chore: add current provisioning state before migration

2025-09-22 23:11:41 +01:00 · 2025-09-22 23:11:41 +01:00 · 50745b0f22
commit 50745b0f22
parent a9703b4748
660 changed files with 88126 additions and 0 deletions
--- a/taskservs/webhook/default/.scrt
+++ b/taskservs/webhook/default/.scrt
@ -0,0 +1 @@
+QSBqb3VybmV5IG9mIGEgdGhvdXNhbmQgbWlsZXMgYmVnaW5zIHdpdGggYSBzaW5nbGUgc3RlcAo=
--- a/taskservs/webhook/default/env-provisioning.j2
+++ b/taskservs/webhook/default/env-provisioning.j2
@ -0,0 +1,2 @@
+export PROVIISONING_KLOUD="{{taskserv.provisioning_kloud}}"
+export AWS_PROFILE="{{taskserv.aws_profile}}"
--- a/taskservs/webhook/default/env-webhook.j2
+++ b/taskservs/webhook/default/env-webhook.j2
@ -0,0 +1,14 @@
+WEBHOOK_CONF="{{taskserv.webhook_conf}}"
+WEBHOOK_USER="{{taskserv.webhook_user}}"
+WEBHOOK_GROUP="{{taskserv.webhook_group}}"
+WEBHOOK_HOME="{{taskserv.webhook_home}}"
+WEBHOOK_LOG_PATH="{{taskserv.webhook_logs_path}}"
+WEBHOOK_VERSION="{{taskserv.webhook_version}}"
+REPO_USERNAME="{{taskserv.repo_username}}"
+REPO_SSH_KEY="{{taskserv.repo_ssh_key}}"
+SOURCE_USER_PATH="home"
+{% if seserver.installer_user %}
+INSTALLER_USER={{server.installer_user}}
+{% else %}
+INSTALLER_USER=root
+{% endif %}
--- a/taskservs/webhook/default/home/env
+++ b/taskservs/webhook/default/home/env
@ -0,0 +1,4 @@
+RUN_WORD="RUN:"
+TIME_OUT=20
+DEVADM_USER=${DEVADM_USER:-devadm}
+WEBHOOK_RUN=${WEBHOOK_RUN:-/usr/local/bin/on_webhook_provisioning}
--- a/taskservs/webhook/default/home/provisioning_hook.sh
+++ b/taskservs/webhook/default/home/provisioning_hook.sh
@ -0,0 +1,30 @@
+#!/bin/bash
+
+ROOT_PATH=$(dirname "$0") 
+
+[ -r "$ROOT_PATH/env"] && . "$ROOT_PATH/env" 
+RUN_WORD="${RUN_WORD:-RUN:}"
+TIME_OUT=${TIME_OUT:-20}
+DEVADM_USER=${DEVADM_USER:-devadm}
+WEBHOOK_RUN=${WEBHOOK_RUN:-/usr/local/bin/on_webhook_provisioning}
+
+DATA=$1
+REPO_SSH_URL=$(echo "$1" | jq -r ".repository.ssh_url")
+REPO_FULLNAME=$(echo "$1" | jq -r ".repository.full_name")
+COMMIT_0_MESSAGE=$(echo "$1" | jq -r ".commits[0].message")
+COMMIT_MODIFIED=$(echo "$1" | jq -r ".commits[].modified[]")
+COMMIT_AUTHOR_EMAIL=$(echo "$1" | jq -r ".commits[].author.email")
+RUN_COMMIT_MSG="$(echo $COMMIT_0_MESSAGE | awk -F"RUN:" '{ print $2 } ')"
+
+[ -n "$DEVADM_USER" ] && [ -n "$WEBHOOK_RUN" ] && [ -n "$REPO_SSH_URL" ] && 
+WK_RUN=/tmp/env_webhook_provisioning.$$
+
+echo "
+REPO_SSH_URL=\"$REPO_SSH_URL\"
+REPO_FULLNAME=\"$REPO_FULLNAME\"
+COMMIT_AUTHOR_EMAIL=\"$COMMIT_AUTHOR_EMAIL\"
+RUN_COMMIT_MSG=\"$RUN_COMMIT_MSG\"
+RUN_COMMIT_MODIFIED=\"$COMMIT_MODIFIED\"  
+"> "$WK_RUN"
+
+sudo -u "$DEVADM_USER" "$WEBHOOK_RUN" "$WK_RUN" && rm -f "$WK_RUN"
--- a/taskservs/webhook/default/home/srvc_hook.sh
+++ b/taskservs/webhook/default/home/srvc_hook.sh
--- a/taskservs/webhook/default/hooks.conf.j2
+++ b/taskservs/webhook/default/hooks.conf.j2
@ -0,0 +1,80 @@
+{%- if server %} 
+# 
+# For provisioning Provisioning
+#
+- id: provisioning
+  execute-command: {{taskserv.webhook_home}}/provisioning_hook.sh
+  command-working-directory: {{taskserv.webhook_home}}
+  response-message: I got the webhook payload!
+  response-headers:
+  - name: Access-Control-Allow-Origin
+    value: '*'
+  pass-arguments-to-command:
+  - source: entire-payload
+  pass-environment-to-command:
+  - source: payload
+    name: repository.clone_url
+    envname: REPOSITORY_URL
+  - source: payload
+    name: repository.full_name
+    envname: REPOSITORY_NAME
+  - source: payload
+    name: head_commit.id
+    envname: HEAD_COMMIT_ID
+  - source: payload
+    name: pusher.name
+    envname: PUSHER_NAME
+  - source: payload
+    name: pusher.email
+    envname: PUSHER_EMAIL
+  trigger-rule:
+    and:
+    - match:
+        type: value
+        value: refs/heads/main
+        parameter:
+          source: payload
+          name: ref
+#
+# For services
+#
+- id: service
+  execute-command: {{taskserv.webhook_home}}/srvc_hook.sh
+  command-working-directory: {{taskserv.webhook_home}}
+  response-message: I got the service payload !
+  response-headers:
+  - name: Access-Control-Allow-Origin
+    value: '*'
+  pass-arguments-to-command:
+  - source: entire-payload
+  pass-environment-to-command:
+  - source: payload
+    name: repository.clone_url
+    envname: REPOSITORY_URL
+  - source: payload
+    name: repository.full_name
+    envname: REPOSITORY_NAME
+  - source: payload
+    name: head_commit.id
+    envname: HEAD_COMMIT_ID
+  - source: payload
+    name: pusher.name
+    envname: PUSHER_NAME
+  - source: payload
+    name: pusher.email
+    envname: PUSHER_EMAIL
+  trigger-rule:
+    and:
+    # - match:
+    #     type: value
+    #     value: "SECRET"
+    #     parameter:
+    #       source: playload
+    #       name: secret
+    - match:
+        type: value
+        value: refs/heads/main
+        parameter:
+          source: payload
+          name: ref
+{%- endif %}
--- a/taskservs/webhook/default/install-webhook.sh
+++ b/taskservs/webhook/default/install-webhook.sh
@ -0,0 +1,114 @@
+#!/bin/bash
+# Info: Script to install webhook with provisioning 
+# Author: JesusPerezLorenzo  
+# Release: 1.0 
+# Date: 19-10-2023
+
+USAGE="install-webhook.sh "
+
+[ "$1" == "-h"  ] && echo "$USAGE"  && exit 1
+
+function _create_user() {
+    local has_user
+    sudo chmod 1777 /tmp
+    [ -z "${WEBHOOK_USER}" ] && return
+    has_user=$(sudo grep "${WEBHOOK_USER}" /etc/passwd)
+    if [ -z "$has_user" ] ; then
+      sudo adduser \
+      --system \
+      --shell "/bin/bash" \
+      --gecos "$WEBHOOK_USER user" \
+      --group \
+      --disabled-password \
+      --home "$WEBHOOK_HOME" \
+      "${WEBHOOK_USER}"
+    else
+      echo "User $WEBHOOK_USER already exists"
+      return 
+    fi
+    [ ! -d "$WEBHOOK_HOME" ]  && sudo mkdir -p "$WEBHOOK_HOME"
+    if [ -d "$SOURCE_USER_PATH" ] && [ -r "$SOURCE_USER_PATH/.profile" ] && [ -n "$WEBHOOK_HOME" ] ; then 
+      if [ -z "$(sudo ls "$WEBHOOK_HOME"/.profile 2>/dev/null)" ] ; then
+        [ -r "$SOURCE_USER_PATH/.profile" ] && sudo cp -pvr "$SOURCE_USER_PATH"/.profile "$WEBHOOK_HOME"
+      fi
+      if [ -z "$(sudo ls "$WEBHOOK_HOME"/.bashrc 2>/dev/null)" ] ; then
+        [ -r "$SOURCE_USER_PATH/.bashrc" ] && sudo cp -pvr "$SOURCE_USER_PATH"/.bashrc "$WEBHOOK_HOME"
+      fi
+      if [ -z "$(sudo ls "$WEBHOOK_HOME"/.bash_aliases 2>/dev/null)" ] ; then
+        [ -r "$SOURCE_USER_PATH/.bash_aliases" ] && sudo cp -pvr "$SOURCE_USER_PATH"/.bash_aliases "$WEBHOOK_HOME"
+      fi
+      if [ -z "$(sudo ls "$WEBHOOK_HOME"/.ssh 2>/dev/null)" ] && [ -r "$SOURCE_USER_PATH/.ssh" ] ; then
+        sudo cp -pvr "$SOURCE_USER_PATH"/.ssh "$WEBHOOK_HOME"
+        [ -r "/home/$INSTALLER_USER/.ssh/authorized_keys" ] && cat "/home/$INSTALLER_USER/.ssh/authorized_keys" | sudo tee -a "$WEBHOOK_HOME/.ssh/authorized_keys"> /dev/null
+      elif [ ! -d "$WEBHOOK_HOME/.ssh" ] ; then
+        sudo mkdir -p "$WEBHOOK_HOME/.ssh" 
+        [ -r "/home/$INSTALLER_USER/.ssh/authorized_keys" ] && cat "/home/$INSTALLER_USER/.ssh/authorized_keys" | sudo tee -a "$WEBHOOK_HOME/.ssh/authorized_keys"> /dev/null
+      fi
+      sudo cp -pr "$SOURCE_USER_PATH"/* "$WEBHOOK_HOME"
+      sudo chown -R "$WEBHOOK_USER":"$WEBHOOK_USER_GROUP" "$WEBHOOK_HOME"
+    fi
+    if [ ! -r "/etc/sudoers.d/$WEBHOOK_USER" ] ; then
+      echo "$WEBHOOK_USER  ALL=(ALL:ALL) NOPASSWD: ALL" | sudo tee -a /etc/sudoers.d/"$WEBHOOK_USER"
+    fi
+    sudo rm -r "$SOURCE_USER_PATH"
+}
+function _download_webhook {
+  local has_webhook
+  local webhook_version
+  local num_version
+  local expected_version_num
+  OS="$(uname | tr '[:upper:]' '[:lower:]')" 
+  ARCH="$(uname -m | sed -e 's/x86_64/amd64/' -e 's/\(arm\)\(64\)\?.*/\1\2/' -e 's/aarch64$/arm64/')" 
+
+  if [ -n "$WEBHOOK_VERSION" ]  ; then 
+    has_webhook=$(type -P webhook)
+    num_version=""
+    [ -n "$has_webhook" ] && webhook_version=$(webhook -version | cut -f3 -d" ") && num_version=${webhook_version//\./}
+    expected_version_num=${WEBHOOK_VERSION//\./}
+    if [ -z "$CHECK_ONLY" ] && [ -z "$num_version" ] || [ "$num_version" -lt "$expected_version_num" ] ; then 
+      curl -fsSLO "https://github.com/adnanh/webhook/releases/download/$WEBHOOK_VERSION/webhook-${OS}-${ARCH}.tar.gz"
+        tar xzf "webhook-${OS}-${ARCH}.tar.gz" &&
+        sudo mv "webhook-${OS}-${ARCH}/webhook" /usr/local/bin/webhook &&
+        rm -rf "webhook-${OS}-${ARCH}.tar.gz" "webhook-${OS}-${ARCH}" &&
+        echo "webhook installed "
+    elif [ -n "$CHECK_ONLY" ] ; then
+      printf "%s\t%s\t%s\n" "webhook" "$webhook_version" "expected $WEBHOOK_VERSION"
+    else
+      printf "%s\t%s\n" "webhook" "already $WEBHOOK_VERSION"
+    fi
+  fi
+}
+function _copy_files {
+  [ ! -r "hooks.conf" ] && echo "No hooks.conf found to create service" && exit 1
+  [ ! -d "/etc/webhook" ] && sudo  mkdir -p /etc/webhook
+  sudo cp hooks.conf /etc/webhook/"$WEBHOOK_CONF"
+  [ -r ".scrt" ] && sudo cp .scrt /etc/webhook
+  sudo chown -R "$WEBHOOK_USER":"$WEBHOOK_USER_GROUP" /etc/webhook
+  [ -n "$WEBHOOK_LOG_PATH" ] && [ ! -r "$WEBHOOK_LOG_PATH" ] && sudo touch "$WEBHOOK_LOG_PATH" && sudo chown "$WEBHOOK_USER":"$WEBHOOK_USER_GROUP"  "$WEBHOOK_LOG_PATH"
+  if [ -n "$REPO_USERNAME" ] ; then 
+    local repo_user_home 
+    repo_user_home=$(grep "^$REPO_USERNAME" /etc/passwd | cut -f6 -d":")
+    if [ -d "$repo_user_home/.profile" ] ; then 
+      [ -d "$repo_user_home" ] && [ -r "ssh_config" ] && sudo cp ssh_config "$repo_user_home"/.ssh/config && sudo chown "$REPO_USERNAME" "$repo_user_home"/.ssh/config
+      if [  -n "$REPO_SSH_KEY" ] && [ -d  ".ssh" ] && [ ! -r "$repo_user_home/.ssh/$(basename "$REPO_SSH_KEY").pub" ] ;then
+        sudo cp .ssh/* "$repo_user_home/.ssh" 
+        sudo chown "$REPO_USERNAME" "$repo_user_home"/.ssh/*
+      fi
+    fi
+  fi
+  [ -r "on_webhook_provisioning" ] && sudo cp on_webhook_provisioning /usr/local/bin
+} 
+function _create_service {
+  [ ! -r "webhook.service" ] && echo "No webhook.service found to create service" && exit 1
+  #[ -r "/lib/systemd/system/webhook.service" ]  && return 
+  sudo cp webhook.service /lib/systemd/system/webhook.service >/dev/null 2>&1
+  sudo systemctl daemon-reload >/dev/null 2>&1
+  sudo systemctl enable webhook.service >/dev/null 2>&1
+  sudo systemctl restart webhook.service >/dev/null 2>&1
+}
+
+[ -r "./env-webhook"  ] && . ./env-webhook
+_create_user
+_download_webhook
+_copy_files
+_create_service
--- a/taskservs/webhook/default/on_webhook_provisioning
+++ b/taskservs/webhook/default/on_webhook_provisioning
@ -0,0 +1,88 @@
+#!/bin/bash
+# Info: Script to run provisioning (Provisioning) from a webhook call 
+# Author: JesusPerezLorenzo 
+# Release: 1.0.2
+# Date: 19-11-2023
+#
+USAGE="on_webhook_provisioning env-fils"
+
+[ "$1" == "-h"  ] && echo "$USAGE" && exit
+[ "$1" == "-i" ] || [ "$2"  == "-i" ] && echo "$(basename "$0") $(grep "^# Info:" "$0" | sed "s/# Info: //g") " && exit
+[ "$1" == "-v" ] || [ "$2"  == "-v" ] && grep "^# Release:" "$0" | sed "s/# Release: //g" && exit
+
+set -x
+
+set +o errexit
+set +o pipefail
+
+ROOT_PATH=$(dirname "$0") 
+
+[ -z "$1" ] && echo "No env path found to load settings" && exit 1
+
+.  "$1" 
+[ -r "$HOME/env-provisioning" ]  && .  "$HOME/env-provisioning" 
+
+
+PROVISIONING_CMD=$(type -P provisioning) 
+
+[ -z  "$PROVISIONING_CMD" ] && echo "provisioning command not found" && exit 1 
+
+PROVIISONING_KLOUD=${PROVIISONING_KLOUD:-$HOME/kloud}
+
+ORG=$(pwd)
+
+[ -z "$REPO_SSH_URL" ] && echo "No REPO_SSH_URL found" && exit 1
+[ -z "$REPO_FULLNAME" ] && echo "No REPO_FULLNAME found" && exit 1
+
+REPO_DIR=$(dirname "$REPO_FULLNAME")
+REPO_NAME=$(basename "$REPO_FULLNAME")
+[ -z "$REPO_DIR" ] && [ -z "$REPO_NAME "]  && echo "Error REPO_FULLNAME"  && exit 1
+
+[ ! -d "$PROVIISONING_KLOUD/$REPO_DIRNAME" ] && mkdir -p "$PROVIISONING_KLOUD/$REPO_DIRNAME" 
+
+cd  "$PROVIISONING_KLOUD/$REPO_DIRNAME" 
+
+if [ ! -d "$REPO_NAME" ] ; then
+	if ! git clone --recurse-submodules "$REPO_SSH_URL" ; then 
+	  echo "Error clone $REPO_SSH_URL"
+	  exit 1
+	fi
+	cd "$REPO_NAME"
+else
+	cd "$REPO_NAME"
+	git pull 2>/dev/null
+fi
+
+[ -z "$RUN_COMMIT_MSG" ] && exit 0 
+
+[ -r "./env-provisioning" ] && . "./env-provisioning"
+
+WK_LOG_RUN=/tmp/on_provisioning_log.$$
+WK_ERR_RUN=/tmp/on_provisioning_err.$$
+
+# Check if AI webhook processing is enabled and message should be processed by AI
+if [ -n "$WEBHOOK_AI_ENABLED" ] && [ "$WEBHOOK_AI_ENABLED" = "true" ] && [ -n "$WEBHOOK_MESSAGE" ]; then
+    # Process webhook message with AI first
+    AI_RESULT=$(nu -c "
+        use core/nulib/lib_provisioning/webhook/ai_webhook.nu test_webhook
+        test_webhook '$WEBHOOK_MESSAGE' --platform '${WEBHOOK_PLATFORM:-generic}' --user '${WEBHOOK_USER:-webhook}' --channel '${WEBHOOK_CHANNEL:-webhook}'
+    " 2>/dev/null)
+    
+    if [ $? -eq 0 ]; then
+        echo "AI processed webhook message: $WEBHOOK_MESSAGE" >> "$WK_LOG_RUN"
+        echo "AI result: $AI_RESULT" >> "$WK_LOG_RUN"
+    fi
+fi
+
+$PROVISIONING_CMD $RUN_COMMIT_MSG >"$WK_LOG_RUN" 2>"$WK_ERR_RUN"
+
+mv "$WK_LOG_RUN" run.log 
+mv "$WK_ERR_RUN" error.log 
+
+git add *
+git commit -m "chore: running form on_webhook_provisioning: \"$RUN_COMMIT_MSG\""
+
+if ! git push ; then 
+	echo "Error push  $REPO_SSH_URL"
+	exit 1
+fi
--- a/taskservs/webhook/default/prepare
+++ b/taskservs/webhook/default/prepare
@ -0,0 +1,28 @@
+#!/usr/bin/env nu 
+# Info: Prepare for webhook installation
+# Author: JesusPerezLorenzo 
+# Release: 1.0.2
+# Date: 19-11-2023
+
+use lib_provisioning/cmd/env.nu * 
+use lib_provisioning/cmd/lib.nu *
+
+use lib_provisioning/utils/ui.nu *
+
+print $"(_ansi green_bold)Webhoo(_ansi reset) with ($env.PROVISIONING_VARS) " 
+
+let defs = load_defs
+
+#sops_cmd "decrypt" /wuwei/repo-cnz/klab/basecamp/.keys.k  | save --force /tmp/ky.k
+
+let ssh_keys = ($defs.taskserv.repo_ssh_key | str replace "~" $env.HOME | str trim)
+
+if $ssh_keys != "" { 
+   let target_path = $env.PROVISIONING_WK_ENV_PATH
+   ^mkdir -p $"($target_path)/.ssh"
+   for key in ($ssh_keys | split row " ") { 
+     log_debug $"on ($key)"
+     if ($key | path exists) { cp $key $"($target_path)/.ssh" } 
+     if ($"($key).pub" | path exists) { cp $"($key).pub" $"($target_path)/.ssh" }
+   }
+}
--- a/taskservs/webhook/default/ssh_config.j2
+++ b/taskservs/webhook/default/ssh_config.j2
@ -0,0 +1,8 @@
+Host {{taskserv.repo_hostname}}
+  User git
+  HostName {{taskserv.repo_hostname}}
+  IdentityFile {{taskserv.repo_ssh_key}}
+  ServerAliveInterval 240
+  StrictHostKeyChecking no
+  UserKnownHostsFile=/dev/null
+  Port {{taskserv.repo_ssh_port}}
--- a/taskservs/webhook/default/webhook.service.j2
+++ b/taskservs/webhook/default/webhook.service.j2
@ -0,0 +1,25 @@
+{%- if server %} 
+[Unit]
+Description=Small server for creating HTTP endpoints (hooks)
+Documentation=https://github.com/adnanh/webhook/
+ConditionPathExists=/etc/webhook
+
+[Service]
+RestartSec=2s
+Type=simple
+User={{taskserv.webhook_user}}
+Group={{taskserv.webhook_group}}
+WorkingDirectory={{taskserv.webhook_home}}
+Restart=always
+Environment=USER={{taskserv.webhook_user}} HOME={{taskserv.webhook_home}}
+{% if taskserv.webhook_ip == "$network_private_ip" and server.ip_addresses.priv %}
+ExecStart=/usr/local/bin/webhook -nopanic -hooks /etc/webhook/{{taskserv.webhook_conf}} -ip {{server.ip_addresses.priv}} -port {{taskserv.webhook_port}} -logfile {{taskserv.webhook_logs_path}}   -verbose   -urlprefix hooks 
+{% elif taskserv.webhook_ip == "$network_public_ip" and server.ip_addresses.pub %}
+ExecStart=/usr/local/bin/webhook -nopanic -hooks /etc/webhook/{{taskserv.webhook_conf}} -ip {{server.ip_addresses.pub}} -port {{taskserv.webhook_port}} -logfile {{taskserv.webhook_logs_path}}   -verbose   -urlprefix hooks 
+{% else %}
+ExecStart=/usr/local/bin/webhook -nopanic -hooks /etc/webhook/{{taskserv.webhook_conf}} -ip {{taskserv.webhook.ip}} -port {{taskserv.webhook_port}} -logfile {{taskserv.webhook_logs_path}}   -verbose   -urlprefix hooks 
+{% endif %}
+
+[Install]
+WantedBy=multi-user.target
+{%- endif %}
				`@ -0,0 +1 @@`
				`QSBqb3VybmV5IG9mIGEgdGhvdXNhbmQgbWlsZXMgYmVnaW5zIHdpdGggYSBzaW5nbGUgc3RlcAo=`