#hosts.get(name);
+    if (host) {
+      return host;
+    }
+
+    const directory = join(this.baseDir, name);
+    const data = JSON.parse(
+      await readFile(join(directory, Host.typeFileName), "utf8")
+    );
+
+    data.directory = directory;
+
+    if (!data.name) {
+      data.name = name;
+    } else {
+      name = data.name;
+    }
+
+    if (!data.location) {
+      const parts = name.split(/\//);
+
+      if (parts.length > 1 && parts[0] !== "services" && parts[0] !== "model") {
+        data.location = parts[0];
+      }
+    }
+
+    data.location = await this.location(data.location);
+
+    if (data.extends) {
+      data.extends = await Promise.all(data.extends.map(e => this.host(e)));
+    }
+
+    host = new (data.name.indexOf("model/") >= 0 ? Model : Host)(this, data);
+
+    this.#hosts.set(name, host);
+    return host;
+  }
+
+  async *subnets() {
+    for await (const location of this.locations()) {
+      yield* location.subnets();
+    }
+  }
+
+  async *networkAddresses() {
+    for await (const host of this.hosts()) {
+      for (const networkAddresses of host.networkAddresses()) {
+        yield networkAddresses;
+      }
+    }
+  }
+}
+
+class Host extends Base {
+  directory;
+  networkInterfaces = {};
+  services = {};
+  postinstall = [];
+  location;
+  #extends = [];
+  #provides = new Set();
+  #replaces = new Set();
+  #depends = new Set();
+  #master = false;
+  #os;
+  #distribution;
+  #deployment;
+
+  static get typeName() {
+    return "host";
+  }
+
+  constructor(owner, data) {
+    super(owner, data);
+
+    if (data.deployment !== undefined) {
+      this.#deployment = data.deployment;
+      delete data.deployment;
+    }
+
+    if (data.extends !== undefined) {
+      this.#extends = data.extends;
+      delete data.extends;
+    }
+    if (data.os !== undefined) {
+      this.#os = data.os;
+      delete data.os;
+    }
+    if (data.distribution !== undefined) {
+      this.#distribution = data.distribution;
+      delete data.distribution;
+    }
+    if (data.master !== undefined) {
+      this.#master = data.master;
+      delete data.master;
+    }
+    if (data.depends !== undefined) {
+      this.#depends = new Set(data.depends);
+      delete data.depends;
+    }
+    if (data.replaces !== undefined) {
+      this.#replaces = new Set(data.replaces);
+      delete data.replaces;
+    }
+    if (data.provides !== undefined) {
+      this.#provides = new Set(data.provides);
+      delete data.provides;
+    }
+
+    Object.assign(this, { services: {}, networkInterfaces: {} }, data);
+
+    this.location?.addHost(this);
+
+    for (const [name, iface] of Object.entries(this.networkInterfaces)) {
+      iface.host = this;
+      iface.name = name;
+      if (iface.network) {
+        iface.network = this.location?.network(iface.network);
+      }
+    }
+
+    for (const [name, data] of Object.entries(
+      Object.assign({}, ...this.extends.map(e => e.services), this.services)
+    )) {
+      data.name = name;
+      this.services[name] = new Service(this, data);
+    }
+  }
+
+  get deployment() {
+    return this.#deployment || this.extends.find(e => e.deployment);
+  }
+
+  get extends() {
+    return this.#extends.map(e => this.expand(e));
+  }
+
+  get provides() {
+    let provides = new Set(this.#provides);
+    this.extends.forEach(h => (provides = provides.union(h.provides)));
+    return provides;
+  }
+
+  get replaces() {
+    let replaces = new Set(this.#replaces);
+    this.extends.forEach(h => (replaces = replaces.union(h.replaces)));
+    return replaces;
+  }
+
+  get _depends() {
+    let depends = this.#depends;
+    this.extends.forEach(h => (depends = depends.union(h._depends)));
+    return depends;
+  }
+
+  get depends() {
+    return this.expand(this._depends);
+  }
+
+  get master() {
+    return this.#master || this.extends.find(e => e.master) ? true : false;
+  }
+
+  get os() {
+    return this.#os || this.extends.find(e => e.os);
+  }
+
+  get distribution() {
+    return this.#distribution || this.extends.find(e => e.distribution);
+  }
+
+  get model() {
+    return this.extends.find(h => h instanceof Model);
+  }
+
+  get domain() {
+    return this.location?.domain;
+  }
+
+  get modelName() {
+    return this.model?.hostName;
+  }
+
+  get hostName() {
+    const parts = this.name.split(/\//);
+    return parts[parts.length - 1];
+  }
+
+  get domainName() {
+    return this.hostName + "." + this.domain;
+  }
+
+  *networkAddresses() {
+    for (const [name, networkInterface] of Object.entries(
+      this.networkInterfaces
+    )) {
+      for (const attribute of ["ipv4", "ipv6", "link-local-ipv6"]) {
+        if (networkInterface[attribute]) {
+          yield { address: networkInterface[attribute], networkInterface };
+        }
+      }
+    }
+  }
+
+  get ipAddress() {
+    for (const a of this.networkAddresses()) {
+      return a.address;
+    }
+  }
+
+  async publicKey(type = "ed25519") {
+    return readFile(join(this.directory, `ssh_host_${type}_key.pub`), "utf8");
+  }
+
+  toJSON() {
+    return {
+      ...super.toJSON(),
+      ...Object.fromEntries(
+        [
+          "directory",
+          "location",
+          "model",
+          "os",
+          "distribution",
+          "deployment",
+          "replaces",
+          "depends",
+          "master",
+          "networkInterfaces"
+        ]
+          .filter(p => this[p])
+          .map(p => [p, this[p]])
+      ),
+      extends: this.extends.map(host => host.name),
+      services: Object.fromEntries(
+        Object.values(this.services).map(s => [s.name, s.toJSON()])
+      )
+    };
+  }
+}
+
+class Model extends Host {}
+
+class Location extends Base {
+  directory;
+  domain;
+  dns;
+  #administratorEmail;
+  #hosts = new Map();
+  #networks = new Map();
+  #subnets = new Map();
+
+  static get typeName() {
+    return "location";
+  }
+
+  constructor(owner, data) {
+    super(owner, data);
+
+    const networks = data.networks;
+    delete data.networks;
+    Object.assign(this, data);
+
+    if (networks) {
+      for (const [name, network] of Object.entries(networks)) {
+        network.name = name;
+        this.addNetwork(network);
+      }
+
+      for (const network of this.#networks.values()) {
+        if (network.bridges) {
+          network.bridges = new Set(
+            network.bridges.map(b => {
+              const n = this.network(b);
+              if (!n) {
+                console.error(`No network named ${b}`);
+              }
+              return n;
+            })
+          );
+        }
+      }
+    }
+  }
+
+  async load() {
+    for await (const host of this.owner.hosts());
+  }
+
+  async *hosts() {
+    for await (const host of this.owner.hosts()) {
+      if (host.location === this) {
+        yield host;
+      }
+    }
+  }
+
+  async service(filter) {
+    let best;
+    for await (const service of this.services(filter)) {
+      if (!best || service.priority < best.priority) {
+        best = service;
+      }
+    }
+
+    return best;
+  }
+
+  async *services(filter) {
+    for await (const host of this.hosts()) {
+      for (const service of Object.values(host.services)) {
+        if (
+          !filter ||
+          filter.type === "*" ||
+          filter.type === service.type ||
+          filter.name === service.name
+        ) {
+          yield service;
+        }
+      }
+    }
+  }
+
+  network(name) {
+    return this.#networks.get(name);
+  }
+
+  async *networkAddresses() {
+    await this.load();
+    for await (const host of this.hosts()) {
+      for (const networkAddresses of host.networkAddresses()) {
+        yield networkAddresses;
+      }
+    }
+  }
+
+  async *networks() {
+    await this.load();
+    for (const network of this.#networks.values()) {
+      yield network;
+    }
+  }
+
+  async *subnets() {
+    await this.load();
+    for (const subnet of this.#subnets.values()) {
+      yield subnet;
+    }
+  }
+
+  addNetwork(data) {
+    if (!data?.name) {
+      return undefined;
+    }
+
+    let network = this.#networks.get(data.name);
+    if (network) {
+      return network;
+    }
+
+    network = new Network(this, data);
+    this.#networks.set(data.name, network);
+
+    const subnetAddress = network.subnetAddress;
+
+    if (subnetAddress) {
+      let subnet = this.#subnets.get(subnetAddress);
+      if (!subnet) {
+        subnet = new Subnet(this, subnetAddress);
+        this.#subnets.set(subnetAddress, subnet);
+      }
+      network.subnet = subnet;
+      subnet.networks.add(network);
+    }
+    return network;
+  }
+
+  addHost(host) {
+    this.#hosts.set(host.name, host);
+
+    for (const [name, iface] of Object.entries(host.networkInterfaces)) {
+      const network = this.addNetwork({ name: iface.network });
+      if (!network) {
+        console.error("Missing network", host.name, name);
+      } else {
+        network.addHost(host);
+      }
+    }
+  }
+
+  get dnsAllowedUpdates() {
+    return this.dns?.allowedUpdates || [];
+  }
+
+  get dnsRecordTTL() {
+    return this.dns?.recordTTL || "1W";
+  }
+
+  get administratorEmail() {
+    return this.#administratorEmail || "admin@" + this.domain;
+  }
+
+  toJSON() {
+    return {
+      ...super.toJSON(),
+      domain: this.domain,
+      hosts: [...this.#hosts.keys()].sort()
+    };
+  }
+}
+
+class Network extends Base {
+  #hosts = new Map();
+  kind;
+  ipv4;
+  ipv4_netmask;
+  subnet;
+
+  static get typeName() {
+    return "network";
+  }
+
+  constructor(owner, data) {
+    super(owner, data);
+
+    Object.assign(this, data);
+
+    if (this.ipv4) {
+      const m = this.ipv4.match(/\/(\d+)$/);
+      if (m) {
+        this.ipv4_netmask = m[1];
+      }
+    }
+  }
+
+  get subnetAddress() {
+    if (this.ipv4) {
+      const [addr, bits] = this.ipv4.split(/\//);
+      const parts = addr.split(/\./);
+      return parts.slice(0, bits / 8).join(".");
+    }
+  }
+
+  async *hosts() {
+    for (const host of this.#hosts.values()) {
+      yield host;
+    }
+  }
+
+  addHost(host) {
+    this.#hosts.set(host.name, host);
+  }
+
+  toJSON() {
+    return {
+      ...super.toJSON(),
+      kind: this.kind
+    };
+  }
+}
+
+class Subnet extends Base {
+  networks = new Set();
+
+  static get typeName() {
+    return "subnet";
+  }
+
+  constructor(owner, address) {
+    super(owner, { name: address });
+  }
+
+  get address() {
+    return this.name;
+  }
+}
+
+const ServiceTypes = {
+  dns: { prefix: "_dns._udp", port: 53 },
+  ldap: { prefix: "_ldap._tcp", port: 389 },
+  http: { prefix: "_http._tcp", port: 80 },
+  https: { prefix: "_http._tcp", port: 443 },
+  rtsp: { prefix: "_rtsp._tcp", port: 554 },
+  smtp: { prefix: "_smtp._tcp", port: 25 },
+  ssh: { prefix: "_ssh._tcp", port: 22 },
+  imap: { prefix: "_imap._tcp", port: 143 },
+  imaps: { prefix: "_imaps._tcp", port: 993 },
+  dhcp: {}
+};
+
+class Service extends Base {
+  alias;
+  #weight;
+  #priority;
+  #type;
+  #port;
+  #ipAddress;
+
+  static get typeName() {
+    return "service";
+  }
+
+  constructor(owner, data) {
+    super(owner, data);
+    if (data.weight !== undefined) {
+      this.#weight = data.weight;
+      delete data.weight;
+    }
+    if (data.priority !== undefined) {
+      this.#priority = data.priority;
+      delete data.priority;
+    }
+    if (data.type) {
+      this.#type = data.type;
+      delete data.type;
+    }
+    if (data.port !== undefined) {
+      this.#port = data.port;
+      delete data.port;
+    }
+    if (data.ipAddress) {
+      this.#ipAddress = data.ipAddress;
+      delete data.ipAddress;
+    }
+
+    Object.assign(this, data);
+    this.owner = owner;
+  }
+
+  get prefix() {
+    return ServiceTypes[this.type]?.prefix;
+  }
+
+  get ipAddress() {
+    return this.#ipAddress || this.owner.ipAddress;
+  }
+
+  get port() {
+    return this.#port || ServiceTypes[this.type]?.port;
+  }
+
+  get priority() {
+    return /*this.#priority || */ this.owner.priority || 99;
+  }
+
+  get weight() {
+    return this.#weight || this.owner.weight || 0;
+  }
+
+  get master() {
+    return this.owner.master;
+  }
+
+  get type() {
+    return this.#type || this.name;
+  }
+
+  toJSON() {
+    return {
+      ...super.toJSON(),
+      ipAddress: this.ipAddress,
+      alias: this.alias,
+      type: this.type,
+      master: this.master,
+      priority: this.priority,
+      weight: this.weight
+    };
+  }
+}
+
+export async function writeLines(dir, name, lines) {
+  await mkdir(dir, { recursive: true });
+  return writeFile(
+    join(dir, name),
+    [...lines]
+      .flat()
+      .filter(line => line !== undefined)
+      .map(l => l + "\n")
+      .join(""),
+    "utf8"
+  );
+}
+
+export function sectionLines(sectionName, values) {
+  const lines = [`[${sectionName}]`];
+
+  for (const [name, value] of Object.entries(values)) {
+    lines.push(`${name}=${value}`);
+  }
+
+  return lines;
+}