_ops: setup awwan-play

The _ops/awwan-play is the seed for the awwan playground that will
be live on "play.awwan.org" later.

The image name is awwan-play, to allow us to serve play.awwan.local
on local proxy and test it without port number.

It use the _play directory as workspace.

References: https://todo.sr.ht/~shulhan/awwan/4

28 files changed, 460 insertions, 1 deletions

diff --git a/Makefile b/Makefile
index bfe9447..677bcc4 100644
--- a/Makefile
+++ b/Makefile
@@ -28,7 +28,7 @@ embed:
 
 .PHONY: build
 build: embed
-	go build ./cmd/awwan
+	go build -o _bin/awwan ./cmd/awwan
 
 .PHONY: install
 install: lint-www lint embed
@@ -159,3 +159,24 @@ release-sync-local:
 release-tip-local: embed build-all-amd64 build-all-arm64 release-sync-local
 
 #}}}
+#{{{ Tasks for play.awwan.org.
+
+## Build the play.awwan.org container in local.
+
+.PHONY: build-awwan-play
+build-awwan-play:
+	@echo ">>> Stopping container ..."
+	-sudo machinectl stop awwan-play
+
+	@echo ">>> Creating binding ..."
+	## We need to bind src/_bin and src/_play into container.
+	mkdir -p /data/awwan/
+	ln -sTf $$(pwd) /data/awwan/src
+
+	@echo ">>> Building container ..."
+	sudo mkosi --directory=_ops/awwan-play --force build
+
+	sudo machinectl --force import-tar /data/awwan/awwan-play.tar
+	sudo machinectl start awwan-play
+
+#}}}
diff --git a/_ops/awwan-play/mkosi.conf b/_ops/awwan-play/mkosi.conf
new file mode 100644
index 0000000..11a9dc7
--- /dev/null
+++ b/_ops/awwan-play/mkosi.conf
@@ -0,0 +1,12 @@
+[Output]
+CacheDirectory=../mkosi.cache/
+Format=tar
+Output=awwan-play
+OutputDirectory=/data/awwan/
+
+[Content]
+Bootable=no
+CleanPackageMetadata=false
+
+[Host]
+Incremental=yes
diff --git a/_ops/awwan-play/mkosi.conf.d/archlinux.conf b/_ops/awwan-play/mkosi.conf.d/archlinux.conf
new file mode 100644
index 0000000..34add3f
--- /dev/null
+++ b/_ops/awwan-play/mkosi.conf.d/archlinux.conf
@@ -0,0 +1,12 @@
+[Match]
+Distribution=arch
+
+[Content]
+SkeletonTrees=/var/lib/pacman/sync:/var/lib/pacman/sync
+Packages=
+    systemd
+    bash
+    shadow
+    sudo
+    openssh
+    ca-certificates
diff --git a/_ops/awwan-play/mkosi.extra/etc/ssh/ssh_host_ecdsa_key b/_ops/awwan-play/mkosi.extra/etc/ssh/ssh_host_ecdsa_key
new file mode 100644
index 0000000..4c84aa4
--- /dev/null
+++ b/_ops/awwan-play/mkosi.extra/etc/ssh/ssh_host_ecdsa_key
@@ -0,0 +1,9 @@
+-----BEGIN OPENSSH PRIVATE KEY-----
+b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAaAAAABNlY2RzYS
+1zaGEyLW5pc3RwMjU2AAAACG5pc3RwMjU2AAAAQQT7S60hruhfa16IQnYc37bJDHKBgRDH
+I26Du3CoMLRGDRZFmFFHdZ7r8v5tLsgEL6XvyOLZiUw1w2vAhONc4E2DAAAAqIaKFjWGih
+Y1AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBPtLrSGu6F9rXohC
+dhzftskMcoGBEMcjboO7cKgwtEYNFkWYUUd1nuvy/m0uyAQvpe/I4tmJTDXDa8CE41zgTY
+MAAAAhAP84kEfvH5BsCNq+N+5R5NZxfIyzm+Utyq/cE3kQLBDLAAAAD3Jvb3RAYXd3YW4t
+dGVzdA==
+-----END OPENSSH PRIVATE KEY-----
diff --git a/_ops/awwan-play/mkosi.extra/etc/ssh/ssh_host_ecdsa_key.pub b/_ops/awwan-play/mkosi.extra/etc/ssh/ssh_host_ecdsa_key.pub
new file mode 100644
index 0000000..268f2e6
--- /dev/null
+++ b/_ops/awwan-play/mkosi.extra/etc/ssh/ssh_host_ecdsa_key.pub
@@ -0,0 +1 @@
+ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBPtLrSGu6F9rXohCdhzftskMcoGBEMcjboO7cKgwtEYNFkWYUUd1nuvy/m0uyAQvpe/I4tmJTDXDa8CE41zgTYM= root@awwan-test
diff --git a/_ops/awwan-play/mkosi.extra/etc/ssh/ssh_host_ed25519_key b/_ops/awwan-play/mkosi.extra/etc/ssh/ssh_host_ed25519_key
new file mode 100644
index 0000000..5613dbc
--- /dev/null
+++ b/_ops/awwan-play/mkosi.extra/etc/ssh/ssh_host_ed25519_key
@@ -0,0 +1,7 @@
+-----BEGIN OPENSSH PRIVATE KEY-----
+b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW
+QyNTUxOQAAACBsXuBVZwXij+tW08TqrDJ7ZAgb45M5NK2RS99pfZeNEAAAAJiq/vlwqv75
+cAAAAAtzc2gtZWQyNTUxOQAAACBsXuBVZwXij+tW08TqrDJ7ZAgb45M5NK2RS99pfZeNEA
+AAAECQJtEe3tM08NBhUIP03r+vDQ7vTkQA0uqF4KbS6Thhamxe4FVnBeKP61bTxOqsMntk
+CBvjkzk0rZFL32l9l40QAAAAD3Jvb3RAYXd3YW4tdGVzdAECAwQFBg==
+-----END OPENSSH PRIVATE KEY-----
diff --git a/_ops/awwan-play/mkosi.extra/etc/ssh/ssh_host_ed25519_key.pub b/_ops/awwan-play/mkosi.extra/etc/ssh/ssh_host_ed25519_key.pub
new file mode 100644
index 0000000..4b588a3
--- /dev/null
+++ b/_ops/awwan-play/mkosi.extra/etc/ssh/ssh_host_ed25519_key.pub
@@ -0,0 +1 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGxe4FVnBeKP61bTxOqsMntkCBvjkzk0rZFL32l9l40Q root@awwan-test
diff --git a/_ops/awwan-play/mkosi.extra/etc/ssh/ssh_host_rsa_key b/_ops/awwan-play/mkosi.extra/etc/ssh/ssh_host_rsa_key
new file mode 100644
index 0000000..3cd073e
--- /dev/null
+++ b/_ops/awwan-play/mkosi.extra/etc/ssh/ssh_host_rsa_key
@@ -0,0 +1,38 @@
+-----BEGIN OPENSSH PRIVATE KEY-----
+b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAABlwAAAAdzc2gtcn
+NhAAAAAwEAAQAAAYEAyQPHy2DJlH/QwMILv10bf1MmHZQJY+dPBCRhRz8UnWLedGqUyZFY
+z33Q4Vkz+jUxLOoO7H5SYeo9iW8wbNoPBg/G7J8yf9nAxn68cRXRmM6C5YE8ZR4HbVMIs0
+htPgHfZVENKeDTXoHTcy3/rxaSTeBOxBpzzPtaBerIlzDA0aucPCOPv22WclD4cKrcoAsz
+yebLVPqS3iiegVdp4a7cJMaG0nn+GcqA2FhWn3XCxC5PklXn57+jJhUCa3Fm0CkUXu5+CL
+5tnDfFILm/Xu7wel5yka6y/n+zUAE7vQspkl2mo2rKUQCk5Yev4UREmfETnnNeSgaWT+jF
+EqxpkhQzst8Glxrrljfxjng6Z8ubixxp7/vZ4BJZI7rDknvH03Zg8IYDr9VcFF4klr62Jg
+6EK7ISqHnXbveQFRRwPkepgav60l5+XIuRPdf+kokbv5tHSZ6smrywEUIYsJNDkMKhT9nl
+ZHpmoz4PqgtP/e1eRoXZj9++8fJQa2k/twEht9rfAAAFiDtmriw7Zq4sAAAAB3NzaC1yc2
+EAAAGBAMkDx8tgyZR/0MDCC79dG39TJh2UCWPnTwQkYUc/FJ1i3nRqlMmRWM990OFZM/o1
+MSzqDux+UmHqPYlvMGzaDwYPxuyfMn/ZwMZ+vHEV0ZjOguWBPGUeB21TCLNIbT4B32VRDS
+ng016B03Mt/68Wkk3gTsQac8z7WgXqyJcwwNGrnDwjj79tlnJQ+HCq3KALM8nmy1T6kt4o
+noFXaeGu3CTGhtJ5/hnKgNhYVp91wsQuT5JV5+e/oyYVAmtxZtApFF7ufgi+bZw3xSC5v1
+7u8HpecpGusv5/s1ABO70LKZJdpqNqylEApOWHr+FERJnxE55zXkoGlk/oxRKsaZIUM7Lf
+Bpca65Y38Y54OmfLm4scae/72eASWSO6w5J7x9N2YPCGA6/VXBReJJa+tiYOhCuyEqh512
+73kBUUcD5HqYGr+tJeflyLkT3X/pKJG7+bR0merJq8sBFCGLCTQ5DCoU/Z5WR6ZqM+D6oL
+T/3tXkaF2Y/fvvHyUGtpP7cBIbfa3wAAAAMBAAEAAAGAMxcb48wwz+aAl016kOPIRl9K07
++5d0PmKGZatzIIOkxTwAEK2gRwLySKP4xdkp2MZx8CNgeRRsOzakfxZekyYlcGN0PrIOWm
+gozZtmBWSmFKkax8PjMYriepkW+6HEV7kxO7pcY30tBqft7VGppBCzwUqPEUN6g25EQdQZ
+gpmeDlL7/WHFBtKZb83h3/P0o5mnpneazKQV7Pko42Ih9AYrR2te49sC5w+wvQ0Gys2RHw
+NYBSFev2Ooqid8511DhsOmPd25YlzetPxl9pkf5W1uD+QJHOhT2Y6Yx1zkrgX2kfZpWrig
+49FgcAFqBcOpuECGFqeXBW1RlRVgrML0RfgKTeOorjOkjAqUqudjgtFqW8jxgsF7zAzDqp
+HdfFA7EHMwLZ5cqIh2PqrZ9Sip87MGlX5gOoNsRk6LYvxwPXtyB3K5FenlxaZSYibYBeUd
+DWiFIwV2n5SgvSl+t6t0ughvoztl/UqQzmn4BJ5f8eaHVocdSFEagOy30wzji1m/sxAAAA
+wHHzn9Y72W+M8xB+wYsFOY/qtsLoiis6o422MhTDFdVtHjDkuV+uwtgm9Dq3ZDvLlvFrTn
+AgbyQFmqvVOn6SWZtspnZhAYLFfGhzlAHU05asCyx2u0pB6FLZDHEiUc+F22CXs8vRvBU2
+Du9U/ULMdCkP2Bu1PJN/b98DkyfpErtG/EhUmoPR6GR+Ulpdg+c6KcothUi9rEIu83Hmg0
+sG7OeqcBqOtj5jgifARnHmiS4e1eUfIMSjkO5jfWw4xwvZiAAAAMEA9KtDKbEZr9pnGQPA
+2VeuoMnoJ4271UzqufuIE2/uWmXSG3NgBAWnNwcby6cpJdhdnM7u9C7CWFaB3Ay/cGZ64H
+U6k4txA/XgGjW0j8H/cBF7S7a3alhJ6SlkfHiyVhuO5jx5ZyJbN/CyyKgd1H3JfTCPd11/
+eyKINWkX2hDuCs2ha87j68cTbUEZK+1Zs/AMqIZoPFlu34PUDf5wxfGxq8aEFo1NLY9E79
+1X6xE/3l7KrHi2d146XnSTJZaX8YQnAAAAwQDSUvbDwbzMu9RQaxo127pySdCkUIfnli/0
+gS+CUBz7yop5Cssk+oMoFZvptpNkm8xHDotLKh/WMBBaI6JK29UN6n+IKWL6NrYdsmWd5w
+pVjgqN4bXRgydL+UpsJCUJMiQAgwlj8RLQKAG6BDYU1LV2M457hLnI0hHM5wPnyvwnDhSb
+3g8IgVkyxfZT3IpsMtbGZkEOHGyE20pHiOcZGaI/yEboOMKUwAaFgvvVrQmeg+c7mu98e3
+VMececaZKSDokAAAAPcm9vdEBhd3dhbi10ZXN0AQIDBA==
+-----END OPENSSH PRIVATE KEY-----
diff --git a/_ops/awwan-play/mkosi.extra/etc/ssh/ssh_host_rsa_key.pub b/_ops/awwan-play/mkosi.extra/etc/ssh/ssh_host_rsa_key.pub
new file mode 100644
index 0000000..9c58598
--- /dev/null
+++ b/_ops/awwan-play/mkosi.extra/etc/ssh/ssh_host_rsa_key.pub
@@ -0,0 +1 @@
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDJA8fLYMmUf9DAwgu/XRt/UyYdlAlj508EJGFHPxSdYt50apTJkVjPfdDhWTP6NTEs6g7sflJh6j2JbzBs2g8GD8bsnzJ/2cDGfrxxFdGYzoLlgTxlHgdtUwizSG0+Ad9lUQ0p4NNegdNzLf+vFpJN4E7EGnPM+1oF6siXMMDRq5w8I4+/bZZyUPhwqtygCzPJ5stU+pLeKJ6BV2nhrtwkxobSef4ZyoDYWFafdcLELk+SVefnv6MmFQJrcWbQKRRe7n4Ivm2cN8Ugub9e7vB6XnKRrrL+f7NQATu9CymSXaajaspRAKTlh6/hRESZ8ROec15KBpZP6MUSrGmSFDOy3waXGuuWN/GOeDpny5uLHGnv+9ngElkjusOSe8fTdmDwhgOv1VwUXiSWvrYmDoQrshKoeddu95AVFHA+R6mBq/rSXn5ci5E91/6SiRu/m0dJnqyavLARQhiwk0OQwqFP2eVkemajPg+qC0/97V5GhdmP377x8lBraT+3ASG32t8= root@awwan-test
diff --git a/_ops/awwan-play/mkosi.extra/etc/ssh/sshd_config b/_ops/awwan-play/mkosi.extra/etc/ssh/sshd_config
new file mode 100644
index 0000000..2c12987
--- /dev/null
+++ b/_ops/awwan-play/mkosi.extra/etc/ssh/sshd_config
@@ -0,0 +1,117 @@
+# Include drop-in configurations
+Include /etc/ssh/sshd_config.d/*.conf
+
+# This is the sshd server system-wide configuration file.  See
+# sshd_config(5) for more information.
+
+# This sshd was compiled with PATH=/usr/local/sbin:/usr/local/bin:/usr/bin
+
+# The strategy used for options in the default sshd_config shipped with
+# OpenSSH is to specify options with their default value where
+# possible, but leave them commented.  Uncommented options override the
+# default value.
+
+Port 20022
+AddressFamily inet
+#ListenAddress 0.0.0.0
+#ListenAddress ::
+
+#HostKey /etc/ssh/ssh_host_rsa_key
+#HostKey /etc/ssh/ssh_host_ecdsa_key
+#HostKey /etc/ssh/ssh_host_ed25519_key
+
+# Ciphers and keying
+#RekeyLimit default none
+
+# Logging
+#SyslogFacility AUTH
+#LogLevel INFO
+
+# Authentication:
+
+#LoginGraceTime 2m
+#PermitRootLogin prohibit-password
+#StrictModes yes
+#MaxAuthTries 6
+#MaxSessions 10
+
+#PubkeyAuthentication yes
+
+# The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2
+# but this is overridden so installations will only check .ssh/authorized_keys
+AuthorizedKeysFile	.ssh/authorized_keys
+
+#AuthorizedPrincipalsFile none
+
+#AuthorizedKeysCommand none
+#AuthorizedKeysCommandUser nobody
+
+# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
+#HostbasedAuthentication no
+# Change to yes if you don't trust ~/.ssh/known_hosts for
+# HostbasedAuthentication
+#IgnoreUserKnownHosts no
+# Don't read the user's ~/.rhosts and ~/.shosts files
+#IgnoreRhosts yes
+
+# To disable tunneled clear text passwords, change to no here!
+#PasswordAuthentication yes
+#PermitEmptyPasswords no
+
+# Change to no to disable s/key passwords
+#KbdInteractiveAuthentication yes
+
+# Kerberos options
+#KerberosAuthentication no
+#KerberosOrLocalPasswd yes
+#KerberosTicketCleanup yes
+#KerberosGetAFSToken no
+
+# GSSAPI options
+#GSSAPIAuthentication no
+#GSSAPICleanupCredentials yes
+
+# Set this to 'yes' to enable PAM authentication, account processing,
+# and session processing. If this is enabled, PAM authentication will
+# be allowed through the KbdInteractiveAuthentication and
+# PasswordAuthentication.  Depending on your PAM configuration,
+# PAM authentication via KbdInteractiveAuthentication may bypass
+# the setting of "PermitRootLogin prohibit-password".
+# If you just want the PAM account and session checks to run without
+# PAM authentication, then enable this but set PasswordAuthentication
+# and KbdInteractiveAuthentication to 'no'.
+#UsePAM no
+
+#AllowAgentForwarding yes
+#AllowTcpForwarding yes
+#GatewayPorts no
+#X11Forwarding no
+#X11DisplayOffset 10
+#X11UseLocalhost yes
+#PermitTTY yes
+#PrintMotd yes
+#PrintLastLog yes
+#TCPKeepAlive yes
+#PermitUserEnvironment no
+#Compression delayed
+#ClientAliveInterval 0
+#ClientAliveCountMax 3
+#UseDNS no
+#PidFile /run/sshd.pid
+#MaxStartups 10:30:100
+#PermitTunnel no
+#ChrootDirectory none
+#VersionAddendum none
+
+# no default banner path
+#Banner none
+
+# override default of no subsystems
+Subsystem	sftp	/usr/lib/ssh/sftp-server
+
+# Example of overriding settings on a per-user basis
+#Match User anoncvs
+#	X11Forwarding no
+#	AllowTcpForwarding no
+#	PermitTTY no
+#	ForceCommand cvs server
diff --git a/_ops/awwan-play/mkosi.extra/etc/sudoers.d/awwan b/_ops/awwan-play/mkosi.extra/etc/sudoers.d/awwan
new file mode 100644
index 0000000..7288bf3
--- /dev/null
+++ b/_ops/awwan-play/mkosi.extra/etc/sudoers.d/awwan
@@ -0,0 +1,6 @@
+User_Alias ALLOWED_USER = awwan, awwanssh
+
+Cmnd_Alias ALLOWED_CMD = /usr/bin/cp, /usr/bin/chown, /usr/bin/chmod, \
+  /usr/bin/mv, /usr/bin/rm ^/tmp/[^[:space:]]*$
+
+ALLOWED_USER ALL = NOPASSWD: ALLOWED_CMD
diff --git a/_ops/awwan-play/mkosi.extra/etc/systemd/system/org-awwan-play.path b/_ops/awwan-play/mkosi.extra/etc/systemd/system/org-awwan-play.path
new file mode 100644
index 0000000..523289f
--- /dev/null
+++ b/_ops/awwan-play/mkosi.extra/etc/systemd/system/org-awwan-play.path
@@ -0,0 +1,9 @@
+[Unit]
+Description="Watch /usr/local/bin/awwan"
+
+[Path]
+PathChanged=/usr/local/bin/awwan
+Unit=systemctl-restart@%p.service
+
+[Install]
+WantedBy=multi-user.target
diff --git a/_ops/awwan-play/mkosi.extra/etc/systemd/system/org-awwan-play.service b/_ops/awwan-play/mkosi.extra/etc/systemd/system/org-awwan-play.service
new file mode 100644
index 0000000..1797de0
--- /dev/null
+++ b/_ops/awwan-play/mkosi.extra/etc/systemd/system/org-awwan-play.service
@@ -0,0 +1,14 @@
+[Unit]
+Description=org-awwan-play
+After=network-online.target
+
+[Service]
+User=awwan
+WorkingDirectory=/home/awwan/play
+ExecStart=/usr/local/bin/awwan -address=0.0.0.0:27600 \
+  serve /home/awwan/play
+Restart=always
+RestartSec=5s
+
+[Install]
+WantedBy=default.target
diff --git a/_ops/awwan-play/mkosi.extra/etc/systemd/system/systemctl-restart@.service b/_ops/awwan-play/mkosi.extra/etc/systemd/system/systemctl-restart@.service
new file mode 100644
index 0000000..800316e
--- /dev/null
+++ b/_ops/awwan-play/mkosi.extra/etc/systemd/system/systemctl-restart@.service
@@ -0,0 +1,6 @@
+[Unit]
+Description=systemctl-restart@%i
+
+[Service]
+Type=oneshot
+ExecStart=/bin/systemctl restart %i
diff --git a/_ops/awwan-play/mkosi.extra/home/awwan/.ssh/id_ed25519 b/_ops/awwan-play/mkosi.extra/home/awwan/.ssh/id_ed25519
new file mode 100644
index 0000000..b55b87f
--- /dev/null
+++ b/_ops/awwan-play/mkosi.extra/home/awwan/.ssh/id_ed25519
@@ -0,0 +1,7 @@
+-----BEGIN OPENSSH PRIVATE KEY-----
+b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW
+QyNTUxOQAAACCki7C9UqKewWme1AdJTeS+jzoICL8tSkXUvqLNN/aq+QAAAJgeYYttHmGL
+bQAAAAtzc2gtZWQyNTUxOQAAACCki7C9UqKewWme1AdJTeS+jzoICL8tSkXUvqLNN/aq+Q
+AAAEB1EDYm+eeuejaJJt12dn0ST9VxINRY1v9YslT9cSuEfqSLsL1Sop7BaZ7UB0lN5L6P
+OggIvy1KRdS+os039qr5AAAAEGF3d2FuQGF3d2FuLXRlc3QBAgMEBQ==
+-----END OPENSSH PRIVATE KEY-----
diff --git a/_ops/awwan-play/mkosi.extra/home/awwan/.ssh/id_ed25519.pub b/_ops/awwan-play/mkosi.extra/home/awwan/.ssh/id_ed25519.pub
new file mode 100644
index 0000000..6b83dfd
--- /dev/null
+++ b/_ops/awwan-play/mkosi.extra/home/awwan/.ssh/id_ed25519.pub
@@ -0,0 +1 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKSLsL1Sop7BaZ7UB0lN5L6POggIvy1KRdS+os039qr5 awwan@awwan-test
diff --git a/_ops/awwan-play/mkosi.extra/home/awwan/.ssh/known_hosts b/_ops/awwan-play/mkosi.extra/home/awwan/.ssh/known_hosts
new file mode 100644
index 0000000..5611175
--- /dev/null
+++ b/_ops/awwan-play/mkosi.extra/home/awwan/.ssh/known_hosts
@@ -0,0 +1,3 @@
+[127.0.0.1]:20022 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGxe4FVnBeKP61bTxOqsMntkCBvjkzk0rZFL32l9l40Q
+[127.0.0.1]:20022 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDJA8fLYMmUf9DAwgu/XRt/UyYdlAlj508EJGFHPxSdYt50apTJkVjPfdDhWTP6NTEs6g7sflJh6j2JbzBs2g8GD8bsnzJ/2cDGfrxxFdGYzoLlgTxlHgdtUwizSG0+Ad9lUQ0p4NNegdNzLf+vFpJN4E7EGnPM+1oF6siXMMDRq5w8I4+/bZZyUPhwqtygCzPJ5stU+pLeKJ6BV2nhrtwkxobSef4ZyoDYWFafdcLELk+SVefnv6MmFQJrcWbQKRRe7n4Ivm2cN8Ugub9e7vB6XnKRrrL+f7NQATu9CymSXaajaspRAKTlh6/hRESZ8ROec15KBpZP6MUSrGmSFDOy3waXGuuWN/GOeDpny5uLHGnv+9ngElkjusOSe8fTdmDwhgOv1VwUXiSWvrYmDoQrshKoeddu95AVFHA+R6mBq/rSXn5ci5E91/6SiRu/m0dJnqyavLARQhiwk0OQwqFP2eVkemajPg+qC0/97V5GhdmP377x8lBraT+3ASG32t8=
+[127.0.0.1]:20022 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBPtLrSGu6F9rXohCdhzftskMcoGBEMcjboO7cKgwtEYNFkWYUUd1nuvy/m0uyAQvpe/I4tmJTDXDa8CE41zgTYM=
diff --git a/_ops/awwan-play/mkosi.extra/home/awwan/play/.gitignore b/_ops/awwan-play/mkosi.extra/home/awwan/play/.gitignore
new file mode 100644
index 0000000..120f485
--- /dev/null
+++ b/_ops/awwan-play/mkosi.extra/home/awwan/play/.gitignore
@@ -0,0 +1,2 @@
+*
+!/.gitignore
diff --git a/_ops/awwan-play/mkosi.extra/home/awwanssh/.ssh/authorized_keys b/_ops/awwan-play/mkosi.extra/home/awwanssh/.ssh/authorized_keys
new file mode 100644
index 0000000..6b83dfd
--- /dev/null
+++ b/_ops/awwan-play/mkosi.extra/home/awwanssh/.ssh/authorized_keys
@@ -0,0 +1 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKSLsL1Sop7BaZ7UB0lN5L6POggIvy1KRdS+os039qr5 awwan@awwan-test
diff --git a/_ops/awwan-play/mkosi.finalize.chroot b/_ops/awwan-play/mkosi.finalize.chroot
new file mode 100755
index 0000000..a3db830
--- /dev/null
+++ b/_ops/awwan-play/mkosi.finalize.chroot
@@ -0,0 +1,9 @@
+#!/bin/sh
+
+systemctl enable sshd.service
+systemctl enable org-awwan-play.path
+systemctl enable org-awwan-play.service
+
+chmod 0600 /etc/ssh/*_key
+chown -R awwan:awwan /home/awwan/
+chown -R awwanssh:awwanssh /home/awwanssh/
diff --git a/_ops/awwan-play/mkosi.nspawn b/_ops/awwan-play/mkosi.nspawn
new file mode 100644
index 0000000..2302007
--- /dev/null
+++ b/_ops/awwan-play/mkosi.nspawn
@@ -0,0 +1,9 @@
+[Files]
+Bind=/data/awwan/src/_play:/home/awwan/play:idmap
+Bind=/data/awwan/src/_bin:/usr/local/bin
+ReadOnly=yes
+
+[Network]
+Private = yes
+VirtualEthernet = yes
+Zone = awwan
diff --git a/_ops/awwan-play/mkosi.prepare.chroot b/_ops/awwan-play/mkosi.prepare.chroot
new file mode 100755
index 0000000..ee0cf8e
--- /dev/null
+++ b/_ops/awwan-play/mkosi.prepare.chroot
@@ -0,0 +1,20 @@
+#!/bin/sh
+
+set -x
+
+## User testing sudo with password prompt.
+## The UID of user in container must equal with UID in host, for
+## better compatibility.
+## The password is "awwan".
+
+useradd --create-home --user-group \
+	--uid $MKOSI_UID \
+	--password '$2a$10$XVhjfOB4Un5DJE4TQEBPrOHfBVGVWP4iA3ElUMzcbJ7jdc2zZPgZ2' \
+	awwan
+
+## User testing with ssh.
+
+useradd --create-home --user-group --groups wheel \
+	--uid $((MKOSI_UID+1)) \
+	--password '$2a$10$XVhjfOB4Un5DJE4TQEBPrOHfBVGVWP4iA3ElUMzcbJ7jdc2zZPgZ2' \
+	awwanssh
diff --git a/_ops/awwan-play/mkosi.skeleton/etc/pacman.conf b/_ops/awwan-play/mkosi.skeleton/etc/pacman.conf
new file mode 100644
index 0000000..e288913
--- /dev/null
+++ b/_ops/awwan-play/mkosi.skeleton/etc/pacman.conf
@@ -0,0 +1,101 @@
+#
+# /etc/pacman.conf
+#
+# See the pacman.conf(5) manpage for option and repository directives
+
+#
+# GENERAL OPTIONS
+#
+[options]
+# The following paths are commented out with their default values listed.
+# If you wish to use different paths, uncomment and update the paths.
+#RootDir     = /
+#DBPath      = /var/lib/pacman/
+CacheDir    = /home/var/cache/pacman/pkg/
+#LogFile     = /var/log/pacman.log
+#GPGDir      = /etc/pacman.d/gnupg/
+#HookDir     = /etc/pacman.d/hooks/
+HoldPkg     = pacman glibc
+#XferCommand = /usr/bin/curl -L -C - -f -o %o %u
+#XferCommand = /usr/bin/wget --passive-ftp -c -O %o %u
+CleanMethod = KeepInstalled
+Architecture = auto
+
+# Pacman won't upgrade packages listed in IgnorePkg and members of IgnoreGroup
+IgnorePkg   = go
+#IgnoreGroup =
+
+#NoUpgrade   =
+#NoExtract   =
+
+# Misc options
+#UseSyslog
+#Color
+#NoProgressBar
+CheckSpace
+VerbosePkgLists
+#ParallelDownloads = 5
+ILoveCandy
+
+# By default, pacman accepts packages signed by keys that its local keyring
+# trusts (see pacman-key and its man page), as well as unsigned packages.
+SigLevel    = Required DatabaseOptional
+LocalFileSigLevel = Optional
+#RemoteFileSigLevel = Required
+
+# NOTE: You must run `pacman-key --init` before first using pacman; the local
+# keyring can then be populated with the keys of all official Arch Linux
+# packagers with `pacman-key --populate archlinux`.
+
+#
+# REPOSITORIES
+#   - can be defined here or included from another file
+#   - pacman will search repositories in the order defined here
+#   - local/custom mirrors can be added here or in separate files
+#   - repositories listed first will take precedence when packages
+#     have identical names, regardless of version number
+#   - URLs will have $repo replaced by the name of the current repo
+#   - URLs will have $arch replaced by the name of the architecture
+#
+# Repository entries are of the format:
+#       [repo-name]
+#       Server = ServerName
+#       Include = IncludePath
+#
+# The header [repo-name] is crucial - it must be present and
+# uncommented to enable the repo.
+#
+
+# The testing repositories are disabled by default. To enable, uncomment the
+# repo name header and Include lines. You can add preferred servers immediately
+# after the header, and they will be used before the default mirrors.
+
+#[core-testing]
+#Include = /etc/pacman.d/mirrorlist
+
+[core]
+Server = https://mirror.0x.sg/archlinux/$repo/os/$arch
+
+#[extra-testing]
+#Include = /etc/pacman.d/mirrorlist
+
+[extra]
+Server = https://mirror.0x.sg/archlinux/$repo/os/$arch
+
+# If you want to run 32 bit applications on your x86_64 system,
+# enable the multilib repositories as required here.
+
+#[multilib-testing]
+#Include = /etc/pacman.d/mirrorlist
+
+#[multilib]
+#Include = /etc/pacman.d/mirrorlist
+
+# An example of a custom package repository.  See the pacman manpage for
+# tips on creating your own repositories.
+#[custom]
+#SigLevel = Optional TrustAll
+#Server = file:///home/custompkgs
+
+[build.kilabit.info]
+Server = https://build.kilabit.info/aur
diff --git a/_play/.ssh/awwan.key b/_play/.ssh/awwan.key
new file mode 100644
index 0000000..7ff257d
--- /dev/null
+++ b/_play/.ssh/awwan.key
@@ -0,0 +1,39 @@
+-----BEGIN OPENSSH PRIVATE KEY-----
+b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABDr7w6Hh7
+Pi0EVk8uC3xWu/AAAAGAAAAAEAAAGXAAAAB3NzaC1yc2EAAAADAQABAAABgQDselAAd35c
+/jQLWwXm4U97fiA0PZSIIaeJAJesztTwY4J/Tl8ArjyGq6HgYV/UV652Web7Kpt+YaEF2E
+KQpF+O0c2U93cMi0ldEWm67LQIP/NfUPtp/YqJVi5ePtHx6d78zMle31Fg/vp4dt90bCSV
+23Sn2i52vorNdp4hr1RW6qTBwcjlkRx++mEwQK7ILdTs7q30RRj/HVq4tJ3YR/Gp04aHkn
+UvMn7E3vp3xDEBE8MoSC6capckdVRYwCQPvOrluGU3f3GjmkkW7KzvYAMNqWlFdUMLWigW
+LjndIIVAB9EmqMdQxPdLYbRwGbrxzTYKhf/P12yP3s8vbvt2qygCf1WjDttrPY/Bn6NZ/g
+jKprznjVeV/MIdPkJwHo+L82BK8bNMpUvPg/lPJkmg1MmDmXxPvqC9DwIK/cGR1DsatXB7
+ZZ1JoQ6wN5Tqsh6Y+SAHHrya2N3jawQnC8aA1yYAGfrScBnC0QMHkk4n5jOvAf5LfON6lq
+TrGNFl3jlSrdEAAAWAK4EimrLGSmKtVzJWZay2zUq4880IwAZB8acg0XVZfIFz2DLpulbA
+PiIt6+5B4yhMSr2bH6xHx7QSBeEy9AXdi/0IVR/3fI/dpLH6DsBDrsxLMUT/DLjaWm9fdq
+4BQnEWXdT0jW7BoGw2ghrsGXtRpw/9Bz4ce3dGqt0AZbIQZ1q8/+m2wZC6hSB2UdxgBWQA
+suVlHL28YEAvKcIKc63quWF1NEc/ZxruX7CsBOdZZUeg8ijvzDBdhLaz9XcBkd5ZT18oRj
+e5RyCzSwLy7Yv1ZG4065QiIR4eYcg8c7rT2TcdMWfTyqowjoNRIrxoBpdQhBNEsw2sFJ0m
+4WRt9GBtrkzExBaFfni3seda9rAgLisfa9BIyErQnBtRPpYLKb1VGCeTfZiUsuCo2O5hDK
+EESvayxK1mfjL5l2cv60EBidhzkGM1ThA2WdkjAV7Ge2NDTwVvf7DqrWsJ45UzkXH1mnlf
+F68TjHUEGPnAYMmi4CtsQuacy9A13908VaykVO0s1dnO4zqyak8yA5auDzY/6pQRiWEj5T
+GIAJuEcjSiHi7N9deuqynVFtuchJN9xBNNznu6SD3zYy+c13/p0oPpjzgscJLcjcA4qtOk
+42OifMHvIQFe8ul6PPiXz+P8sRUijUIldHNNrAZNJK3T6IfhNOG7qWu23XZRtXeropK6Q3
+x8HIcc92/DT43OhuRrZVzORNiI0Ff+8lnLsDIjAbYCfqjQkdyxXI9rmcBS+o0GyL3OyDna
+IJavT4KRZbds/kG6tH+78Pda6a9PKDTjW0od7ovveJBSq7mcs4azSSpF73Jj1JHE5MIEe7
+D5KcETgV90C5VqUeI/HAQRVNtJWQNaWre4uRYXRxN05EXcog7oFvAmeVvsoN2V26XU9ZAy
+i1icys0qkmAn4UdEjpe/Ifgxf6UPpIUnsjjGudnFq/VFzmPncDziZzCdiwjXOLPnyTiohf
+mW5orkyIyOFbX7iBlj6PhUyDyX3HdVFBznm/z9qByv1DMP2lpMqq2LhzNirmGsj332NNBa
+Lh9XyAyxUD8VFOnj7Q3AWw7f8cH6BA59qEF3Mm302Y8b9ajtpm98wsktPnDB1sAxWFagge
+EaDSoM2eAgPKA3VoKGv42YogyOvHnwedUkbiB1yBt1FXzBQxthnjy+qSvC46n2nIFgro3V
+Avfy8eLylwS9BQKq4n79cw/rWQV3XP8E/NMWuYJzAOXcRJzgT1AJYAMhTzfssC7x+ZsgJV
+MYYFBgH0flCMxe8/dmg5XDJnfrP8fgm0KwHrq1vrscNmrissGxmfpD5lxLPnIHGN+MmHO9
+gVjLWAHnRIHVH78quA9f2HJDDSyX+dOKuDpK3pURnMt3wtN33WfnGM7NrAyWGboTt9Ra8X
+WXt2BO8fdB+z8yLMEkLRg9VTPKlvWXShjQSFSciA/m8/vUmpH85dadlhDDpKQoDxwX/fcy
+ftqGAZyWenAw+C1N8jy63lIBNGZShE/+5Ohd+tOTRoPeqT0lZJWHly0teeOjR8jhB15Kj+
+a6rHm1ezj8RiDfpiXtpvbW7QPGhGyT2z7MtUOqgwTFfvYkFW9TR9y4B0uZzJ4KWo5zbeof
+GZkeHF+wkvh+dp3AdNnurcxfYvhXimUgaebpE+ltVaHk/1WFUmiPOyH8hdOFr56/1B9EOV
+wqC0q3JvP33XGzkRFGs3Yig+CDSsGmN3HKp3AxGmY++kC+VVQeDyBvJLS4jth0CwNdJvsr
+7HtARoaGx6+fMUv1CKQlwAS3axJNGRGK7MiSUmNBIWA8XDpOOKSmwZRjnn+fIGgRqKQST2
+YCy+2vetljVOWioQMju/cuQ7TwkLqsF2wfTZ/1rljUYFFmRfbUeXySN5MdQWpXseBl5kRW
+ovQk9w==
+-----END OPENSSH PRIVATE KEY-----
diff --git a/_play/.ssh/awwan.pass b/_play/.ssh/awwan.pass
new file mode 100644
index 0000000..55b8390
--- /dev/null
+++ b/_play/.ssh/awwan.pass
@@ -0,0 +1 @@
+s3cret
\ No newline at end of file
diff --git a/_play/.ssh/config b/_play/.ssh/config
new file mode 100644
index 0000000..983eee4
--- /dev/null
+++ b/_play/.ssh/config
@@ -0,0 +1,6 @@
+## This is an example of remote host to execute awwan command using "play".
+Host remotehost
+	Hostname 127.0.0.1
+	Port 20022
+	User awwanssh
+	IdentityFile ~/.ssh/id_ed25519
diff --git a/_play/awwan.env b/_play/awwan.env
new file mode 100644
index 0000000..ac4f2d3
--- /dev/null
+++ b/_play/awwan.env
@@ -0,0 +1,2 @@
+[user "awwan"]
+name = ms
diff --git a/_play/example.aww b/_play/example.aww
new file mode 100644
index 0000000..0b58478
--- /dev/null
+++ b/_play/example.aww
@@ -0,0 +1,4 @@
+## This is an example of awwan script that can be executed using "local"
+## command.
+
+echo "Hello, local"