jesus/provisioning
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

chore: add current provisioning state before migration

Browse source
This commit is contained in:
Jesús Pérez 2025-09-22 23:11:41 +01:00
parent a9703b4748
commit 50745b0f22
660 changed files with 88126 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

13
taskservs/os/basecamp/devadm-home/.bash_aliases Normal file
View file

@ -0,0 +1,13 @@
KLUSTER=${KLUSTER:-/kluster}
[ -r "$KLUSTER/bin/bash_aliases" ] && . $KLUSTER/bin/bash_aliases
alias k="kubectl"
alias kgn="kubectl get nodes"
alias kgpa="kubectl get pods --all-namespaces "
alias kgpaw="kubectl get pods --all-namespaces -o wide "
alias kgpaw="watch -n 2 kubectl get pods --all-namespaces -o wide "
alias kpkill="kubectl delete pod --grace-period=0 --force "
alias kpexec="kubectl exec -it "
alias kjournal='sudo journalctl -xeu kubelet'

102
taskservs/os/basecamp/devadm-home/.bashrc Normal file
View file

@ -0,0 +1,102 @@
# ~/.bashrc: executed by bash(1) for non-login shells.
# see /usr/share/doc/bash/examples/startup-files (in the package bash-doc)
# for examples
# If not running interactively, don't do anything
[ -z "$PS1" ] && return
# don't put duplicate lines in the history. See bash(1) for more options
# ... or force ignoredups and ignorespace
HISTCONTROL=ignoredups:ignorespace
# append to the history file, don't overwrite it
shopt -s histappend
# for setting history length see HISTSIZE and HISTFILESIZE in bash(1)
HISTSIZE=1000
HISTFILESIZE=2000
# check the window size after each command and, if necessary,
# update the values of LINES and COLUMNS.
shopt -s checkwinsize
# make less more friendly for non-text input files, see lesspipe(1)
[ -x /usr/bin/lesspipe ] && eval "$(SHELL=/bin/sh lesspipe)"
# set variable identifying the chroot you work in (used in the prompt below)
if [ -z "$debian_chroot" ] && [ -r /etc/debian_chroot ]; then
debian_chroot=$(cat /etc/debian_chroot)
fi
# set a fancy prompt (non-color, unless we know we "want" color)
case "$TERM" in
xterm-color) color_prompt=yes;;
esac
# uncomment for a colored prompt, if the terminal has the capability; turned
# off by default to not distract the user: the focus in a terminal window
# should be on the output of commands, not on the prompt
#force_color_prompt=yes
if [ -n "$force_color_prompt" ]; then
if [ -x /usr/bin/tput ] && tput setaf 1 >&/dev/null; then
# We have color support; assume it's compliant with Ecma-48
# (ISO/IEC-6429). (Lack of such support is extremely rare, and such
# a case would tend to support setf rather than setaf.)
color_prompt=yes
else
color_prompt=
fi
fi
if [ "$color_prompt" = yes ]; then
PS1='${debian_chroot:+($debian_chroot)}\[\033[01;32m\]\u@\h\[\033[00m\]:\[\033[01;34m\]\w\[\033[00m\]\$ '
else
PS1='${debian_chroot:+($debian_chroot)}\u@\h:\w\$ '
fi
unset color_prompt force_color_prompt
# If this is an xterm set the title to user@host:dir
case "$TERM" in
xterm*|rxvt*)
PS1="\[\e]0;${debian_chroot:+($debian_chroot)}\u@\h: \w\a\]$PS1"
;;
*)
;;
esac
# enable color support of ls and also add handy aliases
if [ -x /usr/bin/dircolors ]; then
test -r ~/.dircolors && eval "$(dircolors -b ~/.dircolors)" || eval "$(dircolors -b)"
alias ls='ls --color=auto'
#alias dir='dir --color=auto'
#alias vdir='vdir --color=auto'
alias grep='grep --color=auto'
alias fgrep='fgrep --color=auto'
alias egrep='egrep --color=auto'
fi
# some more ls aliases
alias ll='ls -alF'
alias la='ls -A'
alias l='ls -CF'
# Alias definitions.
# You may want to put all your additions into a separate file like
# ~/.bash_aliases, instead of adding them here directly.
# See /usr/share/doc/bash-doc/examples in the bash-doc package.
if [ -f ~/.bash_aliases ]; then
. ~/.bash_aliases
fi
eval `ssh-agent -s`
#ssh-add ~/.ssh/id_devops2023
# enable programmable completion features (you don't need to enable
# this, if it's already enabled in /etc/bash.bashrc and /etc/profile
# sources /etc/bash.bashrc).
#if [ -f /etc/bash_completion ] && ! shopt -oq posix; then
# . /etc/bash_completion
#fi

9
taskservs/os/basecamp/devadm-home/.profile Normal file
View file

@ -0,0 +1,9 @@
# ~/.profile: executed by Bourne-compatible login shells.
if [ "$BASH" ]; then
if [ -f ~/.bashrc ]; then
. ~/.bashrc
fi
fi
mesg n 2> /dev/null || true

1
taskservs/os/basecamp/devadm-home/.ssh/authorized_keys Normal file
View file

@ -0,0 +1 @@
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJuIL+nGfEyIxztKfaIW0MCTbDNis1f2BT7mSzsIthsO jesus@kluster

21
taskservs/os/basecamp/env-os.j2 Normal file
View file

@ -0,0 +1,21 @@
{%- if taskserv.name == "os" %}
HOSTNAME="{{server.hostname}}"
{% if server.ip_addresses.pub %}
PUB_IP="{{server.ip_addresses.pub}}"
{% else %}
PUB_IP=""
{% endif %}
{% if server.ip_addresses.priv %}
PRIV_IP="{{server.ip_addresses.priv}}"
{% else %}
PRIV_IP=""
{% endif %}
DEV_USER="{{taskserv.admin_user}}"
DEV_USER_HOME="/home/{{taskserv.admin_user}}"
DEVS_USER_GROUP="{{taskserv.admin_group}}"
SOURCE_USER_PATH="{{taskserv.src_user_path}}"
INSTALLER_USER={{server.installer_user}}
{% if taskserv.ssh_keys %}
SSH_KEYS="{{taskserv.ssh_keys}}"
{% endif %}
{%- endif %}

115
taskservs/os/basecamp/install-os.sh Executable file
View file

@ -0,0 +1,115 @@
#!/bin/bash
# Info: Script to install OS packages and tools
# Author: JesusPerezLorenzo
# Release: 1.0
# Date: 12-11-2023
USAGE="install-os.sh will-install-all-no-arguments | os | user | resolution | tools"
[ "$1" == "-h" ] && echo "$USAGE" && exit 1
#ORG=$(pwd)
_update_os() {
echo 'debconf debconf/frontend select Noninteractive' | sudo debconf-set-selections
local codename=$(grep VERSION_CODENAME /etc/os-release | cut -f2 -d"=" )
if [ "$codename" == "bookworm" ] ; then
echo "APT::Get::Update::SourceListWarnings::NonFreeFirmware \"false\";" | sudo tee '/etc/apt/apt.conf.d/no-bookworm-firmware.conf'
fi
sudo DEBIAN_FRONTEND=noninteractive apt-get update
sudo DEBIAN_FRONTEND=noninteractive apt-get upgrade -y
sudo DEBIAN_FRONTEND=noninteractive apt-get -y -qq install sudo curl wget git jq dialog apt-utils gnupg unzip \
network-manager \
nfs-common sysstat sshfs \
netcat-traditional iputils-ping \
apt-transport-https ca-certificates \
software-properties-common
sudo DEBIAN_FRONTEND=noninteractive apt autoremove -y 2>/dev/null
}
_ssh_keys() {
local key_file
if [ -n "$SSH_KEYS" ] && [ -d ".ssh" ]; then
for key in $SSH_KEYS
do
key_file=$(basename "$key")
if [ ! -r "$HOME/.ssh/$key_file" ] && [ -r ".ssh/$key_file" ] ; then
cp ".ssh/$key_file" ".ssh/$key_file.pub" "$HOME/.ssh"
if ! grep -q "$(cat ".ssh/$key_file.pub")" "$HOME/.ssh/authorized_keys" ; then
cat ".ssh/$key_file.pub" >> "$HOME/.ssh/authorized_keys"
fi
fi
done
fi
}
_create_user() {
local has_user
sudo chmod 1777 /tmp
[ -z "${DEV_USER}" ] && return
has_user=$(sudo grep ${DEV_USER} /etc/passwd)
[ -z "$DEV_USER" ] && return 1
if [ -z "$has_user" ] ; then
sudo adduser \
--system \
--shell "/bin/bash" \
--gecos "$DEV_USER user" \
--group \
--disabled-password \
--home "$DEV_USER_HOME" \
"${DEV_USER}"
else
echo "User $DEV_USER already exists"
return
fi
[ ! -d "$DEV_USER_HOME" ] && sudo mkdir -p "$DEV_USER_HOME"
if [ -z "$(sudo ls "$DEV_USER_HOME"/.profile 2>/dev/null)" ] ; then
[ -r "$SOURCE_USER_PATH/.profile" ] && sudo cp -pvr "$SOURCE_USER_PATH"/.profile "$DEV_USER_HOME"
fi
if [ -z "$(sudo ls "$DEV_USER_HOME"/.bashrc 2>/dev/null)" ] ; then
[ -r "$SOURCE_USER_PATH/.bashrc" ] && sudo cp -pvr "$SOURCE_USER_PATH"/.bashrc "$DEV_USER_HOME"
fi
if [ -z "$(sudo ls "$DEV_USER_HOME"/.bash_aliases 2>/dev/null)" ] ; then
[ -r "$SOURCE_USER_PATH/.bash_aliases" ] && sudo cp -pvr "$SOURCE_USER_PATH"/.bash_aliases "$DEV_USER_HOME"
fi
if [ -z "$(sudo ls "$DEV_USER_HOME"/.ssh 2>/dev/null)" ] && [ -r "$SOURCE_USER_PATH/.ssh" ] ; then
sudo cp -pvr "$SOURCE_USER_PATH"/.ssh "$DEV_USER_HOME"
elif [ ! -d "$DEV_USER_HOME/.ssh" ] ; then
mkdir -p "$DEV_USER_HOME/.ssh"
fi
while IFS= read -r line
do
if ! grep -q "$line" "$DEV_USER_HOME"/.ssh/authorized_keys 2>/dev/null ; then
echo "$line" | sudo tee -a "$DEV_USER_HOME"/.ssh/authorized_keys >/dev/null
fi
done < "$HOME/.ssh/authorized_keys"
sudo chown -R "$DEV_USER":"$DEV_USER_GROUP" "$DEV_USER_HOME"
if [ ! -r "/etc/sudoers.d/$DEV_USER" ] ; then
echo "$DEV_USER ALL=(ALL:ALL) NOPASSWD: ALL" | sudo tee -a /etc/sudoers.d/$DEV_USER
fi
sudo rm -r "$SOURCE_USER_PATH"
# sudo sed -i "$ a AllowUsers $DEV_USER" /etc/ssh/sshd_config
}
_check_resolution() {
local hostname=""
hostname=$HOSTNAME
local ip=""
ip=$(grep "$hostname" /etc/hosts | grep -v "^#" | awk '{print $1}')
[ -n "$ip" ] && [ "$ip" == "127.0.1.1" ] && sudo sed -i /^"$ip"/d /etc/hosts 2>/dev/null
ip=$(grep "$PUB_IP" /etc/hosts | grep -v "^#" | awk '{print $1}')
[ -z "$ip" ] && echo "$PUB_IP ${hostname}.pub" | sudo tee -a /etc/hosts 2>/dev/null >/dev/null
ip=$(grep "$PRIV_IP" /etc/hosts | grep -v "^#" | awk '{print $1}')
[ -z "$ip" ] && echo "$PRIV_IP ${hostname}.priv $hostname" | sudo tee -a /etc/hosts 2>/dev/null >/dev/null
if [ "$hostname" != "$(cat /etc/hostname)" ] ; then
echo "$hostname" | sudo tee /etc/hostname 2>/dev/null >/dev/null
sudo hostname "$hostname"
fi
}
[ -r "./env-os" ] && . ./env-os
# Update and add packages to installation
[ -z "$1" ] || [ "$1" == "os" ] && _update_os
[ -z "$1" ] || [ "$1" == "ssh_keys" ] && _ssh_keys
[ -z "$1" ] || [ "$1" == "resolution" ] && _check_resolution
[ -z "$1" ] || [ "$1" == "user" ] && _create_user

28
taskservs/os/basecamp/prepare Executable file
View file

@ -0,0 +1,28 @@
#!/usr/bin/env nu
# Info: Prepare for os/basecamp installation
# Author: JesusPerezLorenzo
# Release: 1.0.2
# Date: 19-11-2023
use lib_provisioning/cmd/env.nu *
use lib_provisioning/cmd/lib.nu *
use lib_provisioning/utils/ui.nu *
print $"(_ansi green_bold)OS(_ansi reset) with ($env.PROVISIONING_VARS) "
let defs = load_defs
#sops_cmd "decrypt" /wuwei/repo-cnz/klab/basecamp/.keys.k | save --force /tmp/ky.k
let ssh_keys = ($defs.taskserv.ssh_keys | str replace "~" $env.HOME | str trim)
if $ssh_keys != "" {
let target_path = $env.PROVISIONING_WK_ENV_PATH
^mkdir -p $"($target_path)/.ssh"
for key in ($ssh_keys | split row " ") {
log_debug $"on ($key)"
if ($key | path exists) { cp $key $"($target_path)/.ssh" }
if ($"($key).pub" | path exists) { cp $"($key).pub" $"($target_path)/.ssh" }
}
}

13
taskservs/os/controlpanel/devadm-home/.bash_aliases Normal file
View file

@ -0,0 +1,13 @@
KLUSTER=${KLUSTER:-/kluster}
[ -r "$KLUSTER/bin/bash_aliases" ] && . $KLUSTER/bin/bash_aliases
alias k="kubectl"
alias kgn="kubectl get nodes"
alias kgpa="kubectl get pods --all-namespaces "
alias kgpaw="kubectl get pods --all-namespaces -o wide "
alias kgpaw="watch -n 2 kubectl get pods --all-namespaces -o wide "
alias kpkill="kubectl delete pod --grace-period=0 --force "
alias kpexec="kubectl exec -it "
alias kjournal='sudo journalctl -xeu kubelet'

99
taskservs/os/controlpanel/devadm-home/.bashrc Normal file
View file

@ -0,0 +1,99 @@
# ~/.bashrc: executed by bash(1) for non-login shells.
# see /usr/share/doc/bash/examples/startup-files (in the package bash-doc)
# for examples
# If not running interactively, don't do anything
[ -z "$PS1" ] && return
# don't put duplicate lines in the history. See bash(1) for more options
# ... or force ignoredups and ignorespace
HISTCONTROL=ignoredups:ignorespace
# append to the history file, don't overwrite it
shopt -s histappend
# for setting history length see HISTSIZE and HISTFILESIZE in bash(1)
HISTSIZE=1000
HISTFILESIZE=2000
# check the window size after each command and, if necessary,
# update the values of LINES and COLUMNS.
shopt -s checkwinsize
# make less more friendly for non-text input files, see lesspipe(1)
[ -x /usr/bin/lesspipe ] && eval "$(SHELL=/bin/sh lesspipe)"
# set variable identifying the chroot you work in (used in the prompt below)
if [ -z "$debian_chroot" ] && [ -r /etc/debian_chroot ]; then
debian_chroot=$(cat /etc/debian_chroot)
fi
# set a fancy prompt (non-color, unless we know we "want" color)
case "$TERM" in
xterm-color) color_prompt=yes;;
esac
# uncomment for a colored prompt, if the terminal has the capability; turned
# off by default to not distract the user: the focus in a terminal window
# should be on the output of commands, not on the prompt
#force_color_prompt=yes
if [ -n "$force_color_prompt" ]; then
if [ -x /usr/bin/tput ] && tput setaf 1 >&/dev/null; then
# We have color support; assume it's compliant with Ecma-48
# (ISO/IEC-6429). (Lack of such support is extremely rare, and such
# a case would tend to support setf rather than setaf.)
color_prompt=yes
else
color_prompt=
fi
fi
if [ "$color_prompt" = yes ]; then
PS1='${debian_chroot:+($debian_chroot)}\[\033[01;32m\]\u@\h\[\033[00m\]:\[\033[01;34m\]\w\[\033[00m\]\$ '
else
PS1='${debian_chroot:+($debian_chroot)}\u@\h:\w\$ '
fi
unset color_prompt force_color_prompt
# If this is an xterm set the title to user@host:dir
case "$TERM" in
xterm*|rxvt*)
PS1="\[\e]0;${debian_chroot:+($debian_chroot)}\u@\h: \w\a\]$PS1"
;;
*)
;;
esac
# enable color support of ls and also add handy aliases
if [ -x /usr/bin/dircolors ]; then
test -r ~/.dircolors && eval "$(dircolors -b ~/.dircolors)" || eval "$(dircolors -b)"
alias ls='ls --color=auto'
#alias dir='dir --color=auto'
#alias vdir='vdir --color=auto'
alias grep='grep --color=auto'
alias fgrep='fgrep --color=auto'
alias egrep='egrep --color=auto'
fi
# some more ls aliases
alias ll='ls -alF'
alias la='ls -A'
alias l='ls -CF'
# Alias definitions.
# You may want to put all your additions into a separate file like
# ~/.bash_aliases, instead of adding them here directly.
# See /usr/share/doc/bash-doc/examples in the bash-doc package.
if [ -f ~/.bash_aliases ]; then
. ~/.bash_aliases
fi
# enable programmable completion features (you don't need to enable
# this, if it's already enabled in /etc/bash.bashrc and /etc/profile
# sources /etc/bash.bashrc).
#if [ -f /etc/bash_completion ] && ! shopt -oq posix; then
# . /etc/bash_completion
#fi

9
taskservs/os/controlpanel/devadm-home/.profile Normal file
View file

@ -0,0 +1,9 @@
# ~/.profile: executed by Bourne-compatible login shells.
if [ "$BASH" ]; then
if [ -f ~/.bashrc ]; then
. ~/.bashrc
fi
fi
mesg n 2> /dev/null || true

21
taskservs/os/controlpanel/env-os.j2 Normal file
View file

@ -0,0 +1,21 @@
{%- if taskserv.name == "os" %}
HOSTNAME="{{server.hostname}}"
{% if server.ip_addresses.pub %}
PUB_IP="{{server.ip_addresses.pub}}"
{% else %}
PUB_IP=""
{% endif %}
{% if server.ip_addresses.priv %}
PRIV_IP="{{server.ip_addresses.priv}}"
{% else %}
PRIV_IP=""
{% endif %}
DEV_USER="{{taskserv.admin_user}}"
DEV_USER_HOME="/home/{{taskserv.admin_user}}"
DEVS_USER_GROUP="{{taskserv.admin_group}}"
SOURCE_USER_PATH="{{taskserv.src_user_path}}"
INSTALLER_USER={{server.installer_user}}
{% if taskserv.ssh_keys %}
SSH_KEYS="{{taskserv.ssh_keys}}"
{% endif %}
{%- endif %}

111
taskservs/os/controlpanel/install-os.sh Executable file
View file

@ -0,0 +1,111 @@
#!/bin/bash
# Info: Script to install OS packages
# Author: JesusPerezLorenzo
# Release: 1.0
# Date: 30-10-2023
USAGE="install-os.sh will-install-all-no-arguments | os | user | resolution | tools"
[ "$1" == "-h" ] && echo "$USAGE" && exit 1
_update_os() {
echo 'debconf debconf/frontend select Noninteractive' | sudo debconf-set-selections
local codename=$(grep VERSION_CODENAME /etc/os-release | cut -f2 -d"=" )
if [ "$codename" == "bookworm" ] ; then
su -c 'echo "APT::Get::Update::SourceListWarnings::NonFreeFirmware \"false\";" > /etc/apt/apt.conf.d/no-bookworm-firmware.conf'
fi
sudo DEBIAN_FRONTEND=noninteractive apt-get update
sudo DEBIAN_FRONTEND=noninteractive apt-get upgrade -y
sudo DEBIAN_FRONTEND=noninteractive apt-get -y -qq install sudo curl wget git jq dialog apt-utils gnupg \
network-manager \
nfs-common sysstat sshfs \
netcat-traditional iputils-ping \
apt-transport-https ca-certificates \
software-properties-common ntp ntpdate
sudo DEBIAN_FRONTEND=noninteractive apt autoremove -y
}
_ssh_keys() {
local key_file
if [ -n "$SSH_KEYS" ] && [ -d ".ssh" ]; then
for key in $SSH_KEYS
do
key_file=$(basename "$key")
if [ ! -r "$HOME/.ssh/$key_file" ] && [ -r ".ssh/$key_file" ] ; then
cp ".ssh/$key_file" ".ssh/$key_file.pub" "$HOME/.ssh"
if ! grep -q "$(cat ".ssh/$key_file.pub")" "$HOME/.ssh/authorized_keys" ; then
cat ".ssh/$key_file.pub" >> "$HOME/.ssh/authorized_keys"
fi
fi
done
fi
}
_create_user() {
local has_user
sudo chmod 1777 /tmp
[ -z "${DEV_USER}" ] && return
has_user=$(sudo grep "${DEV_USER}" /etc/passwd)
[ -z "$DEV_USER" ] && return 1
if [ -z "$has_user" ] ; then
sudo adduser \
--system \
--shell "/bin/bash" \
--gecos "$DEV_USER user" \
--group \
--disabled-password \
--home "$DEV_USER_HOME" \
"${DEV_USER}"
else
echo "User $DEV_USER already exists"
return
fi
if [ -n "$DEV_USER_HOME" ] ; then
[ ! -d "$DEV_USER_HOME" ] && sudo mkdir -p "$DEV_USER_HOME"
if [ -z "$(sudo ls "$DEV_USER_HOME"/.profile 2>/dev/null)" ] ; then
[ -r "$SOURCE_USER_PATH/.profile" ] && sudo cp -pvr "$SOURCE_USER_PATH"/.profile "$DEV_USER_HOME"
fi
if [ -z "$(sudo ls "$DEV_USER_HOME"/.bashrc 2>/dev/null)" ] ; then
[ -r "$SOURCE_USER_PATH/.bashrc" ] && sudo cp -pvr "$SOURCE_USER_PATH"/.bashrc "$DEV_USER_HOME"
fi
if [ -z "$(sudo ls "$DEV_USER_HOME"/.bash_aliases 2>/dev/null)" ] ; then
[ -r "$SOURCE_USER_PATH/.bash_aliases" ] && sudo cp -pvr "$SOURCE_USER_PATH"/.bash_aliases "$DEV_USER_HOME"
fi
if [ -z "$(sudo ls "$DEV_USER_HOME"/.ssh 2>/dev/null)" ] && [ -r "$SOURCE_USER_PATH/.ssh" ] ; then
sudo cp -pvr "$SOURCE_USER_PATH"/.ssh "$DEV_USER_HOME"
elif [ ! -d "$DEV_USER_HOME/.ssh" ] ; then
mkdir -p "$DEV_USER_HOME/.ssh"
fi
while IFS= read -r line
do
if ! grep -q "$line" "$DEV_USER_HOME"/.ssh/authorized_keys 2>/dev/null ; then
echo "$line" | sudo tee -a "$DEV_USER_HOME"/.ssh/authorized_keys >/dev/null
fi
done < "$HOME/.ssh/authorized_keys"
sudo chown -R "$DEV_USER":"$DEV_USER_GROUP" "$DEV_USER_HOME"
fi
if [ ! -r "/etc/sudoers.d/$DEV_USER" ] ; then
echo "$DEV_USER ALL=(ALL:ALL) NOPASSWD: ALL" | sudo tee -a /etc/sudoers.d/"$DEV_USER"
fi
sudo rm -r "$SOURCE_USER_PATH"
# sudo sed -i "$ a AllowUsers $DEV_USER" /etc/ssh/sshd_config
}
_check_resolution() {
local hostname=""
hostname=$HOSTNAME
local ip=""
ip=$(grep "$hostname" /etc/hosts | grep -v "^#" | awk '{print $1}')
[ -n "$ip" ] && [ "$ip" == "127.0.1.1" ] && sudo sed -i /^"$ip"/d /etc/hosts 2>/dev/null
ip=$(grep "$PUB_IP" /etc/hosts | grep -v "^#" | awk '{print $1}')
[ -z "$ip" ] && echo "$PUB_IP ${hostname}.pub" | sudo tee -a /etc/hosts 2>/dev/null >/dev/null
ip=$(grep "$PRIV_IP" /etc/hosts | grep -v "^#" | awk '{print $1}')
[ -z "$ip" ] && echo "$PRIV_IP ${hostname}.priv $hostname" | sudo tee -a /etc/hosts 2>/dev/null >/dev/null
if [ "$hostname" != "$(cat /etc/hostname)" ] ; then
echo "$hostname" | sudo tee /etc/hostname 2>/dev/null >/dev/null
sudo hostname "$hostname"
fi
}
[ -r "./env-os" ] && . ./env-os
# Update and add packages to installation
[ -z "$1" ] || [ "$1" == "os" ] && _update_os
[ -z "$1" ] || [ "$1" == "ssh_keys" ] && _ssh_keys
[ -z "$1" ] || [ "$1" == "resolution" ] && _check_resolution
[ -z "$1" ] || [ "$1" == "user" ] && _create_user

28
taskservs/os/controlpanel/prepare Executable file
View file

@ -0,0 +1,28 @@
#!/usr/bin/env nu
# Info: Prepare for os/basecamp installation
# Author: JesusPerezLorenzo
# Release: 1.0.2
# Date: 19-11-2023
use lib_provisioning/cmd/env.nu *
use lib_provisioning/cmd/lib.nu *
use lib_provisioning/utils/ui.nu *
print $"(_ansi green_bold)OS(_ansi reset) with ($env.PROVISIONING_VARS) "
let defs = load_defs
#sops_cmd "decrypt" /wuwei/repo-cnz/klab/basecamp/.keys.k | save --force /tmp/ky.k
let ssh_keys = ($defs.taskserv.ssh_keys | str replace "~" $env.HOME | str trim)
if $ssh_keys != "" {
let target_path = $env.PROVISIONING_WK_ENV_PATH
^mkdir -p $"($target_path)/.ssh"
for key in ($ssh_keys | split row " ") {
log_debug $"on ($key)"
if ($key | path exists) { cp $key $"($target_path)/.ssh" }
if ($"($key).pub" | path exists) { cp $"($key).pub" $"($target_path)/.ssh" }
}
}

30
taskservs/os/default/install-os.sh Executable file
View file

@ -0,0 +1,30 @@
#!/bin/bash
# Info: Script to install OS packages
# Author: JesusPerezLorenzo
# Release: 1.0
# Date: 30-10-2023
USAGE="install-os.sh "
[ "$1" == "-h" ] && echo "$USAGE" && exit 1
function _update_os {
chmod 1777 /tmp
echo 'debconf debconf/frontend select Noninteractive' | sudo debconf-set-selections
local codename=$(grep VERSION_CODENAME /etc/os-release | cut -f2 -d"=" )
if [ "$codename" == "bookworm" ] ; then
echo "APT::Get::Update::SourceListWarnings::NonFreeFirmware \"false\";" | sudo tee '/etc/apt/apt.conf.d/no-bookworm-firmware.conf'
fi
DEBIAN_FRONTEND=noninteractive sudo apt-get update
DEBIAN_FRONTEND=noninteractive sudo apt-get upgrade -y
DEBIAN_FRONTEND=noninteractive sudo apt-get -y -qq install sudo curl wget git jq dialog apt-utils gnupg \
network-manager \
nfs-common sysstat sshfs \
netcat-traditional iputils-ping \
apt-transport-https ca-certificates \
software-properties-common
DEBIAN_FRONTEND=noninteractive sudo apt autoremove -y
}
[ -r "./env-os" ] && . ./env-os
# Update and add packages to installation
_update_os

13
taskservs/os/worker/devadm-home/.bash_aliases Normal file
View file

@ -0,0 +1,13 @@
KLUSTER=${KLUSTER:-/kluster}
[ -r "$KLUSTER/bin/bash_aliases" ] && . $KLUSTER/bin/bash_aliases
alias k="kubectl"
alias kgn="kubectl get nodes"
alias kgpa="kubectl get pods --all-namespaces "
alias kgpaw="kubectl get pods --all-namespaces -o wide "
alias kgpaw="watch -n 2 kubectl get pods --all-namespaces -o wide "
alias kpkill="kubectl delete pod --grace-period=0 --force "
alias kpexec="kubectl exec -it "
alias kjournal='sudo journalctl -xeu kubelet'

99
taskservs/os/worker/devadm-home/.bashrc Normal file
View file

@ -0,0 +1,99 @@
# ~/.bashrc: executed by bash(1) for non-login shells.
# see /usr/share/doc/bash/examples/startup-files (in the package bash-doc)
# for examples
# If not running interactively, don't do anything
[ -z "$PS1" ] && return
# don't put duplicate lines in the history. See bash(1) for more options
# ... or force ignoredups and ignorespace
HISTCONTROL=ignoredups:ignorespace
# append to the history file, don't overwrite it
shopt -s histappend
# for setting history length see HISTSIZE and HISTFILESIZE in bash(1)
HISTSIZE=1000
HISTFILESIZE=2000
# check the window size after each command and, if necessary,
# update the values of LINES and COLUMNS.
shopt -s checkwinsize
# make less more friendly for non-text input files, see lesspipe(1)
[ -x /usr/bin/lesspipe ] && eval "$(SHELL=/bin/sh lesspipe)"
# set variable identifying the chroot you work in (used in the prompt below)
if [ -z "$debian_chroot" ] && [ -r /etc/debian_chroot ]; then
debian_chroot=$(cat /etc/debian_chroot)
fi
# set a fancy prompt (non-color, unless we know we "want" color)
case "$TERM" in
xterm-color) color_prompt=yes;;
esac
# uncomment for a colored prompt, if the terminal has the capability; turned
# off by default to not distract the user: the focus in a terminal window
# should be on the output of commands, not on the prompt
#force_color_prompt=yes
if [ -n "$force_color_prompt" ]; then
if [ -x /usr/bin/tput ] && tput setaf 1 >&/dev/null; then
# We have color support; assume it's compliant with Ecma-48
# (ISO/IEC-6429). (Lack of such support is extremely rare, and such
# a case would tend to support setf rather than setaf.)
color_prompt=yes
else
color_prompt=
fi
fi
if [ "$color_prompt" = yes ]; then
PS1='${debian_chroot:+($debian_chroot)}\[\033[01;32m\]\u@\h\[\033[00m\]:\[\033[01;34m\]\w\[\033[00m\]\$ '
else
PS1='${debian_chroot:+($debian_chroot)}\u@\h:\w\$ '
fi
unset color_prompt force_color_prompt
# If this is an xterm set the title to user@host:dir
case "$TERM" in
xterm*|rxvt*)
PS1="\[\e]0;${debian_chroot:+($debian_chroot)}\u@\h: \w\a\]$PS1"
;;
*)
;;
esac
# enable color support of ls and also add handy aliases
if [ -x /usr/bin/dircolors ]; then
test -r ~/.dircolors && eval "$(dircolors -b ~/.dircolors)" || eval "$(dircolors -b)"
alias ls='ls --color=auto'
#alias dir='dir --color=auto'
#alias vdir='vdir --color=auto'
alias grep='grep --color=auto'
alias fgrep='fgrep --color=auto'
alias egrep='egrep --color=auto'
fi
# some more ls aliases
alias ll='ls -alF'
alias la='ls -A'
alias l='ls -CF'
# Alias definitions.
# You may want to put all your additions into a separate file like
# ~/.bash_aliases, instead of adding them here directly.
# See /usr/share/doc/bash-doc/examples in the bash-doc package.
if [ -f ~/.bash_aliases ]; then
. ~/.bash_aliases
fi
# enable programmable completion features (you don't need to enable
# this, if it's already enabled in /etc/bash.bashrc and /etc/profile
# sources /etc/bash.bashrc).
#if [ -f /etc/bash_completion ] && ! shopt -oq posix; then
# . /etc/bash_completion
#fi

9
taskservs/os/worker/devadm-home/.profile Normal file
View file

@ -0,0 +1,9 @@
# ~/.profile: executed by Bourne-compatible login shells.
if [ "$BASH" ]; then
if [ -f ~/.bashrc ]; then
. ~/.bashrc
fi
fi
mesg n 2> /dev/null || true

21
taskservs/os/worker/env-os.j2 Normal file
View file

@ -0,0 +1,21 @@
{%- if taskserv.name == "os" %}
HOSTNAME="{{server.hostname}}"
{% if server.ip_addresses.pub %}
PUB_IP="{{server.ip_addresses.pub}}"
{% else %}
PUB_IP=""
{% endif %}
{% if server.ip_addresses.priv %}
PRIV_IP="{{server.ip_addresses.priv}}"
{% else %}
PRIV_IP=""
{% endif %}
DEV_USER="{{taskserv.admin_user}}"
DEV_USER_HOME="/home/{{taskserv.admin_user}}"
DEVS_USER_GROUP="{{taskserv.admin_group}}"
SOURCE_USER_PATH="{{taskserv.src_user_path}}"
INSTALLER_USER={{server.installer_user}}
{% if taskserv.ssh_keys %}
SSH_KEYS="{{taskserv.ssh_keys}}"
{% endif %}
{%- endif %}

111
taskservs/os/worker/install-os.sh Executable file
View file

@ -0,0 +1,111 @@
#!/bin/bash
# Info: Script to install OS packages
# Author: JesusPerezLorenzo
# Release: 1.0
# Date: 30-10-2023
USAGE="install-os.sh will-install-all-no-arguments | os | user | resolution | tools"
[ "$1" == "-h" ] && echo "$USAGE" && exit 1
_update_os() {
echo 'debconf debconf/frontend select Noninteractive' | sudo debconf-set-selections
local codename=$(grep VERSION_CODENAME /etc/os-release | cut -f2 -d"=" )
if [ "$codename" == "bookworm" ] ; then
su -c 'echo "APT::Get::Update::SourceListWarnings::NonFreeFirmware \"false\";" > /etc/apt/apt.conf.d/no-bookworm-firmware.conf'
fi
sudo DEBIAN_FRONTEND=noninteractive apt-get update
sudo DEBIAN_FRONTEND=noninteractive apt-get upgrade -y
sudo DEBIAN_FRONTEND=noninteractive apt-get -y -qq install sudo curl wget git jq dialog apt-utils gnupg \
network-manager \
nfs-common sysstat sshfs \
netcat-traditional iputils-ping \
apt-transport-https ca-certificates \
software-properties-common ntp ntpdate
sudo DEBIAN_FRONTEND=noninteractive apt autoremove -y
}
_ssh_keys() {
local key_file
if [ -n "$SSH_KEYS" ] && [ -d ".ssh" ]; then
for key in $SSH_KEYS
do
key_file=$(basename "$key")
if [ ! -r "$HOME/.ssh/$key_file" ] && [ -r ".ssh/$key_file" ] ; then
cp ".ssh/$key_file" ".ssh/$key_file.pub" "$HOME/.ssh"
if ! grep -q "$(cat ".ssh/$key_file.pub")" "$HOME/.ssh/authorized_keys" ; then
cat ".ssh/$key_file.pub" >> "$HOME/.ssh/authorized_keys"
fi
fi
done
fi
}
_create_user() {
local has_user
sudo chmod 1777 /tmp
[ -z "${DEV_USER}" ] && return
has_user=$(sudo grep "${DEV_USER}" /etc/passwd)
[ -z "$DEV_USER" ] && return 1
if [ -z "$has_user" ] ; then
sudo adduser \
--system \
--shell "/bin/bash" \
--gecos "$DEV_USER user" \
--group \
--disabled-password \
--home "$DEV_USER_HOME" \
"${DEV_USER}"
else
echo "User $DEV_USER already exists"
return
fi
if [ -n "$DEV_USER_HOME" ] ; then
[ ! -d "$DEV_USER_HOME" ] && sudo mkdir -p "$DEV_USER_HOME"
if [ -z "$(sudo ls "$DEV_USER_HOME"/.profile 2>/dev/null)" ] ; then
[ -r "$SOURCE_USER_PATH/.profile" ] && sudo cp -pvr "$SOURCE_USER_PATH"/.profile "$DEV_USER_HOME"
fi
if [ -z "$(sudo ls "$DEV_USER_HOME"/.bashrc 2>/dev/null)" ] ; then
[ -r "$SOURCE_USER_PATH/.bashrc" ] && sudo cp -pvr "$SOURCE_USER_PATH"/.bashrc "$DEV_USER_HOME"
fi
if [ -z "$(sudo ls "$DEV_USER_HOME"/.bash_aliases 2>/dev/null)" ] ; then
[ -r "$SOURCE_USER_PATH/.bash_aliases" ] && sudo cp -pvr "$SOURCE_USER_PATH"/.bash_aliases "$DEV_USER_HOME"
fi
if [ -z "$(sudo ls "$DEV_USER_HOME"/.ssh 2>/dev/null)" ] && [ -r "$SOURCE_USER_PATH/.ssh" ] ; then
sudo cp -pvr "$SOURCE_USER_PATH"/.ssh "$DEV_USER_HOME"
elif [ ! -d "$DEV_USER_HOME/.ssh" ] ; then
mkdir -p "$DEV_USER_HOME/.ssh"
fi
while IFS= read -r line
do
if ! grep -q "$line" "$DEV_USER_HOME"/.ssh/authorized_keys 2>/dev/null ; then
echo "$line" | sudo tee -a "$DEV_USER_HOME"/.ssh/authorized_keys >/dev/null
fi
done < "$HOME/.ssh/authorized_keys"
sudo chown -R "$DEV_USER":"$DEV_USER_GROUP" "$DEV_USER_HOME"
fi
if [ ! -r "/etc/sudoers.d/$DEV_USER" ] ; then
echo "$DEV_USER ALL=(ALL:ALL) NOPASSWD: ALL" | sudo tee -a /etc/sudoers.d/"$DEV_USER"
fi
sudo rm -r "$SOURCE_USER_PATH"
# sudo sed -i "$ a AllowUsers $DEV_USER" /etc/ssh/sshd_config
}
_check_resolution() {
local hostname=""
hostname=$HOSTNAME
local ip=""
ip=$(grep "$hostname" /etc/hosts | grep -v "^#" | awk '{print $1}')
[ -n "$ip" ] && [ "$ip" == "127.0.1.1" ] && sudo sed -i /^"$ip"/d /etc/hosts 2>/dev/null
ip=$(grep "$PUB_IP" /etc/hosts | grep -v "^#" | awk '{print $1}')
[ -z "$ip" ] && echo "$PUB_IP ${hostname}.pub" | sudo tee -a /etc/hosts 2>/dev/null >/dev/null
ip=$(grep "$PRIV_IP" /etc/hosts | grep -v "^#" | awk '{print $1}')
[ -z "$ip" ] && echo "$PRIV_IP ${hostname}.priv $hostname" | sudo tee -a /etc/hosts 2>/dev/null >/dev/null
if [ "$hostname" != "$(cat /etc/hostname)" ] ; then
echo "$hostname" | sudo tee /etc/hostname 2>/dev/null >/dev/null
sudo hostname "$hostname"
fi
}
[ -r "./env-os" ] && . ./env-os
# Update and add packages to installation
[ -z "$1" ] || [ "$1" == "os" ] && _update_os
[ -z "$1" ] || [ "$1" == "ssh_keys" ] && _ssh_keys
[ -z "$1" ] || [ "$1" == "resolution" ] && _check_resolution
[ -z "$1" ] || [ "$1" == "user" ] && _create_user