From 1640caca8245096a7fb1bc6f1b1e03881ce5824e Mon Sep 17 00:00:00 2001 From: Shulhan Date: Sun, 17 Dec 2023 16:45:44 +0700 Subject: all: rename _play, _ops/awwan-play to _tour, _ops/awwan-tour The name "play" imply that the service is to run awwan script, while the "tour" is to guide the new user to use awwan WUI, since its contains the tutorial. --- .gitignore | 1 + Makefile | 24 +++-- _ops/awwan-play/mkosi.conf | 12 --- _ops/awwan-play/mkosi.conf.d/archlinux.conf | 12 --- .../mkosi.extra/etc/ssh/ssh_host_ecdsa_key | 9 -- .../mkosi.extra/etc/ssh/ssh_host_ecdsa_key.pub | 1 - .../mkosi.extra/etc/ssh/ssh_host_ed25519_key | 7 -- .../mkosi.extra/etc/ssh/ssh_host_ed25519_key.pub | 1 - .../mkosi.extra/etc/ssh/ssh_host_rsa_key | 38 ------- .../mkosi.extra/etc/ssh/ssh_host_rsa_key.pub | 1 - _ops/awwan-play/mkosi.extra/etc/ssh/sshd_config | 117 --------------------- _ops/awwan-play/mkosi.extra/etc/sudoers.d/awwan | 6 -- .../etc/systemd/system/org-awwan-play.path | 9 -- .../etc/systemd/system/org-awwan-play.service | 14 --- .../etc/systemd/system/systemctl-restart@.service | 6 -- .../mkosi.extra/home/awwan/.ssh/id_ed25519 | 7 -- .../mkosi.extra/home/awwan/.ssh/id_ed25519.pub | 1 - .../mkosi.extra/home/awwan/.ssh/known_hosts | 3 - .../mkosi.extra/home/awwan/play/.gitignore | 2 - .../mkosi.extra/home/awwanssh/.ssh/authorized_keys | 1 - _ops/awwan-play/mkosi.finalize.chroot | 9 -- _ops/awwan-play/mkosi.nspawn | 12 --- _ops/awwan-play/mkosi.prepare.chroot | 20 ---- _ops/awwan-play/mkosi.skeleton/etc/pacman.conf | 101 ------------------ _ops/awwan-tour/mkosi.conf | 12 +++ _ops/awwan-tour/mkosi.conf.d/archlinux.conf | 12 +++ .../mkosi.extra/etc/ssh/ssh_host_ecdsa_key | 9 ++ .../mkosi.extra/etc/ssh/ssh_host_ecdsa_key.pub | 1 + .../mkosi.extra/etc/ssh/ssh_host_ed25519_key | 7 ++ .../mkosi.extra/etc/ssh/ssh_host_ed25519_key.pub | 1 + .../mkosi.extra/etc/ssh/ssh_host_rsa_key | 38 +++++++ .../mkosi.extra/etc/ssh/ssh_host_rsa_key.pub | 1 + _ops/awwan-tour/mkosi.extra/etc/ssh/sshd_config | 117 +++++++++++++++++++++ _ops/awwan-tour/mkosi.extra/etc/sudoers.d/awwan | 6 ++ .../etc/systemd/system/org-awwan-tour.path | 9 ++ .../etc/systemd/system/org-awwan-tour.service | 14 +++ .../etc/systemd/system/systemctl-restart@.service | 6 ++ .../mkosi.extra/home/awwan/.ssh/id_ed25519 | 7 ++ .../mkosi.extra/home/awwan/.ssh/id_ed25519.pub | 1 + .../mkosi.extra/home/awwan/.ssh/known_hosts | 3 + .../mkosi.extra/home/awwan/tour/.gitignore | 2 + .../mkosi.extra/home/awwanssh/.ssh/authorized_keys | 1 + _ops/awwan-tour/mkosi.finalize.chroot | 9 ++ _ops/awwan-tour/mkosi.nspawn | 12 +++ _ops/awwan-tour/mkosi.prepare.chroot | 20 ++++ _ops/awwan-tour/mkosi.skeleton/etc/pacman.conf | 101 ++++++++++++++++++ _play/.awwan.env | 2 - _play/.awwan.env.vault | Bin 384 -> 0 bytes _play/.gitignore | 7 -- _play/.ssh/awwan.key | 39 ------- _play/.ssh/awwan.pass | 1 - _play/.ssh/config | 6 -- _play/.vimrc | 3 - _play/00_README.txt | 68 ------------ _play/01_local.aww | 50 --------- _play/02_script_variables.aww | 28 ----- _play/03_env.aww | 57 ---------- _play/04_env-set.aww | 41 -------- _play/05_env-get.aww | 39 ------- _play/06_magic_put.aww | 50 --------- _play/07_magic_get.aww | 21 ---- _play/08_encrypt.aww | 31 ------ _play/09_decrypt.aww | 22 ---- _play/10_encrypted_env.aww | 16 --- _play/11_encrypted_put.aww | 37 ------- _play/12_magic_require.aww | 29 ----- _play/app.conf.vault | Bin 384 -> 0 bytes _play/awwan.env | 10 -- _play/example.aww | 4 - _play/put_source.txt | 1 - _play/remotehost/01_play.aww | 53 ---------- _play/remotehost/02_magic_local.aww | 25 ----- _play/remotehost/awwan.env | 2 - _play/secret.txt | 1 - _tour/.awwan.env | 2 + _tour/.awwan.env.vault | Bin 0 -> 384 bytes _tour/.gitignore | 7 ++ _tour/.ssh/awwan.key | 39 +++++++ _tour/.ssh/awwan.pass | 1 + _tour/.ssh/config | 6 ++ _tour/.vimrc | 3 + _tour/00_README.txt | 70 ++++++++++++ _tour/01_local.aww | 50 +++++++++ _tour/02_script_variables.aww | 28 +++++ _tour/03_env.aww | 57 ++++++++++ _tour/04_env-set.aww | 41 ++++++++ _tour/05_env-get.aww | 39 +++++++ _tour/06_magic_put.aww | 50 +++++++++ _tour/07_magic_get.aww | 21 ++++ _tour/08_encrypt.aww | 31 ++++++ _tour/09_decrypt.aww | 22 ++++ _tour/10_encrypted_env.aww | 16 +++ _tour/11_encrypted_put.aww | 37 +++++++ _tour/12_magic_require.aww | 29 +++++ _tour/app.conf.vault | Bin 0 -> 384 bytes _tour/awwan.env | 10 ++ _tour/example.aww | 4 + _tour/put_source.txt | 1 + _tour/remotehost/01_play.aww | 53 ++++++++++ _tour/remotehost/02_magic_local.aww | 25 +++++ _tour/remotehost/awwan.env | 2 + _tour/secret.txt | 1 + 102 files changed, 1048 insertions(+), 1043 deletions(-) delete mode 100644 _ops/awwan-play/mkosi.conf delete mode 100644 _ops/awwan-play/mkosi.conf.d/archlinux.conf delete mode 100644 _ops/awwan-play/mkosi.extra/etc/ssh/ssh_host_ecdsa_key delete mode 100644 _ops/awwan-play/mkosi.extra/etc/ssh/ssh_host_ecdsa_key.pub delete mode 100644 _ops/awwan-play/mkosi.extra/etc/ssh/ssh_host_ed25519_key delete mode 100644 _ops/awwan-play/mkosi.extra/etc/ssh/ssh_host_ed25519_key.pub delete mode 100644 _ops/awwan-play/mkosi.extra/etc/ssh/ssh_host_rsa_key delete mode 100644 _ops/awwan-play/mkosi.extra/etc/ssh/ssh_host_rsa_key.pub delete mode 100644 _ops/awwan-play/mkosi.extra/etc/ssh/sshd_config delete mode 100644 _ops/awwan-play/mkosi.extra/etc/sudoers.d/awwan delete mode 100644 _ops/awwan-play/mkosi.extra/etc/systemd/system/org-awwan-play.path delete mode 100644 _ops/awwan-play/mkosi.extra/etc/systemd/system/org-awwan-play.service delete mode 100644 _ops/awwan-play/mkosi.extra/etc/systemd/system/systemctl-restart@.service delete mode 100644 _ops/awwan-play/mkosi.extra/home/awwan/.ssh/id_ed25519 delete mode 100644 _ops/awwan-play/mkosi.extra/home/awwan/.ssh/id_ed25519.pub delete mode 100644 _ops/awwan-play/mkosi.extra/home/awwan/.ssh/known_hosts delete mode 100644 _ops/awwan-play/mkosi.extra/home/awwan/play/.gitignore delete mode 100644 _ops/awwan-play/mkosi.extra/home/awwanssh/.ssh/authorized_keys delete mode 100755 _ops/awwan-play/mkosi.finalize.chroot delete mode 100644 _ops/awwan-play/mkosi.nspawn delete mode 100755 _ops/awwan-play/mkosi.prepare.chroot delete mode 100644 _ops/awwan-play/mkosi.skeleton/etc/pacman.conf create mode 100644 _ops/awwan-tour/mkosi.conf create mode 100644 _ops/awwan-tour/mkosi.conf.d/archlinux.conf create mode 100644 _ops/awwan-tour/mkosi.extra/etc/ssh/ssh_host_ecdsa_key create mode 100644 _ops/awwan-tour/mkosi.extra/etc/ssh/ssh_host_ecdsa_key.pub create mode 100644 _ops/awwan-tour/mkosi.extra/etc/ssh/ssh_host_ed25519_key create mode 100644 _ops/awwan-tour/mkosi.extra/etc/ssh/ssh_host_ed25519_key.pub create mode 100644 _ops/awwan-tour/mkosi.extra/etc/ssh/ssh_host_rsa_key create mode 100644 _ops/awwan-tour/mkosi.extra/etc/ssh/ssh_host_rsa_key.pub create mode 100644 _ops/awwan-tour/mkosi.extra/etc/ssh/sshd_config create mode 100644 _ops/awwan-tour/mkosi.extra/etc/sudoers.d/awwan create mode 100644 _ops/awwan-tour/mkosi.extra/etc/systemd/system/org-awwan-tour.path create mode 100644 _ops/awwan-tour/mkosi.extra/etc/systemd/system/org-awwan-tour.service create mode 100644 _ops/awwan-tour/mkosi.extra/etc/systemd/system/systemctl-restart@.service create mode 100644 _ops/awwan-tour/mkosi.extra/home/awwan/.ssh/id_ed25519 create mode 100644 _ops/awwan-tour/mkosi.extra/home/awwan/.ssh/id_ed25519.pub create mode 100644 _ops/awwan-tour/mkosi.extra/home/awwan/.ssh/known_hosts create mode 100644 _ops/awwan-tour/mkosi.extra/home/awwan/tour/.gitignore create mode 100644 _ops/awwan-tour/mkosi.extra/home/awwanssh/.ssh/authorized_keys create mode 100755 _ops/awwan-tour/mkosi.finalize.chroot create mode 100644 _ops/awwan-tour/mkosi.nspawn create mode 100755 _ops/awwan-tour/mkosi.prepare.chroot create mode 100644 _ops/awwan-tour/mkosi.skeleton/etc/pacman.conf delete mode 100644 _play/.awwan.env delete mode 100644 _play/.awwan.env.vault delete mode 100644 _play/.gitignore delete mode 100644 _play/.ssh/awwan.key delete mode 100644 _play/.ssh/awwan.pass delete mode 100644 _play/.ssh/config delete mode 100644 _play/.vimrc delete mode 100644 _play/00_README.txt delete mode 100644 _play/01_local.aww delete mode 100644 _play/02_script_variables.aww delete mode 100644 _play/03_env.aww delete mode 100644 _play/04_env-set.aww delete mode 100644 _play/05_env-get.aww delete mode 100644 _play/06_magic_put.aww delete mode 100644 _play/07_magic_get.aww delete mode 100644 _play/08_encrypt.aww delete mode 100644 _play/09_decrypt.aww delete mode 100644 _play/10_encrypted_env.aww delete mode 100644 _play/11_encrypted_put.aww delete mode 100644 _play/12_magic_require.aww delete mode 100644 _play/app.conf.vault delete mode 100644 _play/awwan.env delete mode 100644 _play/example.aww delete mode 100644 _play/put_source.txt delete mode 100644 _play/remotehost/01_play.aww delete mode 100644 _play/remotehost/02_magic_local.aww delete mode 100644 _play/remotehost/awwan.env delete mode 100644 _play/secret.txt create mode 100644 _tour/.awwan.env create mode 100644 _tour/.awwan.env.vault create mode 100644 _tour/.gitignore create mode 100644 _tour/.ssh/awwan.key create mode 100644 _tour/.ssh/awwan.pass create mode 100644 _tour/.ssh/config create mode 100644 _tour/.vimrc create mode 100644 _tour/00_README.txt create mode 100644 _tour/01_local.aww create mode 100644 _tour/02_script_variables.aww create mode 100644 _tour/03_env.aww create mode 100644 _tour/04_env-set.aww create mode 100644 _tour/05_env-get.aww create mode 100644 _tour/06_magic_put.aww create mode 100644 _tour/07_magic_get.aww create mode 100644 _tour/08_encrypt.aww create mode 100644 _tour/09_decrypt.aww create mode 100644 _tour/10_encrypted_env.aww create mode 100644 _tour/11_encrypted_put.aww create mode 100644 _tour/12_magic_require.aww create mode 100644 _tour/app.conf.vault create mode 100644 _tour/awwan.env create mode 100644 _tour/example.aww create mode 100644 _tour/put_source.txt create mode 100644 _tour/remotehost/01_play.aww create mode 100644 _tour/remotehost/02_magic_local.aww create mode 100644 _tour/remotehost/awwan.env create mode 100644 _tour/secret.txt diff --git a/.gitignore b/.gitignore index 62d8336..60e7b24 100644 --- a/.gitignore +++ b/.gitignore @@ -16,6 +16,7 @@ /_mkosi/image.raw /_mkosi/mkosi.builddir/ /_mkosi/mkosi.cache/ +/_tour/output /_wui/doc/*.html /awwan /awwan.test diff --git a/Makefile b/Makefile index 475567a..86e1925 100644 --- a/Makefile +++ b/Makefile @@ -158,24 +158,26 @@ release-sync-local: release-tip-local: embed build-all-amd64 build-all-arm64 release-sync-local #}}} -#{{{ Tasks for play.awwan.org. +#{{{ Tasks for tour.awwan.org. -## Build the play.awwan.org container in local. +## Build the tour.awwan.org container in local. -.PHONY: build-awwan-play -build-awwan-play: +.PHONY: build-tour +build-tour: + @echo ">>> Building container ..." + sudo mkosi --directory=_ops/awwan-tour --force build + +.PHONY: build-tour-local +build-tour-local: build-tour @echo ">>> Stopping container ..." - -sudo machinectl stop awwan-play + -sudo machinectl stop awwan-tour + ## We need to bind src/_bin and src/_tour into container. @echo ">>> Creating binding ..." - ## We need to bind src/_bin and src/_play into container. mkdir -p /data/awwan/ ln -sTf $$(pwd) /data/awwan/src - @echo ">>> Building container ..." - sudo mkosi --directory=_ops/awwan-play --force build - - sudo machinectl --force import-tar /data/awwan/awwan-play.tar - sudo machinectl start awwan-play + sudo machinectl --force import-tar /data/awwan/awwan-tour.tar + sudo machinectl start awwan-tour #}}} diff --git a/_ops/awwan-play/mkosi.conf b/_ops/awwan-play/mkosi.conf deleted file mode 100644 index 11a9dc7..0000000 --- a/_ops/awwan-play/mkosi.conf +++ /dev/null @@ -1,12 +0,0 @@ -[Output] -CacheDirectory=../mkosi.cache/ -Format=tar -Output=awwan-play -OutputDirectory=/data/awwan/ - -[Content] -Bootable=no -CleanPackageMetadata=false - -[Host] -Incremental=yes diff --git a/_ops/awwan-play/mkosi.conf.d/archlinux.conf b/_ops/awwan-play/mkosi.conf.d/archlinux.conf deleted file mode 100644 index 34add3f..0000000 --- a/_ops/awwan-play/mkosi.conf.d/archlinux.conf +++ /dev/null @@ -1,12 +0,0 @@ -[Match] -Distribution=arch - -[Content] -SkeletonTrees=/var/lib/pacman/sync:/var/lib/pacman/sync -Packages= - systemd - bash - shadow - sudo - openssh - ca-certificates diff --git a/_ops/awwan-play/mkosi.extra/etc/ssh/ssh_host_ecdsa_key b/_ops/awwan-play/mkosi.extra/etc/ssh/ssh_host_ecdsa_key deleted file mode 100644 index 4c84aa4..0000000 --- a/_ops/awwan-play/mkosi.extra/etc/ssh/ssh_host_ecdsa_key +++ /dev/null @@ -1,9 +0,0 @@ ------BEGIN OPENSSH PRIVATE KEY----- -b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAaAAAABNlY2RzYS -1zaGEyLW5pc3RwMjU2AAAACG5pc3RwMjU2AAAAQQT7S60hruhfa16IQnYc37bJDHKBgRDH -I26Du3CoMLRGDRZFmFFHdZ7r8v5tLsgEL6XvyOLZiUw1w2vAhONc4E2DAAAAqIaKFjWGih -Y1AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBPtLrSGu6F9rXohC -dhzftskMcoGBEMcjboO7cKgwtEYNFkWYUUd1nuvy/m0uyAQvpe/I4tmJTDXDa8CE41zgTY -MAAAAhAP84kEfvH5BsCNq+N+5R5NZxfIyzm+Utyq/cE3kQLBDLAAAAD3Jvb3RAYXd3YW4t -dGVzdA== ------END OPENSSH PRIVATE KEY----- diff --git a/_ops/awwan-play/mkosi.extra/etc/ssh/ssh_host_ecdsa_key.pub b/_ops/awwan-play/mkosi.extra/etc/ssh/ssh_host_ecdsa_key.pub deleted file mode 100644 index 268f2e6..0000000 --- a/_ops/awwan-play/mkosi.extra/etc/ssh/ssh_host_ecdsa_key.pub +++ /dev/null @@ -1 +0,0 @@ -ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBPtLrSGu6F9rXohCdhzftskMcoGBEMcjboO7cKgwtEYNFkWYUUd1nuvy/m0uyAQvpe/I4tmJTDXDa8CE41zgTYM= root@awwan-test diff --git a/_ops/awwan-play/mkosi.extra/etc/ssh/ssh_host_ed25519_key b/_ops/awwan-play/mkosi.extra/etc/ssh/ssh_host_ed25519_key deleted file mode 100644 index 5613dbc..0000000 --- a/_ops/awwan-play/mkosi.extra/etc/ssh/ssh_host_ed25519_key +++ /dev/null @@ -1,7 +0,0 @@ ------BEGIN OPENSSH PRIVATE KEY----- -b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW -QyNTUxOQAAACBsXuBVZwXij+tW08TqrDJ7ZAgb45M5NK2RS99pfZeNEAAAAJiq/vlwqv75 -cAAAAAtzc2gtZWQyNTUxOQAAACBsXuBVZwXij+tW08TqrDJ7ZAgb45M5NK2RS99pfZeNEA -AAAECQJtEe3tM08NBhUIP03r+vDQ7vTkQA0uqF4KbS6Thhamxe4FVnBeKP61bTxOqsMntk -CBvjkzk0rZFL32l9l40QAAAAD3Jvb3RAYXd3YW4tdGVzdAECAwQFBg== ------END OPENSSH PRIVATE KEY----- diff --git a/_ops/awwan-play/mkosi.extra/etc/ssh/ssh_host_ed25519_key.pub b/_ops/awwan-play/mkosi.extra/etc/ssh/ssh_host_ed25519_key.pub deleted file mode 100644 index 4b588a3..0000000 --- a/_ops/awwan-play/mkosi.extra/etc/ssh/ssh_host_ed25519_key.pub +++ /dev/null @@ -1 +0,0 @@ -ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGxe4FVnBeKP61bTxOqsMntkCBvjkzk0rZFL32l9l40Q root@awwan-test diff --git a/_ops/awwan-play/mkosi.extra/etc/ssh/ssh_host_rsa_key b/_ops/awwan-play/mkosi.extra/etc/ssh/ssh_host_rsa_key deleted file mode 100644 index 3cd073e..0000000 --- a/_ops/awwan-play/mkosi.extra/etc/ssh/ssh_host_rsa_key +++ /dev/null @@ -1,38 +0,0 @@ ------BEGIN OPENSSH PRIVATE KEY----- -b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAABlwAAAAdzc2gtcn -NhAAAAAwEAAQAAAYEAyQPHy2DJlH/QwMILv10bf1MmHZQJY+dPBCRhRz8UnWLedGqUyZFY -z33Q4Vkz+jUxLOoO7H5SYeo9iW8wbNoPBg/G7J8yf9nAxn68cRXRmM6C5YE8ZR4HbVMIs0 -htPgHfZVENKeDTXoHTcy3/rxaSTeBOxBpzzPtaBerIlzDA0aucPCOPv22WclD4cKrcoAsz -yebLVPqS3iiegVdp4a7cJMaG0nn+GcqA2FhWn3XCxC5PklXn57+jJhUCa3Fm0CkUXu5+CL -5tnDfFILm/Xu7wel5yka6y/n+zUAE7vQspkl2mo2rKUQCk5Yev4UREmfETnnNeSgaWT+jF -EqxpkhQzst8Glxrrljfxjng6Z8ubixxp7/vZ4BJZI7rDknvH03Zg8IYDr9VcFF4klr62Jg -6EK7ISqHnXbveQFRRwPkepgav60l5+XIuRPdf+kokbv5tHSZ6smrywEUIYsJNDkMKhT9nl -ZHpmoz4PqgtP/e1eRoXZj9++8fJQa2k/twEht9rfAAAFiDtmriw7Zq4sAAAAB3NzaC1yc2 -EAAAGBAMkDx8tgyZR/0MDCC79dG39TJh2UCWPnTwQkYUc/FJ1i3nRqlMmRWM990OFZM/o1 -MSzqDux+UmHqPYlvMGzaDwYPxuyfMn/ZwMZ+vHEV0ZjOguWBPGUeB21TCLNIbT4B32VRDS -ng016B03Mt/68Wkk3gTsQac8z7WgXqyJcwwNGrnDwjj79tlnJQ+HCq3KALM8nmy1T6kt4o -noFXaeGu3CTGhtJ5/hnKgNhYVp91wsQuT5JV5+e/oyYVAmtxZtApFF7ufgi+bZw3xSC5v1 -7u8HpecpGusv5/s1ABO70LKZJdpqNqylEApOWHr+FERJnxE55zXkoGlk/oxRKsaZIUM7Lf -Bpca65Y38Y54OmfLm4scae/72eASWSO6w5J7x9N2YPCGA6/VXBReJJa+tiYOhCuyEqh512 -73kBUUcD5HqYGr+tJeflyLkT3X/pKJG7+bR0merJq8sBFCGLCTQ5DCoU/Z5WR6ZqM+D6oL -T/3tXkaF2Y/fvvHyUGtpP7cBIbfa3wAAAAMBAAEAAAGAMxcb48wwz+aAl016kOPIRl9K07 -+5d0PmKGZatzIIOkxTwAEK2gRwLySKP4xdkp2MZx8CNgeRRsOzakfxZekyYlcGN0PrIOWm -gozZtmBWSmFKkax8PjMYriepkW+6HEV7kxO7pcY30tBqft7VGppBCzwUqPEUN6g25EQdQZ -gpmeDlL7/WHFBtKZb83h3/P0o5mnpneazKQV7Pko42Ih9AYrR2te49sC5w+wvQ0Gys2RHw -NYBSFev2Ooqid8511DhsOmPd25YlzetPxl9pkf5W1uD+QJHOhT2Y6Yx1zkrgX2kfZpWrig -49FgcAFqBcOpuECGFqeXBW1RlRVgrML0RfgKTeOorjOkjAqUqudjgtFqW8jxgsF7zAzDqp -HdfFA7EHMwLZ5cqIh2PqrZ9Sip87MGlX5gOoNsRk6LYvxwPXtyB3K5FenlxaZSYibYBeUd -DWiFIwV2n5SgvSl+t6t0ughvoztl/UqQzmn4BJ5f8eaHVocdSFEagOy30wzji1m/sxAAAA -wHHzn9Y72W+M8xB+wYsFOY/qtsLoiis6o422MhTDFdVtHjDkuV+uwtgm9Dq3ZDvLlvFrTn -AgbyQFmqvVOn6SWZtspnZhAYLFfGhzlAHU05asCyx2u0pB6FLZDHEiUc+F22CXs8vRvBU2 -Du9U/ULMdCkP2Bu1PJN/b98DkyfpErtG/EhUmoPR6GR+Ulpdg+c6KcothUi9rEIu83Hmg0 -sG7OeqcBqOtj5jgifARnHmiS4e1eUfIMSjkO5jfWw4xwvZiAAAAMEA9KtDKbEZr9pnGQPA -2VeuoMnoJ4271UzqufuIE2/uWmXSG3NgBAWnNwcby6cpJdhdnM7u9C7CWFaB3Ay/cGZ64H -U6k4txA/XgGjW0j8H/cBF7S7a3alhJ6SlkfHiyVhuO5jx5ZyJbN/CyyKgd1H3JfTCPd11/ -eyKINWkX2hDuCs2ha87j68cTbUEZK+1Zs/AMqIZoPFlu34PUDf5wxfGxq8aEFo1NLY9E79 -1X6xE/3l7KrHi2d146XnSTJZaX8YQnAAAAwQDSUvbDwbzMu9RQaxo127pySdCkUIfnli/0 -gS+CUBz7yop5Cssk+oMoFZvptpNkm8xHDotLKh/WMBBaI6JK29UN6n+IKWL6NrYdsmWd5w -pVjgqN4bXRgydL+UpsJCUJMiQAgwlj8RLQKAG6BDYU1LV2M457hLnI0hHM5wPnyvwnDhSb -3g8IgVkyxfZT3IpsMtbGZkEOHGyE20pHiOcZGaI/yEboOMKUwAaFgvvVrQmeg+c7mu98e3 -VMececaZKSDokAAAAPcm9vdEBhd3dhbi10ZXN0AQIDBA== ------END OPENSSH PRIVATE KEY----- diff --git a/_ops/awwan-play/mkosi.extra/etc/ssh/ssh_host_rsa_key.pub b/_ops/awwan-play/mkosi.extra/etc/ssh/ssh_host_rsa_key.pub deleted file mode 100644 index 9c58598..0000000 --- a/_ops/awwan-play/mkosi.extra/etc/ssh/ssh_host_rsa_key.pub +++ /dev/null @@ -1 +0,0 @@ -ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDJA8fLYMmUf9DAwgu/XRt/UyYdlAlj508EJGFHPxSdYt50apTJkVjPfdDhWTP6NTEs6g7sflJh6j2JbzBs2g8GD8bsnzJ/2cDGfrxxFdGYzoLlgTxlHgdtUwizSG0+Ad9lUQ0p4NNegdNzLf+vFpJN4E7EGnPM+1oF6siXMMDRq5w8I4+/bZZyUPhwqtygCzPJ5stU+pLeKJ6BV2nhrtwkxobSef4ZyoDYWFafdcLELk+SVefnv6MmFQJrcWbQKRRe7n4Ivm2cN8Ugub9e7vB6XnKRrrL+f7NQATu9CymSXaajaspRAKTlh6/hRESZ8ROec15KBpZP6MUSrGmSFDOy3waXGuuWN/GOeDpny5uLHGnv+9ngElkjusOSe8fTdmDwhgOv1VwUXiSWvrYmDoQrshKoeddu95AVFHA+R6mBq/rSXn5ci5E91/6SiRu/m0dJnqyavLARQhiwk0OQwqFP2eVkemajPg+qC0/97V5GhdmP377x8lBraT+3ASG32t8= root@awwan-test diff --git a/_ops/awwan-play/mkosi.extra/etc/ssh/sshd_config b/_ops/awwan-play/mkosi.extra/etc/ssh/sshd_config deleted file mode 100644 index 2c12987..0000000 --- a/_ops/awwan-play/mkosi.extra/etc/ssh/sshd_config +++ /dev/null @@ -1,117 +0,0 @@ -# Include drop-in configurations -Include /etc/ssh/sshd_config.d/*.conf - -# This is the sshd server system-wide configuration file. See -# sshd_config(5) for more information. - -# This sshd was compiled with PATH=/usr/local/sbin:/usr/local/bin:/usr/bin - -# The strategy used for options in the default sshd_config shipped with -# OpenSSH is to specify options with their default value where -# possible, but leave them commented. Uncommented options override the -# default value. - -Port 20022 -AddressFamily inet -#ListenAddress 0.0.0.0 -#ListenAddress :: - -#HostKey /etc/ssh/ssh_host_rsa_key -#HostKey /etc/ssh/ssh_host_ecdsa_key -#HostKey /etc/ssh/ssh_host_ed25519_key - -# Ciphers and keying -#RekeyLimit default none - -# Logging -#SyslogFacility AUTH -#LogLevel INFO - -# Authentication: - -#LoginGraceTime 2m -#PermitRootLogin prohibit-password -#StrictModes yes -#MaxAuthTries 6 -#MaxSessions 10 - -#PubkeyAuthentication yes - -# The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2 -# but this is overridden so installations will only check .ssh/authorized_keys -AuthorizedKeysFile .ssh/authorized_keys - -#AuthorizedPrincipalsFile none - -#AuthorizedKeysCommand none -#AuthorizedKeysCommandUser nobody - -# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts -#HostbasedAuthentication no -# Change to yes if you don't trust ~/.ssh/known_hosts for -# HostbasedAuthentication -#IgnoreUserKnownHosts no -# Don't read the user's ~/.rhosts and ~/.shosts files -#IgnoreRhosts yes - -# To disable tunneled clear text passwords, change to no here! -#PasswordAuthentication yes -#PermitEmptyPasswords no - -# Change to no to disable s/key passwords -#KbdInteractiveAuthentication yes - -# Kerberos options -#KerberosAuthentication no -#KerberosOrLocalPasswd yes -#KerberosTicketCleanup yes -#KerberosGetAFSToken no - -# GSSAPI options -#GSSAPIAuthentication no -#GSSAPICleanupCredentials yes - -# Set this to 'yes' to enable PAM authentication, account processing, -# and session processing. If this is enabled, PAM authentication will -# be allowed through the KbdInteractiveAuthentication and -# PasswordAuthentication. Depending on your PAM configuration, -# PAM authentication via KbdInteractiveAuthentication may bypass -# the setting of "PermitRootLogin prohibit-password". -# If you just want the PAM account and session checks to run without -# PAM authentication, then enable this but set PasswordAuthentication -# and KbdInteractiveAuthentication to 'no'. -#UsePAM no - -#AllowAgentForwarding yes -#AllowTcpForwarding yes -#GatewayPorts no -#X11Forwarding no -#X11DisplayOffset 10 -#X11UseLocalhost yes -#PermitTTY yes -#PrintMotd yes -#PrintLastLog yes -#TCPKeepAlive yes -#PermitUserEnvironment no -#Compression delayed -#ClientAliveInterval 0 -#ClientAliveCountMax 3 -#UseDNS no -#PidFile /run/sshd.pid -#MaxStartups 10:30:100 -#PermitTunnel no -#ChrootDirectory none -#VersionAddendum none - -# no default banner path -#Banner none - -# override default of no subsystems -Subsystem sftp /usr/lib/ssh/sftp-server - -# Example of overriding settings on a per-user basis -#Match User anoncvs -# X11Forwarding no -# AllowTcpForwarding no -# PermitTTY no -# ForceCommand cvs server diff --git a/_ops/awwan-play/mkosi.extra/etc/sudoers.d/awwan b/_ops/awwan-play/mkosi.extra/etc/sudoers.d/awwan deleted file mode 100644 index 7288bf3..0000000 --- a/_ops/awwan-play/mkosi.extra/etc/sudoers.d/awwan +++ /dev/null @@ -1,6 +0,0 @@ -User_Alias ALLOWED_USER = awwan, awwanssh - -Cmnd_Alias ALLOWED_CMD = /usr/bin/cp, /usr/bin/chown, /usr/bin/chmod, \ - /usr/bin/mv, /usr/bin/rm ^/tmp/[^[:space:]]*$ - -ALLOWED_USER ALL = NOPASSWD: ALLOWED_CMD diff --git a/_ops/awwan-play/mkosi.extra/etc/systemd/system/org-awwan-play.path b/_ops/awwan-play/mkosi.extra/etc/systemd/system/org-awwan-play.path deleted file mode 100644 index 523289f..0000000 --- a/_ops/awwan-play/mkosi.extra/etc/systemd/system/org-awwan-play.path +++ /dev/null @@ -1,9 +0,0 @@ -[Unit] -Description="Watch /usr/local/bin/awwan" - -[Path] -PathChanged=/usr/local/bin/awwan -Unit=systemctl-restart@%p.service - -[Install] -WantedBy=multi-user.target diff --git a/_ops/awwan-play/mkosi.extra/etc/systemd/system/org-awwan-play.service b/_ops/awwan-play/mkosi.extra/etc/systemd/system/org-awwan-play.service deleted file mode 100644 index 1797de0..0000000 --- a/_ops/awwan-play/mkosi.extra/etc/systemd/system/org-awwan-play.service +++ /dev/null @@ -1,14 +0,0 @@ -[Unit] -Description=org-awwan-play -After=network-online.target - -[Service] -User=awwan -WorkingDirectory=/home/awwan/play -ExecStart=/usr/local/bin/awwan -address=0.0.0.0:27600 \ - serve /home/awwan/play -Restart=always -RestartSec=5s - -[Install] -WantedBy=default.target diff --git a/_ops/awwan-play/mkosi.extra/etc/systemd/system/systemctl-restart@.service b/_ops/awwan-play/mkosi.extra/etc/systemd/system/systemctl-restart@.service deleted file mode 100644 index 800316e..0000000 --- a/_ops/awwan-play/mkosi.extra/etc/systemd/system/systemctl-restart@.service +++ /dev/null @@ -1,6 +0,0 @@ -[Unit] -Description=systemctl-restart@%i - -[Service] -Type=oneshot -ExecStart=/bin/systemctl restart %i diff --git a/_ops/awwan-play/mkosi.extra/home/awwan/.ssh/id_ed25519 b/_ops/awwan-play/mkosi.extra/home/awwan/.ssh/id_ed25519 deleted file mode 100644 index b55b87f..0000000 --- a/_ops/awwan-play/mkosi.extra/home/awwan/.ssh/id_ed25519 +++ /dev/null @@ -1,7 +0,0 @@ ------BEGIN OPENSSH PRIVATE KEY----- -b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW -QyNTUxOQAAACCki7C9UqKewWme1AdJTeS+jzoICL8tSkXUvqLNN/aq+QAAAJgeYYttHmGL -bQAAAAtzc2gtZWQyNTUxOQAAACCki7C9UqKewWme1AdJTeS+jzoICL8tSkXUvqLNN/aq+Q -AAAEB1EDYm+eeuejaJJt12dn0ST9VxINRY1v9YslT9cSuEfqSLsL1Sop7BaZ7UB0lN5L6P -OggIvy1KRdS+os039qr5AAAAEGF3d2FuQGF3d2FuLXRlc3QBAgMEBQ== ------END OPENSSH PRIVATE KEY----- diff --git a/_ops/awwan-play/mkosi.extra/home/awwan/.ssh/id_ed25519.pub b/_ops/awwan-play/mkosi.extra/home/awwan/.ssh/id_ed25519.pub deleted file mode 100644 index 6b83dfd..0000000 --- a/_ops/awwan-play/mkosi.extra/home/awwan/.ssh/id_ed25519.pub +++ /dev/null @@ -1 +0,0 @@ -ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKSLsL1Sop7BaZ7UB0lN5L6POggIvy1KRdS+os039qr5 awwan@awwan-test diff --git a/_ops/awwan-play/mkosi.extra/home/awwan/.ssh/known_hosts b/_ops/awwan-play/mkosi.extra/home/awwan/.ssh/known_hosts deleted file mode 100644 index 5611175..0000000 --- a/_ops/awwan-play/mkosi.extra/home/awwan/.ssh/known_hosts +++ /dev/null @@ -1,3 +0,0 @@ -[127.0.0.1]:20022 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGxe4FVnBeKP61bTxOqsMntkCBvjkzk0rZFL32l9l40Q -[127.0.0.1]:20022 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDJA8fLYMmUf9DAwgu/XRt/UyYdlAlj508EJGFHPxSdYt50apTJkVjPfdDhWTP6NTEs6g7sflJh6j2JbzBs2g8GD8bsnzJ/2cDGfrxxFdGYzoLlgTxlHgdtUwizSG0+Ad9lUQ0p4NNegdNzLf+vFpJN4E7EGnPM+1oF6siXMMDRq5w8I4+/bZZyUPhwqtygCzPJ5stU+pLeKJ6BV2nhrtwkxobSef4ZyoDYWFafdcLELk+SVefnv6MmFQJrcWbQKRRe7n4Ivm2cN8Ugub9e7vB6XnKRrrL+f7NQATu9CymSXaajaspRAKTlh6/hRESZ8ROec15KBpZP6MUSrGmSFDOy3waXGuuWN/GOeDpny5uLHGnv+9ngElkjusOSe8fTdmDwhgOv1VwUXiSWvrYmDoQrshKoeddu95AVFHA+R6mBq/rSXn5ci5E91/6SiRu/m0dJnqyavLARQhiwk0OQwqFP2eVkemajPg+qC0/97V5GhdmP377x8lBraT+3ASG32t8= -[127.0.0.1]:20022 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBPtLrSGu6F9rXohCdhzftskMcoGBEMcjboO7cKgwtEYNFkWYUUd1nuvy/m0uyAQvpe/I4tmJTDXDa8CE41zgTYM= diff --git a/_ops/awwan-play/mkosi.extra/home/awwan/play/.gitignore b/_ops/awwan-play/mkosi.extra/home/awwan/play/.gitignore deleted file mode 100644 index 120f485..0000000 --- a/_ops/awwan-play/mkosi.extra/home/awwan/play/.gitignore +++ /dev/null @@ -1,2 +0,0 @@ -* -!/.gitignore diff --git a/_ops/awwan-play/mkosi.extra/home/awwanssh/.ssh/authorized_keys b/_ops/awwan-play/mkosi.extra/home/awwanssh/.ssh/authorized_keys deleted file mode 100644 index 6b83dfd..0000000 --- a/_ops/awwan-play/mkosi.extra/home/awwanssh/.ssh/authorized_keys +++ /dev/null @@ -1 +0,0 @@ -ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKSLsL1Sop7BaZ7UB0lN5L6POggIvy1KRdS+os039qr5 awwan@awwan-test diff --git a/_ops/awwan-play/mkosi.finalize.chroot b/_ops/awwan-play/mkosi.finalize.chroot deleted file mode 100755 index a3db830..0000000 --- a/_ops/awwan-play/mkosi.finalize.chroot +++ /dev/null @@ -1,9 +0,0 @@ -#!/bin/sh - -systemctl enable sshd.service -systemctl enable org-awwan-play.path -systemctl enable org-awwan-play.service - -chmod 0600 /etc/ssh/*_key -chown -R awwan:awwan /home/awwan/ -chown -R awwanssh:awwanssh /home/awwanssh/ diff --git a/_ops/awwan-play/mkosi.nspawn b/_ops/awwan-play/mkosi.nspawn deleted file mode 100644 index 95a301e..0000000 --- a/_ops/awwan-play/mkosi.nspawn +++ /dev/null @@ -1,12 +0,0 @@ -[Exec] -Ephemeral=yes -LinkJournal=no - -[Files] -Bind=/data/awwan/src/_play:/home/awwan/play:idmap -Bind=/data/awwan/src/_bin:/usr/local/bin - -[Network] -Private = yes -VirtualEthernet = yes -Zone = awwan diff --git a/_ops/awwan-play/mkosi.prepare.chroot b/_ops/awwan-play/mkosi.prepare.chroot deleted file mode 100755 index ee0cf8e..0000000 --- a/_ops/awwan-play/mkosi.prepare.chroot +++ /dev/null @@ -1,20 +0,0 @@ -#!/bin/sh - -set -x - -## User testing sudo with password prompt. -## The UID of user in container must equal with UID in host, for -## better compatibility. -## The password is "awwan". - -useradd --create-home --user-group \ - --uid $MKOSI_UID \ - --password '$2a$10$XVhjfOB4Un5DJE4TQEBPrOHfBVGVWP4iA3ElUMzcbJ7jdc2zZPgZ2' \ - awwan - -## User testing with ssh. - -useradd --create-home --user-group --groups wheel \ - --uid $((MKOSI_UID+1)) \ - --password '$2a$10$XVhjfOB4Un5DJE4TQEBPrOHfBVGVWP4iA3ElUMzcbJ7jdc2zZPgZ2' \ - awwanssh diff --git a/_ops/awwan-play/mkosi.skeleton/etc/pacman.conf b/_ops/awwan-play/mkosi.skeleton/etc/pacman.conf deleted file mode 100644 index e288913..0000000 --- a/_ops/awwan-play/mkosi.skeleton/etc/pacman.conf +++ /dev/null @@ -1,101 +0,0 @@ -# -# /etc/pacman.conf -# -# See the pacman.conf(5) manpage for option and repository directives - -# -# GENERAL OPTIONS -# -[options] -# The following paths are commented out with their default values listed. -# If you wish to use different paths, uncomment and update the paths. -#RootDir = / -#DBPath = /var/lib/pacman/ -CacheDir = /home/var/cache/pacman/pkg/ -#LogFile = /var/log/pacman.log -#GPGDir = /etc/pacman.d/gnupg/ -#HookDir = /etc/pacman.d/hooks/ -HoldPkg = pacman glibc -#XferCommand = /usr/bin/curl -L -C - -f -o %o %u -#XferCommand = /usr/bin/wget --passive-ftp -c -O %o %u -CleanMethod = KeepInstalled -Architecture = auto - -# Pacman won't upgrade packages listed in IgnorePkg and members of IgnoreGroup -IgnorePkg = go -#IgnoreGroup = - -#NoUpgrade = -#NoExtract = - -# Misc options -#UseSyslog -#Color -#NoProgressBar -CheckSpace -VerbosePkgLists -#ParallelDownloads = 5 -ILoveCandy - -# By default, pacman accepts packages signed by keys that its local keyring -# trusts (see pacman-key and its man page), as well as unsigned packages. -SigLevel = Required DatabaseOptional -LocalFileSigLevel = Optional -#RemoteFileSigLevel = Required - -# NOTE: You must run `pacman-key --init` before first using pacman; the local -# keyring can then be populated with the keys of all official Arch Linux -# packagers with `pacman-key --populate archlinux`. - -# -# REPOSITORIES -# - can be defined here or included from another file -# - pacman will search repositories in the order defined here -# - local/custom mirrors can be added here or in separate files -# - repositories listed first will take precedence when packages -# have identical names, regardless of version number -# - URLs will have $repo replaced by the name of the current repo -# - URLs will have $arch replaced by the name of the architecture -# -# Repository entries are of the format: -# [repo-name] -# Server = ServerName -# Include = IncludePath -# -# The header [repo-name] is crucial - it must be present and -# uncommented to enable the repo. -# - -# The testing repositories are disabled by default. To enable, uncomment the -# repo name header and Include lines. You can add preferred servers immediately -# after the header, and they will be used before the default mirrors. - -#[core-testing] -#Include = /etc/pacman.d/mirrorlist - -[core] -Server = https://mirror.0x.sg/archlinux/$repo/os/$arch - -#[extra-testing] -#Include = /etc/pacman.d/mirrorlist - -[extra] -Server = https://mirror.0x.sg/archlinux/$repo/os/$arch - -# If you want to run 32 bit applications on your x86_64 system, -# enable the multilib repositories as required here. - -#[multilib-testing] -#Include = /etc/pacman.d/mirrorlist - -#[multilib] -#Include = /etc/pacman.d/mirrorlist - -# An example of a custom package repository. See the pacman manpage for -# tips on creating your own repositories. -#[custom] -#SigLevel = Optional TrustAll -#Server = file:///home/custompkgs - -[build.kilabit.info] -Server = https://build.kilabit.info/aur diff --git a/_ops/awwan-tour/mkosi.conf b/_ops/awwan-tour/mkosi.conf new file mode 100644 index 0000000..2372acb --- /dev/null +++ b/_ops/awwan-tour/mkosi.conf @@ -0,0 +1,12 @@ +[Output] +CacheDirectory=../mkosi.cache/ +Format=tar +Output=awwan-tour +OutputDirectory=/data/awwan/ + +[Content] +Bootable=no +CleanPackageMetadata=false + +[Host] +Incremental=yes diff --git a/_ops/awwan-tour/mkosi.conf.d/archlinux.conf b/_ops/awwan-tour/mkosi.conf.d/archlinux.conf new file mode 100644 index 0000000..34add3f --- /dev/null +++ b/_ops/awwan-tour/mkosi.conf.d/archlinux.conf @@ -0,0 +1,12 @@ +[Match] +Distribution=arch + +[Content] +SkeletonTrees=/var/lib/pacman/sync:/var/lib/pacman/sync +Packages= + systemd + bash + shadow + sudo + openssh + ca-certificates diff --git a/_ops/awwan-tour/mkosi.extra/etc/ssh/ssh_host_ecdsa_key b/_ops/awwan-tour/mkosi.extra/etc/ssh/ssh_host_ecdsa_key new file mode 100644 index 0000000..4c84aa4 --- /dev/null +++ b/_ops/awwan-tour/mkosi.extra/etc/ssh/ssh_host_ecdsa_key @@ -0,0 +1,9 @@ +-----BEGIN OPENSSH PRIVATE KEY----- +b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAaAAAABNlY2RzYS +1zaGEyLW5pc3RwMjU2AAAACG5pc3RwMjU2AAAAQQT7S60hruhfa16IQnYc37bJDHKBgRDH +I26Du3CoMLRGDRZFmFFHdZ7r8v5tLsgEL6XvyOLZiUw1w2vAhONc4E2DAAAAqIaKFjWGih +Y1AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBPtLrSGu6F9rXohC +dhzftskMcoGBEMcjboO7cKgwtEYNFkWYUUd1nuvy/m0uyAQvpe/I4tmJTDXDa8CE41zgTY +MAAAAhAP84kEfvH5BsCNq+N+5R5NZxfIyzm+Utyq/cE3kQLBDLAAAAD3Jvb3RAYXd3YW4t +dGVzdA== +-----END OPENSSH PRIVATE KEY----- diff --git a/_ops/awwan-tour/mkosi.extra/etc/ssh/ssh_host_ecdsa_key.pub b/_ops/awwan-tour/mkosi.extra/etc/ssh/ssh_host_ecdsa_key.pub new file mode 100644 index 0000000..268f2e6 --- /dev/null +++ b/_ops/awwan-tour/mkosi.extra/etc/ssh/ssh_host_ecdsa_key.pub @@ -0,0 +1 @@ +ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBPtLrSGu6F9rXohCdhzftskMcoGBEMcjboO7cKgwtEYNFkWYUUd1nuvy/m0uyAQvpe/I4tmJTDXDa8CE41zgTYM= root@awwan-test diff --git a/_ops/awwan-tour/mkosi.extra/etc/ssh/ssh_host_ed25519_key b/_ops/awwan-tour/mkosi.extra/etc/ssh/ssh_host_ed25519_key new file mode 100644 index 0000000..5613dbc --- /dev/null +++ b/_ops/awwan-tour/mkosi.extra/etc/ssh/ssh_host_ed25519_key @@ -0,0 +1,7 @@ +-----BEGIN OPENSSH PRIVATE KEY----- +b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW +QyNTUxOQAAACBsXuBVZwXij+tW08TqrDJ7ZAgb45M5NK2RS99pfZeNEAAAAJiq/vlwqv75 +cAAAAAtzc2gtZWQyNTUxOQAAACBsXuBVZwXij+tW08TqrDJ7ZAgb45M5NK2RS99pfZeNEA +AAAECQJtEe3tM08NBhUIP03r+vDQ7vTkQA0uqF4KbS6Thhamxe4FVnBeKP61bTxOqsMntk +CBvjkzk0rZFL32l9l40QAAAAD3Jvb3RAYXd3YW4tdGVzdAECAwQFBg== +-----END OPENSSH PRIVATE KEY----- diff --git a/_ops/awwan-tour/mkosi.extra/etc/ssh/ssh_host_ed25519_key.pub b/_ops/awwan-tour/mkosi.extra/etc/ssh/ssh_host_ed25519_key.pub new file mode 100644 index 0000000..4b588a3 --- /dev/null +++ b/_ops/awwan-tour/mkosi.extra/etc/ssh/ssh_host_ed25519_key.pub @@ -0,0 +1 @@ +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGxe4FVnBeKP61bTxOqsMntkCBvjkzk0rZFL32l9l40Q root@awwan-test diff --git a/_ops/awwan-tour/mkosi.extra/etc/ssh/ssh_host_rsa_key b/_ops/awwan-tour/mkosi.extra/etc/ssh/ssh_host_rsa_key new file mode 100644 index 0000000..3cd073e --- /dev/null +++ b/_ops/awwan-tour/mkosi.extra/etc/ssh/ssh_host_rsa_key @@ -0,0 +1,38 @@ +-----BEGIN OPENSSH PRIVATE KEY----- +b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAABlwAAAAdzc2gtcn +NhAAAAAwEAAQAAAYEAyQPHy2DJlH/QwMILv10bf1MmHZQJY+dPBCRhRz8UnWLedGqUyZFY +z33Q4Vkz+jUxLOoO7H5SYeo9iW8wbNoPBg/G7J8yf9nAxn68cRXRmM6C5YE8ZR4HbVMIs0 +htPgHfZVENKeDTXoHTcy3/rxaSTeBOxBpzzPtaBerIlzDA0aucPCOPv22WclD4cKrcoAsz +yebLVPqS3iiegVdp4a7cJMaG0nn+GcqA2FhWn3XCxC5PklXn57+jJhUCa3Fm0CkUXu5+CL +5tnDfFILm/Xu7wel5yka6y/n+zUAE7vQspkl2mo2rKUQCk5Yev4UREmfETnnNeSgaWT+jF +EqxpkhQzst8Glxrrljfxjng6Z8ubixxp7/vZ4BJZI7rDknvH03Zg8IYDr9VcFF4klr62Jg +6EK7ISqHnXbveQFRRwPkepgav60l5+XIuRPdf+kokbv5tHSZ6smrywEUIYsJNDkMKhT9nl +ZHpmoz4PqgtP/e1eRoXZj9++8fJQa2k/twEht9rfAAAFiDtmriw7Zq4sAAAAB3NzaC1yc2 +EAAAGBAMkDx8tgyZR/0MDCC79dG39TJh2UCWPnTwQkYUc/FJ1i3nRqlMmRWM990OFZM/o1 +MSzqDux+UmHqPYlvMGzaDwYPxuyfMn/ZwMZ+vHEV0ZjOguWBPGUeB21TCLNIbT4B32VRDS +ng016B03Mt/68Wkk3gTsQac8z7WgXqyJcwwNGrnDwjj79tlnJQ+HCq3KALM8nmy1T6kt4o +noFXaeGu3CTGhtJ5/hnKgNhYVp91wsQuT5JV5+e/oyYVAmtxZtApFF7ufgi+bZw3xSC5v1 +7u8HpecpGusv5/s1ABO70LKZJdpqNqylEApOWHr+FERJnxE55zXkoGlk/oxRKsaZIUM7Lf +Bpca65Y38Y54OmfLm4scae/72eASWSO6w5J7x9N2YPCGA6/VXBReJJa+tiYOhCuyEqh512 +73kBUUcD5HqYGr+tJeflyLkT3X/pKJG7+bR0merJq8sBFCGLCTQ5DCoU/Z5WR6ZqM+D6oL +T/3tXkaF2Y/fvvHyUGtpP7cBIbfa3wAAAAMBAAEAAAGAMxcb48wwz+aAl016kOPIRl9K07 ++5d0PmKGZatzIIOkxTwAEK2gRwLySKP4xdkp2MZx8CNgeRRsOzakfxZekyYlcGN0PrIOWm +gozZtmBWSmFKkax8PjMYriepkW+6HEV7kxO7pcY30tBqft7VGppBCzwUqPEUN6g25EQdQZ +gpmeDlL7/WHFBtKZb83h3/P0o5mnpneazKQV7Pko42Ih9AYrR2te49sC5w+wvQ0Gys2RHw +NYBSFev2Ooqid8511DhsOmPd25YlzetPxl9pkf5W1uD+QJHOhT2Y6Yx1zkrgX2kfZpWrig +49FgcAFqBcOpuECGFqeXBW1RlRVgrML0RfgKTeOorjOkjAqUqudjgtFqW8jxgsF7zAzDqp +HdfFA7EHMwLZ5cqIh2PqrZ9Sip87MGlX5gOoNsRk6LYvxwPXtyB3K5FenlxaZSYibYBeUd +DWiFIwV2n5SgvSl+t6t0ughvoztl/UqQzmn4BJ5f8eaHVocdSFEagOy30wzji1m/sxAAAA +wHHzn9Y72W+M8xB+wYsFOY/qtsLoiis6o422MhTDFdVtHjDkuV+uwtgm9Dq3ZDvLlvFrTn +AgbyQFmqvVOn6SWZtspnZhAYLFfGhzlAHU05asCyx2u0pB6FLZDHEiUc+F22CXs8vRvBU2 +Du9U/ULMdCkP2Bu1PJN/b98DkyfpErtG/EhUmoPR6GR+Ulpdg+c6KcothUi9rEIu83Hmg0 +sG7OeqcBqOtj5jgifARnHmiS4e1eUfIMSjkO5jfWw4xwvZiAAAAMEA9KtDKbEZr9pnGQPA +2VeuoMnoJ4271UzqufuIE2/uWmXSG3NgBAWnNwcby6cpJdhdnM7u9C7CWFaB3Ay/cGZ64H +U6k4txA/XgGjW0j8H/cBF7S7a3alhJ6SlkfHiyVhuO5jx5ZyJbN/CyyKgd1H3JfTCPd11/ +eyKINWkX2hDuCs2ha87j68cTbUEZK+1Zs/AMqIZoPFlu34PUDf5wxfGxq8aEFo1NLY9E79 +1X6xE/3l7KrHi2d146XnSTJZaX8YQnAAAAwQDSUvbDwbzMu9RQaxo127pySdCkUIfnli/0 +gS+CUBz7yop5Cssk+oMoFZvptpNkm8xHDotLKh/WMBBaI6JK29UN6n+IKWL6NrYdsmWd5w +pVjgqN4bXRgydL+UpsJCUJMiQAgwlj8RLQKAG6BDYU1LV2M457hLnI0hHM5wPnyvwnDhSb +3g8IgVkyxfZT3IpsMtbGZkEOHGyE20pHiOcZGaI/yEboOMKUwAaFgvvVrQmeg+c7mu98e3 +VMececaZKSDokAAAAPcm9vdEBhd3dhbi10ZXN0AQIDBA== +-----END OPENSSH PRIVATE KEY----- diff --git a/_ops/awwan-tour/mkosi.extra/etc/ssh/ssh_host_rsa_key.pub b/_ops/awwan-tour/mkosi.extra/etc/ssh/ssh_host_rsa_key.pub new file mode 100644 index 0000000..9c58598 --- /dev/null +++ b/_ops/awwan-tour/mkosi.extra/etc/ssh/ssh_host_rsa_key.pub @@ -0,0 +1 @@ +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDJA8fLYMmUf9DAwgu/XRt/UyYdlAlj508EJGFHPxSdYt50apTJkVjPfdDhWTP6NTEs6g7sflJh6j2JbzBs2g8GD8bsnzJ/2cDGfrxxFdGYzoLlgTxlHgdtUwizSG0+Ad9lUQ0p4NNegdNzLf+vFpJN4E7EGnPM+1oF6siXMMDRq5w8I4+/bZZyUPhwqtygCzPJ5stU+pLeKJ6BV2nhrtwkxobSef4ZyoDYWFafdcLELk+SVefnv6MmFQJrcWbQKRRe7n4Ivm2cN8Ugub9e7vB6XnKRrrL+f7NQATu9CymSXaajaspRAKTlh6/hRESZ8ROec15KBpZP6MUSrGmSFDOy3waXGuuWN/GOeDpny5uLHGnv+9ngElkjusOSe8fTdmDwhgOv1VwUXiSWvrYmDoQrshKoeddu95AVFHA+R6mBq/rSXn5ci5E91/6SiRu/m0dJnqyavLARQhiwk0OQwqFP2eVkemajPg+qC0/97V5GhdmP377x8lBraT+3ASG32t8= root@awwan-test diff --git a/_ops/awwan-tour/mkosi.extra/etc/ssh/sshd_config b/_ops/awwan-tour/mkosi.extra/etc/ssh/sshd_config new file mode 100644 index 0000000..2c12987 --- /dev/null +++ b/_ops/awwan-tour/mkosi.extra/etc/ssh/sshd_config @@ -0,0 +1,117 @@ +# Include drop-in configurations +Include /etc/ssh/sshd_config.d/*.conf + +# This is the sshd server system-wide configuration file. See +# sshd_config(5) for more information. + +# This sshd was compiled with PATH=/usr/local/sbin:/usr/local/bin:/usr/bin + +# The strategy used for options in the default sshd_config shipped with +# OpenSSH is to specify options with their default value where +# possible, but leave them commented. Uncommented options override the +# default value. + +Port 20022 +AddressFamily inet +#ListenAddress 0.0.0.0 +#ListenAddress :: + +#HostKey /etc/ssh/ssh_host_rsa_key +#HostKey /etc/ssh/ssh_host_ecdsa_key +#HostKey /etc/ssh/ssh_host_ed25519_key + +# Ciphers and keying +#RekeyLimit default none + +# Logging +#SyslogFacility AUTH +#LogLevel INFO + +# Authentication: + +#LoginGraceTime 2m +#PermitRootLogin prohibit-password +#StrictModes yes +#MaxAuthTries 6 +#MaxSessions 10 + +#PubkeyAuthentication yes + +# The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2 +# but this is overridden so installations will only check .ssh/authorized_keys +AuthorizedKeysFile .ssh/authorized_keys + +#AuthorizedPrincipalsFile none + +#AuthorizedKeysCommand none +#AuthorizedKeysCommandUser nobody + +# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts +#HostbasedAuthentication no +# Change to yes if you don't trust ~/.ssh/known_hosts for +# HostbasedAuthentication +#IgnoreUserKnownHosts no +# Don't read the user's ~/.rhosts and ~/.shosts files +#IgnoreRhosts yes + +# To disable tunneled clear text passwords, change to no here! +#PasswordAuthentication yes +#PermitEmptyPasswords no + +# Change to no to disable s/key passwords +#KbdInteractiveAuthentication yes + +# Kerberos options +#KerberosAuthentication no +#KerberosOrLocalPasswd yes +#KerberosTicketCleanup yes +#KerberosGetAFSToken no + +# GSSAPI options +#GSSAPIAuthentication no +#GSSAPICleanupCredentials yes + +# Set this to 'yes' to enable PAM authentication, account processing, +# and session processing. If this is enabled, PAM authentication will +# be allowed through the KbdInteractiveAuthentication and +# PasswordAuthentication. Depending on your PAM configuration, +# PAM authentication via KbdInteractiveAuthentication may bypass +# the setting of "PermitRootLogin prohibit-password". +# If you just want the PAM account and session checks to run without +# PAM authentication, then enable this but set PasswordAuthentication +# and KbdInteractiveAuthentication to 'no'. +#UsePAM no + +#AllowAgentForwarding yes +#AllowTcpForwarding yes +#GatewayPorts no +#X11Forwarding no +#X11DisplayOffset 10 +#X11UseLocalhost yes +#PermitTTY yes +#PrintMotd yes +#PrintLastLog yes +#TCPKeepAlive yes +#PermitUserEnvironment no +#Compression delayed +#ClientAliveInterval 0 +#ClientAliveCountMax 3 +#UseDNS no +#PidFile /run/sshd.pid +#MaxStartups 10:30:100 +#PermitTunnel no +#ChrootDirectory none +#VersionAddendum none + +# no default banner path +#Banner none + +# override default of no subsystems +Subsystem sftp /usr/lib/ssh/sftp-server + +# Example of overriding settings on a per-user basis +#Match User anoncvs +# X11Forwarding no +# AllowTcpForwarding no +# PermitTTY no +# ForceCommand cvs server diff --git a/_ops/awwan-tour/mkosi.extra/etc/sudoers.d/awwan b/_ops/awwan-tour/mkosi.extra/etc/sudoers.d/awwan new file mode 100644 index 0000000..7288bf3 --- /dev/null +++ b/_ops/awwan-tour/mkosi.extra/etc/sudoers.d/awwan @@ -0,0 +1,6 @@ +User_Alias ALLOWED_USER = awwan, awwanssh + +Cmnd_Alias ALLOWED_CMD = /usr/bin/cp, /usr/bin/chown, /usr/bin/chmod, \ + /usr/bin/mv, /usr/bin/rm ^/tmp/[^[:space:]]*$ + +ALLOWED_USER ALL = NOPASSWD: ALLOWED_CMD diff --git a/_ops/awwan-tour/mkosi.extra/etc/systemd/system/org-awwan-tour.path b/_ops/awwan-tour/mkosi.extra/etc/systemd/system/org-awwan-tour.path new file mode 100644 index 0000000..523289f --- /dev/null +++ b/_ops/awwan-tour/mkosi.extra/etc/systemd/system/org-awwan-tour.path @@ -0,0 +1,9 @@ +[Unit] +Description="Watch /usr/local/bin/awwan" + +[Path] +PathChanged=/usr/local/bin/awwan +Unit=systemctl-restart@%p.service + +[Install] +WantedBy=multi-user.target diff --git a/_ops/awwan-tour/mkosi.extra/etc/systemd/system/org-awwan-tour.service b/_ops/awwan-tour/mkosi.extra/etc/systemd/system/org-awwan-tour.service new file mode 100644 index 0000000..052a68c --- /dev/null +++ b/_ops/awwan-tour/mkosi.extra/etc/systemd/system/org-awwan-tour.service @@ -0,0 +1,14 @@ +[Unit] +Description=org-awwan-tour +After=network-online.target + +[Service] +User=awwan +WorkingDirectory=/home/awwan/tour +ExecStart=/usr/local/bin/awwan -address=0.0.0.0:27600 \ + serve /home/awwan/tour +Restart=always +RestartSec=5s + +[Install] +WantedBy=default.target diff --git a/_ops/awwan-tour/mkosi.extra/etc/systemd/system/systemctl-restart@.service b/_ops/awwan-tour/mkosi.extra/etc/systemd/system/systemctl-restart@.service new file mode 100644 index 0000000..800316e --- /dev/null +++ b/_ops/awwan-tour/mkosi.extra/etc/systemd/system/systemctl-restart@.service @@ -0,0 +1,6 @@ +[Unit] +Description=systemctl-restart@%i + +[Service] +Type=oneshot +ExecStart=/bin/systemctl restart %i diff --git a/_ops/awwan-tour/mkosi.extra/home/awwan/.ssh/id_ed25519 b/_ops/awwan-tour/mkosi.extra/home/awwan/.ssh/id_ed25519 new file mode 100644 index 0000000..b55b87f --- /dev/null +++ b/_ops/awwan-tour/mkosi.extra/home/awwan/.ssh/id_ed25519 @@ -0,0 +1,7 @@ +-----BEGIN OPENSSH PRIVATE KEY----- +b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW +QyNTUxOQAAACCki7C9UqKewWme1AdJTeS+jzoICL8tSkXUvqLNN/aq+QAAAJgeYYttHmGL +bQAAAAtzc2gtZWQyNTUxOQAAACCki7C9UqKewWme1AdJTeS+jzoICL8tSkXUvqLNN/aq+Q +AAAEB1EDYm+eeuejaJJt12dn0ST9VxINRY1v9YslT9cSuEfqSLsL1Sop7BaZ7UB0lN5L6P +OggIvy1KRdS+os039qr5AAAAEGF3d2FuQGF3d2FuLXRlc3QBAgMEBQ== +-----END OPENSSH PRIVATE KEY----- diff --git a/_ops/awwan-tour/mkosi.extra/home/awwan/.ssh/id_ed25519.pub b/_ops/awwan-tour/mkosi.extra/home/awwan/.ssh/id_ed25519.pub new file mode 100644 index 0000000..6b83dfd --- /dev/null +++ b/_ops/awwan-tour/mkosi.extra/home/awwan/.ssh/id_ed25519.pub @@ -0,0 +1 @@ +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKSLsL1Sop7BaZ7UB0lN5L6POggIvy1KRdS+os039qr5 awwan@awwan-test diff --git a/_ops/awwan-tour/mkosi.extra/home/awwan/.ssh/known_hosts b/_ops/awwan-tour/mkosi.extra/home/awwan/.ssh/known_hosts new file mode 100644 index 0000000..5611175 --- /dev/null +++ b/_ops/awwan-tour/mkosi.extra/home/awwan/.ssh/known_hosts @@ -0,0 +1,3 @@ +[127.0.0.1]:20022 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGxe4FVnBeKP61bTxOqsMntkCBvjkzk0rZFL32l9l40Q +[127.0.0.1]:20022 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDJA8fLYMmUf9DAwgu/XRt/UyYdlAlj508EJGFHPxSdYt50apTJkVjPfdDhWTP6NTEs6g7sflJh6j2JbzBs2g8GD8bsnzJ/2cDGfrxxFdGYzoLlgTxlHgdtUwizSG0+Ad9lUQ0p4NNegdNzLf+vFpJN4E7EGnPM+1oF6siXMMDRq5w8I4+/bZZyUPhwqtygCzPJ5stU+pLeKJ6BV2nhrtwkxobSef4ZyoDYWFafdcLELk+SVefnv6MmFQJrcWbQKRRe7n4Ivm2cN8Ugub9e7vB6XnKRrrL+f7NQATu9CymSXaajaspRAKTlh6/hRESZ8ROec15KBpZP6MUSrGmSFDOy3waXGuuWN/GOeDpny5uLHGnv+9ngElkjusOSe8fTdmDwhgOv1VwUXiSWvrYmDoQrshKoeddu95AVFHA+R6mBq/rSXn5ci5E91/6SiRu/m0dJnqyavLARQhiwk0OQwqFP2eVkemajPg+qC0/97V5GhdmP377x8lBraT+3ASG32t8= +[127.0.0.1]:20022 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBPtLrSGu6F9rXohCdhzftskMcoGBEMcjboO7cKgwtEYNFkWYUUd1nuvy/m0uyAQvpe/I4tmJTDXDa8CE41zgTYM= diff --git a/_ops/awwan-tour/mkosi.extra/home/awwan/tour/.gitignore b/_ops/awwan-tour/mkosi.extra/home/awwan/tour/.gitignore new file mode 100644 index 0000000..120f485 --- /dev/null +++ b/_ops/awwan-tour/mkosi.extra/home/awwan/tour/.gitignore @@ -0,0 +1,2 @@ +* +!/.gitignore diff --git a/_ops/awwan-tour/mkosi.extra/home/awwanssh/.ssh/authorized_keys b/_ops/awwan-tour/mkosi.extra/home/awwanssh/.ssh/authorized_keys new file mode 100644 index 0000000..6b83dfd --- /dev/null +++ b/_ops/awwan-tour/mkosi.extra/home/awwanssh/.ssh/authorized_keys @@ -0,0 +1 @@ +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKSLsL1Sop7BaZ7UB0lN5L6POggIvy1KRdS+os039qr5 awwan@awwan-test diff --git a/_ops/awwan-tour/mkosi.finalize.chroot b/_ops/awwan-tour/mkosi.finalize.chroot new file mode 100755 index 0000000..ed11077 --- /dev/null +++ b/_ops/awwan-tour/mkosi.finalize.chroot @@ -0,0 +1,9 @@ +#!/bin/sh + +systemctl enable sshd.service +systemctl enable org-awwan-tour.path +systemctl enable org-awwan-tour.service + +chmod 0600 /etc/ssh/*_key +chown -R awwan:awwan /home/awwan/ +chown -R awwanssh:awwanssh /home/awwanssh/ diff --git a/_ops/awwan-tour/mkosi.nspawn b/_ops/awwan-tour/mkosi.nspawn new file mode 100644 index 0000000..b542102 --- /dev/null +++ b/_ops/awwan-tour/mkosi.nspawn @@ -0,0 +1,12 @@ +[Exec] +Ephemeral=yes +LinkJournal=no + +[Files] +Bind=/data/awwan/src/_tour:/home/awwan/tour:idmap +Bind=/data/awwan/src/_bin:/usr/local/bin + +[Network] +Private = yes +VirtualEthernet = yes +Zone = awwan diff --git a/_ops/awwan-tour/mkosi.prepare.chroot b/_ops/awwan-tour/mkosi.prepare.chroot new file mode 100755 index 0000000..ee0cf8e --- /dev/null +++ b/_ops/awwan-tour/mkosi.prepare.chroot @@ -0,0 +1,20 @@ +#!/bin/sh + +set -x + +## User testing sudo with password prompt. +## The UID of user in container must equal with UID in host, for +## better compatibility. +## The password is "awwan". + +useradd --create-home --user-group \ + --uid $MKOSI_UID \ + --password '$2a$10$XVhjfOB4Un5DJE4TQEBPrOHfBVGVWP4iA3ElUMzcbJ7jdc2zZPgZ2' \ + awwan + +## User testing with ssh. + +useradd --create-home --user-group --groups wheel \ + --uid $((MKOSI_UID+1)) \ + --password '$2a$10$XVhjfOB4Un5DJE4TQEBPrOHfBVGVWP4iA3ElUMzcbJ7jdc2zZPgZ2' \ + awwanssh diff --git a/_ops/awwan-tour/mkosi.skeleton/etc/pacman.conf b/_ops/awwan-tour/mkosi.skeleton/etc/pacman.conf new file mode 100644 index 0000000..e288913 --- /dev/null +++ b/_ops/awwan-tour/mkosi.skeleton/etc/pacman.conf @@ -0,0 +1,101 @@ +# +# /etc/pacman.conf +# +# See the pacman.conf(5) manpage for option and repository directives + +# +# GENERAL OPTIONS +# +[options] +# The following paths are commented out with their default values listed. +# If you wish to use different paths, uncomment and update the paths. +#RootDir = / +#DBPath = /var/lib/pacman/ +CacheDir = /home/var/cache/pacman/pkg/ +#LogFile = /var/log/pacman.log +#GPGDir = /etc/pacman.d/gnupg/ +#HookDir = /etc/pacman.d/hooks/ +HoldPkg = pacman glibc +#XferCommand = /usr/bin/curl -L -C - -f -o %o %u +#XferCommand = /usr/bin/wget --passive-ftp -c -O %o %u +CleanMethod = KeepInstalled +Architecture = auto + +# Pacman won't upgrade packages listed in IgnorePkg and members of IgnoreGroup +IgnorePkg = go +#IgnoreGroup = + +#NoUpgrade = +#NoExtract = + +# Misc options +#UseSyslog +#Color +#NoProgressBar +CheckSpace +VerbosePkgLists +#ParallelDownloads = 5 +ILoveCandy + +# By default, pacman accepts packages signed by keys that its local keyring +# trusts (see pacman-key and its man page), as well as unsigned packages. +SigLevel = Required DatabaseOptional +LocalFileSigLevel = Optional +#RemoteFileSigLevel = Required + +# NOTE: You must run `pacman-key --init` before first using pacman; the local +# keyring can then be populated with the keys of all official Arch Linux +# packagers with `pacman-key --populate archlinux`. + +# +# REPOSITORIES +# - can be defined here or included from another file +# - pacman will search repositories in the order defined here +# - local/custom mirrors can be added here or in separate files +# - repositories listed first will take precedence when packages +# have identical names, regardless of version number +# - URLs will have $repo replaced by the name of the current repo +# - URLs will have $arch replaced by the name of the architecture +# +# Repository entries are of the format: +# [repo-name] +# Server = ServerName +# Include = IncludePath +# +# The header [repo-name] is crucial - it must be present and +# uncommented to enable the repo. +# + +# The testing repositories are disabled by default. To enable, uncomment the +# repo name header and Include lines. You can add preferred servers immediately +# after the header, and they will be used before the default mirrors. + +#[core-testing] +#Include = /etc/pacman.d/mirrorlist + +[core] +Server = https://mirror.0x.sg/archlinux/$repo/os/$arch + +#[extra-testing] +#Include = /etc/pacman.d/mirrorlist + +[extra] +Server = https://mirror.0x.sg/archlinux/$repo/os/$arch + +# If you want to run 32 bit applications on your x86_64 system, +# enable the multilib repositories as required here. + +#[multilib-testing] +#Include = /etc/pacman.d/mirrorlist + +#[multilib] +#Include = /etc/pacman.d/mirrorlist + +# An example of a custom package repository. See the pacman manpage for +# tips on creating your own repositories. +#[custom] +#SigLevel = Optional TrustAll +#Server = file:///home/custompkgs + +[build.kilabit.info] +Server = https://build.kilabit.info/aur diff --git a/_play/.awwan.env b/_play/.awwan.env deleted file mode 100644 index 66b8f20..0000000 --- a/_play/.awwan.env +++ /dev/null @@ -1,2 +0,0 @@ -[user "awwan"] -pass = s3cret diff --git a/_play/.awwan.env.vault b/_play/.awwan.env.vault deleted file mode 100644 index 15fb80b..0000000 Binary files a/_play/.awwan.env.vault and /dev/null differ diff --git a/_play/.gitignore b/_play/.gitignore deleted file mode 100644 index 12f8d5f..0000000 --- a/_play/.gitignore +++ /dev/null @@ -1,7 +0,0 @@ -/.cache -/app.conf -/get_shadow.txt -/remotehost/app.conf -/remotehost/put_secret.txt -/remotehost/put_source.txt -/secret.txt.vault diff --git a/_play/.ssh/awwan.key b/_play/.ssh/awwan.key deleted file mode 100644 index 7ff257d..0000000 --- a/_play/.ssh/awwan.key +++ /dev/null @@ -1,39 +0,0 @@ ------BEGIN OPENSSH PRIVATE KEY----- -b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABDr7w6Hh7 -Pi0EVk8uC3xWu/AAAAGAAAAAEAAAGXAAAAB3NzaC1yc2EAAAADAQABAAABgQDselAAd35c -/jQLWwXm4U97fiA0PZSIIaeJAJesztTwY4J/Tl8ArjyGq6HgYV/UV652Web7Kpt+YaEF2E -KQpF+O0c2U93cMi0ldEWm67LQIP/NfUPtp/YqJVi5ePtHx6d78zMle31Fg/vp4dt90bCSV -23Sn2i52vorNdp4hr1RW6qTBwcjlkRx++mEwQK7ILdTs7q30RRj/HVq4tJ3YR/Gp04aHkn -UvMn7E3vp3xDEBE8MoSC6capckdVRYwCQPvOrluGU3f3GjmkkW7KzvYAMNqWlFdUMLWigW -LjndIIVAB9EmqMdQxPdLYbRwGbrxzTYKhf/P12yP3s8vbvt2qygCf1WjDttrPY/Bn6NZ/g -jKprznjVeV/MIdPkJwHo+L82BK8bNMpUvPg/lPJkmg1MmDmXxPvqC9DwIK/cGR1DsatXB7 -ZZ1JoQ6wN5Tqsh6Y+SAHHrya2N3jawQnC8aA1yYAGfrScBnC0QMHkk4n5jOvAf5LfON6lq -TrGNFl3jlSrdEAAAWAK4EimrLGSmKtVzJWZay2zUq4880IwAZB8acg0XVZfIFz2DLpulbA -PiIt6+5B4yhMSr2bH6xHx7QSBeEy9AXdi/0IVR/3fI/dpLH6DsBDrsxLMUT/DLjaWm9fdq -4BQnEWXdT0jW7BoGw2ghrsGXtRpw/9Bz4ce3dGqt0AZbIQZ1q8/+m2wZC6hSB2UdxgBWQA -suVlHL28YEAvKcIKc63quWF1NEc/ZxruX7CsBOdZZUeg8ijvzDBdhLaz9XcBkd5ZT18oRj -e5RyCzSwLy7Yv1ZG4065QiIR4eYcg8c7rT2TcdMWfTyqowjoNRIrxoBpdQhBNEsw2sFJ0m -4WRt9GBtrkzExBaFfni3seda9rAgLisfa9BIyErQnBtRPpYLKb1VGCeTfZiUsuCo2O5hDK -EESvayxK1mfjL5l2cv60EBidhzkGM1ThA2WdkjAV7Ge2NDTwVvf7DqrWsJ45UzkXH1mnlf -F68TjHUEGPnAYMmi4CtsQuacy9A13908VaykVO0s1dnO4zqyak8yA5auDzY/6pQRiWEj5T -GIAJuEcjSiHi7N9deuqynVFtuchJN9xBNNznu6SD3zYy+c13/p0oPpjzgscJLcjcA4qtOk -42OifMHvIQFe8ul6PPiXz+P8sRUijUIldHNNrAZNJK3T6IfhNOG7qWu23XZRtXeropK6Q3 -x8HIcc92/DT43OhuRrZVzORNiI0Ff+8lnLsDIjAbYCfqjQkdyxXI9rmcBS+o0GyL3OyDna -IJavT4KRZbds/kG6tH+78Pda6a9PKDTjW0od7ovveJBSq7mcs4azSSpF73Jj1JHE5MIEe7 -D5KcETgV90C5VqUeI/HAQRVNtJWQNaWre4uRYXRxN05EXcog7oFvAmeVvsoN2V26XU9ZAy -i1icys0qkmAn4UdEjpe/Ifgxf6UPpIUnsjjGudnFq/VFzmPncDziZzCdiwjXOLPnyTiohf -mW5orkyIyOFbX7iBlj6PhUyDyX3HdVFBznm/z9qByv1DMP2lpMqq2LhzNirmGsj332NNBa -Lh9XyAyxUD8VFOnj7Q3AWw7f8cH6BA59qEF3Mm302Y8b9ajtpm98wsktPnDB1sAxWFagge -EaDSoM2eAgPKA3VoKGv42YogyOvHnwedUkbiB1yBt1FXzBQxthnjy+qSvC46n2nIFgro3V -Avfy8eLylwS9BQKq4n79cw/rWQV3XP8E/NMWuYJzAOXcRJzgT1AJYAMhTzfssC7x+ZsgJV -MYYFBgH0flCMxe8/dmg5XDJnfrP8fgm0KwHrq1vrscNmrissGxmfpD5lxLPnIHGN+MmHO9 -gVjLWAHnRIHVH78quA9f2HJDDSyX+dOKuDpK3pURnMt3wtN33WfnGM7NrAyWGboTt9Ra8X -WXt2BO8fdB+z8yLMEkLRg9VTPKlvWXShjQSFSciA/m8/vUmpH85dadlhDDpKQoDxwX/fcy -ftqGAZyWenAw+C1N8jy63lIBNGZShE/+5Ohd+tOTRoPeqT0lZJWHly0teeOjR8jhB15Kj+ -a6rHm1ezj8RiDfpiXtpvbW7QPGhGyT2z7MtUOqgwTFfvYkFW9TR9y4B0uZzJ4KWo5zbeof -GZkeHF+wkvh+dp3AdNnurcxfYvhXimUgaebpE+ltVaHk/1WFUmiPOyH8hdOFr56/1B9EOV -wqC0q3JvP33XGzkRFGs3Yig+CDSsGmN3HKp3AxGmY++kC+VVQeDyBvJLS4jth0CwNdJvsr -7HtARoaGx6+fMUv1CKQlwAS3axJNGRGK7MiSUmNBIWA8XDpOOKSmwZRjnn+fIGgRqKQST2 -YCy+2vetljVOWioQMju/cuQ7TwkLqsF2wfTZ/1rljUYFFmRfbUeXySN5MdQWpXseBl5kRW -ovQk9w== ------END OPENSSH PRIVATE KEY----- diff --git a/_play/.ssh/awwan.pass b/_play/.ssh/awwan.pass deleted file mode 100644 index 55b8390..0000000 --- a/_play/.ssh/awwan.pass +++ /dev/null @@ -1 +0,0 @@ -s3cret \ No newline at end of file diff --git a/_play/.ssh/config b/_play/.ssh/config deleted file mode 100644 index fba1de1..0000000 --- a/_play/.ssh/config +++ /dev/null @@ -1,6 +0,0 @@ -## This is an example of remote host to execute awwan command using "play". -Host remotehost - Hostname 127.0.0.1 - Port 20022 - User awwanssh - IdentityFile ~/.ssh/id_ed25519 diff --git a/_play/.vimrc b/_play/.vimrc deleted file mode 100644 index 0b527fd..0000000 --- a/_play/.vimrc +++ /dev/null @@ -1,3 +0,0 @@ -set expandtab -set tabstop=2 -set shiftwidth=2 diff --git a/_play/00_README.txt b/_play/00_README.txt deleted file mode 100644 index 48d6ee6..0000000 --- a/_play/00_README.txt +++ /dev/null @@ -1,68 +0,0 @@ -= Welcome to awwan - -This is an example of awwan workspace. -The awwan workspace is indicated by ".ssh" directory, as you can see in the -list of file in the left. - -In awwan, every file is a script, including this file. -As long as the line is a valid shell command it can execute it. - -Lets try. - -echo "Hello world" > {{.ScriptDir}}/output - -In the input "Execute line" below, set its value to "12" and click on the -"Local" button. -You should see output like these, - - 2023/11/29 15:45:08 --> 12: echo "Hello world" > /home/awwan/workspace/output - -The same line can be executed in terminal using awwan CLI with following -command, - -awwan local README.txt 12 - -Click on the directory path "/" on the left top (above ".ssh"), to refresh -the content of directory. -You should see a new file "output" (and "README.txt.log") in the list after -executing above line. -You ca click on the file "output" to see its content. - -That's it! - -We provides an example files to follow along, that explain each command and -feature in the awwan. - -01_local.aww - Tutorial on "local" command, to execute command in local -machine using shell. - -02_script_variables.aww - Quick tutorial on global variables that can be -used in script. - -03_env.aww - Tutorial on how to write and use environment file. - -04_env-set.aww - Tutorial on "env-set" command, or how to set value into -environment file. - -05_env-get.aww - Tutorial on "env-get" command, or how to get value from -environment file. - -06_magic_put.aww - Tutorial on magic line "#put". - -07_magic_get.aww - Tutorial on magic line "#get". - -08_encrypt.aww - Tutorial on how to encrypt file and use it to copy file. - -09_decrypt.aww - Tutorial on how to decrypt file. - -10_encrypted_env.aww - Tutorial on how to use encrypted environment. - -11_encrypted_put.aww - Tutorial on how to use magic line "#put" with encrypted -environment or encrypted file. - -12_magic_require.aww - Tutorial on how to use magic line "#require". - -remotehost/01_play.aww - Tutorial on how to use "play" command using SSH in -the server named "remotehost". - -remotehost/02_magic_local.aww - Tutorial on magic line "#local". diff --git a/_play/01_local.aww b/_play/01_local.aww deleted file mode 100644 index 3ec57b1..0000000 --- a/_play/01_local.aww +++ /dev/null @@ -1,50 +0,0 @@ -The "local" command execute the lines in the host using shell. - -In the CLI, the "local" command only have two arguments: the file and comma -separated line or line range to be executed. - -In this web-user interface (WUI) we can run local command by inputting comma -separated line or line range in the "Execute line" and then click on "Local" -button. - -Let say we have the following lines of commands, - -echo "Hello #1" - -echo "Hello #2" - -echo "Hello #3" - - -To execute line 12 only in the CLI, run - - awwan local 00_local.aww 12 - -You can try running it in by filling "Execute line" to "12" and clicking -"Local" button. -It would print the following output, - - 2023/11/29 17:58:58 --> 12: echo "Hello #1" - Hello #1 - -To execute line 14 until 16, - - awwan local 00_local.aww 14-16 - -It will print the following output, - - 2023/11/29 18:00:26 --> 14: echo "Hello #2" - Hello #2 - 2023/11/29 18:00:26 --> 16: echo "Hello #3" - Hello #3 - -To execute line 12 and 16 only, - - awwan local 00_local.aww 12,16 - -It will print the following output, - - 2023/11/29 18:07:10 --> 12: echo "Hello #1" - Hello #1 - 2023/11/29 18:07:10 --> 16: echo "Hello #3" - Hello #3 diff --git a/_play/02_script_variables.aww b/_play/02_script_variables.aww deleted file mode 100644 index 44b1192..0000000 --- a/_play/02_script_variables.aww +++ /dev/null @@ -1,28 +0,0 @@ -There are several global variables that is exported by awwan and accessible -in the script. - -{{.ScriptDir}} - variable that contains the value of script directory. - -{{.BaseDir}} - variable that contains the value of base directory, the root -of awwan workspace. - -Both of those variables are accessible in "local" and "play" command. - -There are another variables like {{.SSHKey}}, {{.SSHHost}}, {{.SSHPort}}, -and {{.SSHUser}} but only applicable on "play" command so we will discuss it -later. - -Lets try the ScriptDir and BaseDir first. - - echo "Base directory is {{.BaseDir}}" - echo "Script directory is {{.ScriptDir}}" - -Run both of those lines, you will get the following output, - - 2023/12/02 14:10:09 --> 17: echo "Base directory is /home/awwan/play" - 2023/12/02 14:10:09 --> 18: echo "Script directory is /home/awwan/play" - Base directory is /home/awwan/play - Script directory is /home/awwan/play - -Since the script directory is under the workspace, both print the same -value. diff --git a/_play/03_env.aww b/_play/03_env.aww deleted file mode 100644 index 56c5574..0000000 --- a/_play/03_env.aww +++ /dev/null @@ -1,57 +0,0 @@ -Before we play with other other commands, there is one fundamental things -that we need to understand, the awwan environment. - -Awwan environment is stored in file "awwan.env". -There is another environment file named ".awwan.env.vault" for storing -encrypted values, but we will discuss it later. -For now lets just focus on non-encypted environment. - -Awwan environment is a key-value storage, formatted using Git INI -syntax, - - [section "subsection"] - key = value - -The "subsection" is optional, so one can write - - [section] - key = value - -The value can span multiple lines by ending it with backslash "\", for -example - - key_long = multiple \ - line \ - value - -In any script, we can get the value of key using the following syntax - - {{.Val "section:subsection:key"}} - -Lets fill in the "awwan.env" file with the following content, - - [host] - name = awwan - - [user "awwan"] - name = ms - -To get the value of key "name" under section "host", - - echo {{.Val "host::name"}} - -Try it, put the line number of above command in "Execute line" and click on -"Local" button, it should print, - - 2023/12/02 13:54:37 --> 41: echo awwan - awwan - -To get the value of key "name" in section "user", subsection "awwan", - - echo {{.Val "user:awwan:name"}} - -Try it, put the line number of above command in "Execute line" and click on -"Local" button, it should print, - - 2023/12/02 13:55:42 --> 51: echo ms - ms diff --git a/_play/04_env-set.aww b/_play/04_env-set.aww deleted file mode 100644 index bc74b20..0000000 --- a/_play/04_env-set.aww +++ /dev/null @@ -1,41 +0,0 @@ -The "env-set" is the command to set the value in environment file -"awwan.env". - -The syntax is - - - -Let say we want to set "host::ip_internal" to "127.0.0.1", run it in the -terminal as - - awwan env-set host::ip_internal 127.0.0.1 awwan.env - -When using this web user interface, we need to prefix the file with variable -".ScriptDir" or ".BaseDir" depends on where the environment file located. -Lets try, - - awwan env-set host::ip_internal 127.0.0.1 {{.ScriptDir}}/awwan.env - -Run the above line number, you will get - - 2023/12/02 14:21:54 --> 17: awwan env-set host::ip_internal 127.0.0.1 /home/awwan/play/awwan.env - 2023/12/02 21:21:54 --- BaseDir: /home/awwan/play - -Open the "awwan.env" file, you should see the new key "ip_internal" is -added under section "host" with value "127.0.0.1", - - cat {{.ScriptDir}}/awwan.env - -Output, - - 2023/12/02 14:23:11 --> 27: cat /home/awwan/play/awwan.env - ## DO NOT remove this section. - [section "subsection"] - key = value - - [host] - name = awwan - ip_internal = 127.0.0.1 - - [user "awwan"] - name = ms diff --git a/_play/05_env-get.aww b/_play/05_env-get.aww deleted file mode 100644 index 33352b4..0000000 --- a/_play/05_env-get.aww +++ /dev/null @@ -1,39 +0,0 @@ -The "env-get" is the command to get the value from environment files, -"awwan.env" or ".awwan.env.vault" for encrypted file. - -The syntax is - - - -Remember, the second parameter is a directory not a file, because the -environment files are loaded recursively from top to bottom. -An environment key may not exist in sub directory, but defined in their -parent directory. - -Lets try on the base directory first, - - awwan env-get "host::name" {{.BaseDir}} - -It will print, - - 2023/12/04 22:18:06 --- BaseDir: /home/awwan/play - 2023/12/04 22:18:06 --- NewSession "." - 2023/12/04 22:18:06 --- Loading "awwan.env" ... - 2023/12/04 15:18:06 --> 15: awwan env-get "host::name" /home/awwan/play - awwan - -But if we changes the directory to "remotehost", - - awwan env-get "host::name" {{.BaseDir}}/remotehost - -It will print, - - 2023/12/04 15:24:32 --> 29: awwan env-get "host::name" /home/awwan/play/remotehost - 2023/12/04 22:24:32 --- BaseDir: /home/awwan/play - 2023/12/04 22:24:32 --- NewSession "remotehost" - 2023/12/04 22:24:32 --- Loading "awwan.env" ... - 2023/12/04 22:24:32 --- Loading "remotehost/awwan.env" ... - remotehost - -Because the environment variable "host::name" is overridden in "awwan.env" -file under directory "remotehost". diff --git a/_play/06_magic_put.aww b/_play/06_magic_put.aww deleted file mode 100644 index bf6f0e7..0000000 --- a/_play/06_magic_put.aww +++ /dev/null @@ -1,50 +0,0 @@ -The magic command "#put" is not a CLI command, it is used in the script to -copy file from source to target. - -There are two modes of magic "#put" command, one to copy the file as current user, - - "#put:[+mode] " - -and the other one is to copy with sudo, - - "#put![owner][+mode] " - -The [owner] option set the target file owner, using "user:group" format. -The [+mode] option set the target file mode, in octal format, for example +0644. - -Lets copy file "put_source.txt" into directory "remotehost", - - #put: {{.BaseDir}}/put_source.txt {{.BaseDir}}/remotehost/put_target.txt - cat {{.BaseDir}}/remotehost/put_target.txt - ls -l {{.BaseDir}}/remotehost/put_target.txt - -It will print the following output, - - 2023/12/04 17:19:07 --> 17: #put: /home/awwan/play/put_source.txt /home/awwan/play/remotehost/put_target.txt - 2023/12/04 17:19:07 --> 18: cat /home/awwan/play/remotehost/put_target.txt - The host name is awwan. - 2023/12/04 17:19:07 --> 19: ls -l /home/awwan/play/remotehost/put_target.txt - -rw------- 1 awwan awwan 24 Dec 5 00:19 /home/awwan/play/remotehost/put_target.txt - -Take a look at the source "put_source.txt" file and the target -"remotehost/put_target.txt" file. -As you can see, the source file can contain variable, which will be replaced -in the destination file. - -Lets copy it using "#put!" and set the owner to user "awwan" and -group "awwanssh", with permission 0600. - - #put!awwan:awwanssh+0600 \ - {{.ScriptDir}}/put_source.txt \ - {{.ScriptDir}}/remotehost/put_target.txt - cat {{.ScriptDir}}/remotehost/put_target.txt - ls -l {{.ScriptDir}}/remotehost/put_target.txt - -The file copied succesfully with user, group, and mode set based on the -"#put" options, - - 2023/12/04 17:47:40 --> 34: #put!awwan:awwanssh+600 /home/awwan/play/put_source.txt /home/awwan/play/remotehost/put_target.txt - 2023/12/04 17:48:55 --> 37: cat /home/awwan/play/remotehost/put_target.txt - The host name is awwan. - 2023/12/04 17:48:55 --> 38: ls -l /home/awwan/play/remotehost/put_target.txt - -rw------- 1 awwan awwanssh 24 Dec 4 17:48 /home/awwan/play/remotehost/put_target.txt diff --git a/_play/07_magic_get.aww b/_play/07_magic_get.aww deleted file mode 100644 index 6429401..0000000 --- a/_play/07_magic_get.aww +++ /dev/null @@ -1,21 +0,0 @@ -The magic command "#get" copy file from source to target. - -When used with "local" command, it behave like "#put", -but when used with "play" it copy file from remote server to local host. - -Similar to magic command "#put" it have two modes, get file as current -user "#get:" or get file using sudo "#get!", - - "#get:+mode " - "#get!owner+mode " - -Lets copy file that can be read by root only into this directory, - - #get!awwan:awwan /etc/shadow {{.ScriptDir}}/get_shadow.txt - ls -l {{.ScriptDir}}/get_shadow.txt - -We should get the following output, - - 2023/12/04 18:08:26 --> 14: #get!awwan:awwan /etc/shadow /home/awwan/play/get_shadow.txt - 2023/12/04 18:09:17 --> 15: ls -l /home/awwan/play/get_shadow.txt - -rw------- 1 awwan awwan 586 Dec 4 18:08 /home/awwan/play/get_shadow.txt diff --git a/_play/08_encrypt.aww b/_play/08_encrypt.aww deleted file mode 100644 index a32fd0f..0000000 --- a/_play/08_encrypt.aww +++ /dev/null @@ -1,31 +0,0 @@ -The "encrypt" command encrypt the file using RSA based private key. -This command require private key file that is stored with name "awwan.key" -under ".ssh" directory. - -The CLI syntax is, - - awwan encrypt - -In this workspace we provide the private key with passphrase, see the -".ssh/awwan.key". -The passphrase is stored in ".ssh/awwan.pass". - -This passphrase file is optional. -If we remove the passphrase file, awwan will ask passphrase when its running. - -In the WUI you can encrypt the file by clicking the "Encrypt" button. - -Lets try the CLI command by encrypting the "secret" file in this workspace, - - awwan encrypt secret.txt - -Run the above line, it will encrypt the file with name "secret.txt.vault", - - 2023/12/06 14:23:29 --> 20: awwan encrypt secret.txt - 2023/12/06 14:23:29 --- BaseDir: /home/awwan/play - 2023/12/06 14:23:29 --- Loading passphrase file ".ssh/awwan.pass" ... - 2023/12/06 14:23:29 --- Loading private key file ".ssh/awwan.key" (enter to skip passphrase) ... - Encrypted file output: secret.txt.vault - -Refresh the list of file (or this page) by clicking on the directory "/", you will see -new file "secret.txt.vault" created. diff --git a/_play/09_decrypt.aww b/_play/09_decrypt.aww deleted file mode 100644 index 3777e47..0000000 --- a/_play/09_decrypt.aww +++ /dev/null @@ -1,22 +0,0 @@ -The "decrypt" command decrypt ".vault" file that is encrypted using -"encrypt" command. -This command has the following syntax - - awwan decrypt - -The file MUST have the ".vault" suffix, otherwise it will be ignored. - -Lets try decrypting the previous file that we encrypt, - - awwan decrypt secret.txt.vault - -Execute the above line and tt will decrypt the file into "secret.txt", - - 2023/12/06 15:09:55 --> 11: awwan decrypt secret.txt.vault - 2023/12/06 15:09:55 --- BaseDir: /home/awwan/play - 2023/12/06 15:09:55 --- Loading passphrase file ".ssh/awwan.pass" ... - 2023/12/06 15:09:55 --- Loading private key file ".ssh/awwan.key" (enter to skip passphrase) ... - Decrypted file output: secret.txt - -In the WUI, we can use the "Decrypt" button to decrypt the file directly. -Select the file to be decrypted and then click "Decrypt" button. diff --git a/_play/10_encrypted_env.aww b/_play/10_encrypted_env.aww deleted file mode 100644 index 9710812..0000000 --- a/_play/10_encrypted_env.aww +++ /dev/null @@ -1,16 +0,0 @@ -Now that we know about environment variables and encryption, both of them -can be combined into storing encrypted environment variables into file -".awwan.env.vault". - -The ".awwan.env.vault" is created from file ".awwan.env" that then -encrypted. - -In this workspace, we provide an example of ".awwan.env.vault". -Lets get one of the value on it, - - echo {{.Val "user:awwan:pass"}} - -If we run it, it will print the value of "user:awwan:pass", - - 2023/12/06 14:45:16 --> 11: echo s3cret - s3cret diff --git a/_play/11_encrypted_put.aww b/_play/11_encrypted_put.aww deleted file mode 100644 index ceb5372..0000000 --- a/_play/11_encrypted_put.aww +++ /dev/null @@ -1,37 +0,0 @@ -The magic line "#put" can copy encrypted file or file that contains -values from encrypted environment variables, ".awwan.env.vault". - -In this example we have "secret.txt" that read value -"user:awwan:pass" which exist only in ".awwan.env.vault". - -Lets remove the "secret.txt.vault" first and then copy the file -to "remotehost", - - rm -f {{.ScriptDir}}/secret.txt.vault - #put: {{.ScriptDir}}/secret.txt {{.ScriptDir}}/remotehost/put_secret.txt - cat {{.ScriptDir}}/remotehost/put_secret.txt - -Run the above three lines, we got - - 2023/12/06 15:32:36 --> 10: rm -f /home/awwan/play/secret.txt.vault - 2023/12/06 15:32:36 --> 11: #put: /home/awwan/play/secret.txt /home/awwan/play/remotehost/put_secret.txt - 2023/12/06 15:32:36 --> 12: cat /home/awwan/play/remotehost/put_secret.txt - My password is s3cret. - -The magic line "#put" also can copy whole file that has been encrypted. -When copying the encrypted file we did not need to add ".vault" suffix, -awwan will take care of it. - - rm -f {{.ScriptDir}}/app.conf ## Make sure we copy the .vault file. - #put: {{.ScriptDir}}/app.conf {{.ScriptDir}}/remotehost/app.conf - cat {{.ScriptDir}}/remotehost/app.conf - -Run the above two lines and we got, - - 2023/12/06 15:25:29 --> 25: rm -f /home/awwan/play/app.conf ## Make sure we copy the .vault file. - 2023/12/06 15:25:29 --> 26: #put: /home/awwan/play/app.conf /home/awwan/play/remotehost/app.conf - 2023/12/06 15:25:29 --> 27: cat /home/awwan/play/remotehost/app.conf - [database "app"] - host = 10.16.1.4 - user = app - pass = pazzw0rd diff --git a/_play/12_magic_require.aww b/_play/12_magic_require.aww deleted file mode 100644 index e98361e..0000000 --- a/_play/12_magic_require.aww +++ /dev/null @@ -1,29 +0,0 @@ -The magic line "#require" is line that will always executed -when we executed line numbers below it. - -For example, - - #require: echo "require #1" - echo "Hello after first require" - #require: echo "require #2" - echo "Hello after second require" - -If we execute line 7 only, we got - - 2023/12/06 15:36:10 --- require 6: #require: echo "require #1" - require #1 - 2023/12/06 15:36:10 --> 7: echo "Hello after first require" - Hello after first require - -The second "#require" require will not get executed. - -But if we execute line number 9 only, we got, - - 2023/12/06 15:36:43 --- require 6: #require: echo "require #1" - require #1 - 2023/12/06 15:36:43 --- require 8: #require: echo "require #2" - require #2 - 2023/12/06 15:36:43 --> 9: echo "Hello after second require" - Hello after second require - -The first and second "#require" will always get executed, in order. diff --git a/_play/app.conf.vault b/_play/app.conf.vault deleted file mode 100644 index 9032d84..0000000 Binary files a/_play/app.conf.vault and /dev/null differ diff --git a/_play/awwan.env b/_play/awwan.env deleted file mode 100644 index 97b1383..0000000 --- a/_play/awwan.env +++ /dev/null @@ -1,10 +0,0 @@ -## DO NOT remove this section. -[section "subsection"] -key = value - -[host] -name = awwan -ip_internal = 127.0.0.1 - -[user "awwan"] -name = ms diff --git a/_play/example.aww b/_play/example.aww deleted file mode 100644 index 0b58478..0000000 --- a/_play/example.aww +++ /dev/null @@ -1,4 +0,0 @@ -## This is an example of awwan script that can be executed using "local" -## command. - -echo "Hello, local" diff --git a/_play/put_source.txt b/_play/put_source.txt deleted file mode 100644 index 5067c47..0000000 --- a/_play/put_source.txt +++ /dev/null @@ -1 +0,0 @@ -The host name is {{.Val "host::name"}}. diff --git a/_play/remotehost/01_play.aww b/_play/remotehost/01_play.aww deleted file mode 100644 index 4384bab..0000000 --- a/_play/remotehost/01_play.aww +++ /dev/null @@ -1,53 +0,0 @@ -Now we enter the "play" command. - -The "play" command execute every line in the remote host -using SSH. -The CLI syntax is - - awwan play - -Awwan derive the remote host name based on the directory -names. -In this script, the directory name is "remotehost". -We have register the "remotehost" name in ".ssh/config" so -awwan can know the user and private key file to be used -to connect to remote host "remotehost", - - Host remotehost - Hostname 127.0.0.1 - Port 20022 - User awwanssh - IdentityFile ~/.ssh/id_ed25519 - -In this example, the "remotehost" is connected using user "awwanssh" -with private key in "~/.ssh/id_ed25519". - -Lets try execute the following command in remotehost, - - echo "Connect with {{.SSHUser}}@{{.SSHHost}}:{{.SSHPort}} using {{.SSHKey}}" - -Using local we got - - 2023/12/06 16:03:32 --> 27: echo "Connect with @: using " - Connect with @: using - -Because the variable {{.SSHUser}} and others are empty if not running -under SSH session. - -Using CLI, - - awwan play {{.ScriptDir}}/01_play.aww 27 - -Using WUI, put "27" in "Execute line" and click button "Play". -We got, - - 2023/12/06 15:45:55 --- SSH identity file: [/home/awwan/.ssh/id_ed25519] - 2023/12/06 15:47:10 === BEGIN: remote /remotehost/01_play.aww 27 - 2023/12/06 15:47:10 --> 27: echo "Connect with awwanssh@127.0.0.1:20022 using /home/awwan/.ssh/id_ed25519" - Connect with awwanssh@127.0.0.1:20022 using /home/awwan/.ssh/id_ed25519 - 2023/12/06 15:47:10 === END: remote /remotehost/01_play.aww 27 - -The behaviour of other magic lines like "#put" or "#get" are identical -with local command. -The magic line "#put" command copy file from local to remote, -while magic line "#get" copy file from remote to local. diff --git a/_play/remotehost/02_magic_local.aww b/_play/remotehost/02_magic_local.aww deleted file mode 100644 index 7fe9fbc..0000000 --- a/_play/remotehost/02_magic_local.aww +++ /dev/null @@ -1,25 +0,0 @@ -The magic line "#local" execute the command in local host -when script is executed using "play". - - #local: pwd - pwd - -Running the above two lines will output, - - 2023/12/06 16:30:41 --> 4: #local: pwd - /home/awwan/play - 2023/12/06 16:30:41 --> 5: pwd - /home/awwanssh - -The first line print the working directory in local host, -in this case the current directory. -While the second line print the working directory of -remote host, in this case the user home of "awwanssh". - -Using "#local" we can combine command that need to be executed -in local host first and then continue to execute in remote, -for example by creating directory in local to backup file from -remote host, - - #local: mkdir -p {{.ScriptDir]}/etc/ - #get: /etc/hosts {{.ScriptDir}}/etc/hosts diff --git a/_play/remotehost/awwan.env b/_play/remotehost/awwan.env deleted file mode 100644 index 62d03d0..0000000 --- a/_play/remotehost/awwan.env +++ /dev/null @@ -1,2 +0,0 @@ -[host] -name = remotehost diff --git a/_play/secret.txt b/_play/secret.txt deleted file mode 100644 index f9e7103..0000000 --- a/_play/secret.txt +++ /dev/null @@ -1 +0,0 @@ -My password is {{.Val "user:awwan:pass"}}. diff --git a/_tour/.awwan.env b/_tour/.awwan.env new file mode 100644 index 0000000..66b8f20 --- /dev/null +++ b/_tour/.awwan.env @@ -0,0 +1,2 @@ +[user "awwan"] +pass = s3cret diff --git a/_tour/.awwan.env.vault b/_tour/.awwan.env.vault new file mode 100644 index 0000000..15fb80b Binary files /dev/null and b/_tour/.awwan.env.vault differ diff --git a/_tour/.gitignore b/_tour/.gitignore new file mode 100644 index 0000000..12f8d5f --- /dev/null +++ b/_tour/.gitignore @@ -0,0 +1,7 @@ +/.cache +/app.conf +/get_shadow.txt +/remotehost/app.conf +/remotehost/put_secret.txt +/remotehost/put_source.txt +/secret.txt.vault diff --git a/_tour/.ssh/awwan.key b/_tour/.ssh/awwan.key new file mode 100644 index 0000000..7ff257d --- /dev/null +++ b/_tour/.ssh/awwan.key @@ -0,0 +1,39 @@ +-----BEGIN OPENSSH PRIVATE KEY----- +b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABDr7w6Hh7 +Pi0EVk8uC3xWu/AAAAGAAAAAEAAAGXAAAAB3NzaC1yc2EAAAADAQABAAABgQDselAAd35c +/jQLWwXm4U97fiA0PZSIIaeJAJesztTwY4J/Tl8ArjyGq6HgYV/UV652Web7Kpt+YaEF2E +KQpF+O0c2U93cMi0ldEWm67LQIP/NfUPtp/YqJVi5ePtHx6d78zMle31Fg/vp4dt90bCSV +23Sn2i52vorNdp4hr1RW6qTBwcjlkRx++mEwQK7ILdTs7q30RRj/HVq4tJ3YR/Gp04aHkn +UvMn7E3vp3xDEBE8MoSC6capckdVRYwCQPvOrluGU3f3GjmkkW7KzvYAMNqWlFdUMLWigW +LjndIIVAB9EmqMdQxPdLYbRwGbrxzTYKhf/P12yP3s8vbvt2qygCf1WjDttrPY/Bn6NZ/g +jKprznjVeV/MIdPkJwHo+L82BK8bNMpUvPg/lPJkmg1MmDmXxPvqC9DwIK/cGR1DsatXB7 +ZZ1JoQ6wN5Tqsh6Y+SAHHrya2N3jawQnC8aA1yYAGfrScBnC0QMHkk4n5jOvAf5LfON6lq +TrGNFl3jlSrdEAAAWAK4EimrLGSmKtVzJWZay2zUq4880IwAZB8acg0XVZfIFz2DLpulbA +PiIt6+5B4yhMSr2bH6xHx7QSBeEy9AXdi/0IVR/3fI/dpLH6DsBDrsxLMUT/DLjaWm9fdq +4BQnEWXdT0jW7BoGw2ghrsGXtRpw/9Bz4ce3dGqt0AZbIQZ1q8/+m2wZC6hSB2UdxgBWQA +suVlHL28YEAvKcIKc63quWF1NEc/ZxruX7CsBOdZZUeg8ijvzDBdhLaz9XcBkd5ZT18oRj +e5RyCzSwLy7Yv1ZG4065QiIR4eYcg8c7rT2TcdMWfTyqowjoNRIrxoBpdQhBNEsw2sFJ0m +4WRt9GBtrkzExBaFfni3seda9rAgLisfa9BIyErQnBtRPpYLKb1VGCeTfZiUsuCo2O5hDK +EESvayxK1mfjL5l2cv60EBidhzkGM1ThA2WdkjAV7Ge2NDTwVvf7DqrWsJ45UzkXH1mnlf +F68TjHUEGPnAYMmi4CtsQuacy9A13908VaykVO0s1dnO4zqyak8yA5auDzY/6pQRiWEj5T +GIAJuEcjSiHi7N9deuqynVFtuchJN9xBNNznu6SD3zYy+c13/p0oPpjzgscJLcjcA4qtOk +42OifMHvIQFe8ul6PPiXz+P8sRUijUIldHNNrAZNJK3T6IfhNOG7qWu23XZRtXeropK6Q3 +x8HIcc92/DT43OhuRrZVzORNiI0Ff+8lnLsDIjAbYCfqjQkdyxXI9rmcBS+o0GyL3OyDna +IJavT4KRZbds/kG6tH+78Pda6a9PKDTjW0od7ovveJBSq7mcs4azSSpF73Jj1JHE5MIEe7 +D5KcETgV90C5VqUeI/HAQRVNtJWQNaWre4uRYXRxN05EXcog7oFvAmeVvsoN2V26XU9ZAy +i1icys0qkmAn4UdEjpe/Ifgxf6UPpIUnsjjGudnFq/VFzmPncDziZzCdiwjXOLPnyTiohf +mW5orkyIyOFbX7iBlj6PhUyDyX3HdVFBznm/z9qByv1DMP2lpMqq2LhzNirmGsj332NNBa +Lh9XyAyxUD8VFOnj7Q3AWw7f8cH6BA59qEF3Mm302Y8b9ajtpm98wsktPnDB1sAxWFagge +EaDSoM2eAgPKA3VoKGv42YogyOvHnwedUkbiB1yBt1FXzBQxthnjy+qSvC46n2nIFgro3V +Avfy8eLylwS9BQKq4n79cw/rWQV3XP8E/NMWuYJzAOXcRJzgT1AJYAMhTzfssC7x+ZsgJV +MYYFBgH0flCMxe8/dmg5XDJnfrP8fgm0KwHrq1vrscNmrissGxmfpD5lxLPnIHGN+MmHO9 +gVjLWAHnRIHVH78quA9f2HJDDSyX+dOKuDpK3pURnMt3wtN33WfnGM7NrAyWGboTt9Ra8X +WXt2BO8fdB+z8yLMEkLRg9VTPKlvWXShjQSFSciA/m8/vUmpH85dadlhDDpKQoDxwX/fcy +ftqGAZyWenAw+C1N8jy63lIBNGZShE/+5Ohd+tOTRoPeqT0lZJWHly0teeOjR8jhB15Kj+ +a6rHm1ezj8RiDfpiXtpvbW7QPGhGyT2z7MtUOqgwTFfvYkFW9TR9y4B0uZzJ4KWo5zbeof +GZkeHF+wkvh+dp3AdNnurcxfYvhXimUgaebpE+ltVaHk/1WFUmiPOyH8hdOFr56/1B9EOV +wqC0q3JvP33XGzkRFGs3Yig+CDSsGmN3HKp3AxGmY++kC+VVQeDyBvJLS4jth0CwNdJvsr +7HtARoaGx6+fMUv1CKQlwAS3axJNGRGK7MiSUmNBIWA8XDpOOKSmwZRjnn+fIGgRqKQST2 +YCy+2vetljVOWioQMju/cuQ7TwkLqsF2wfTZ/1rljUYFFmRfbUeXySN5MdQWpXseBl5kRW +ovQk9w== +-----END OPENSSH PRIVATE KEY----- diff --git a/_tour/.ssh/awwan.pass b/_tour/.ssh/awwan.pass new file mode 100644 index 0000000..55b8390 --- /dev/null +++ b/_tour/.ssh/awwan.pass @@ -0,0 +1 @@ +s3cret \ No newline at end of file diff --git a/_tour/.ssh/config b/_tour/.ssh/config new file mode 100644 index 0000000..fba1de1 --- /dev/null +++ b/_tour/.ssh/config @@ -0,0 +1,6 @@ +## This is an example of remote host to execute awwan command using "play". +Host remotehost + Hostname 127.0.0.1 + Port 20022 + User awwanssh + IdentityFile ~/.ssh/id_ed25519 diff --git a/_tour/.vimrc b/_tour/.vimrc new file mode 100644 index 0000000..0b527fd --- /dev/null +++ b/_tour/.vimrc @@ -0,0 +1,3 @@ +set expandtab +set tabstop=2 +set shiftwidth=2 diff --git a/_tour/00_README.txt b/_tour/00_README.txt new file mode 100644 index 0000000..316ca97 --- /dev/null +++ b/_tour/00_README.txt @@ -0,0 +1,70 @@ += Welcome to awwan + +This is an example of awwan workspace. + +The awwan workspace is indicated by ".ssh" directory, as you can see in the +list of file in the left. + +In awwan, every file is a script, including this file. +As long as the line is a valid shell command, awwan can execute it. + +Lets try. + +echo "Hello world" > {{.ScriptDir}}/output + +In the input "Execute line" below, set its value to "13" and click on the +"Local" button. +You should see output like these, + + 2023/11/29 15:45:08 --> 13: echo "Hello world" > /home/awwan/tour/output + +The same line can be executed in terminal using awwan CLI with following +command, + +awwan local {{.ScriptDir}}/00_README.txt 13 + +Click on the directory path "/" on the left top (above ".ssh"), to refresh +the content of directory. +You should see a new file "output" and "00_README.txt.log" in the list after +executing above line. +Click on the file "output" to see its content or execute the line below + +cat {{.ScriptDir}}/output + + +We provides an example files to follow along, that explain each command and +feature in the awwan. + +01_local.aww - Tutorial on "local" command, to execute command in local +machine using shell. + +02_script_variables.aww - Quick tutorial on global variables that can be +used in script. + +03_env.aww - Tutorial on how to write and use environment file. + +04_env-set.aww - Tutorial on "env-set" command, or how to set value into +environment file. + +05_env-get.aww - Tutorial on "env-get" command, or how to get value from +environment file. + +06_magic_put.aww - Tutorial on magic line "#put". + +07_magic_get.aww - Tutorial on magic line "#get". + +08_encrypt.aww - Tutorial on how to encrypt file and use it to copy file. + +09_decrypt.aww - Tutorial on how to decrypt file. + +10_encrypted_env.aww - Tutorial on how to use encrypted environment. + +11_encrypted_put.aww - Tutorial on how to use magic line "#put" with encrypted +environment or encrypted file. + +12_magic_require.aww - Tutorial on how to use magic line "#require". + +remotehost/01_play.aww - Tutorial on how to use "play" command using SSH in +the server named "remotehost". + +remotehost/02_magic_local.aww - Tutorial on magic line "#local". diff --git a/_tour/01_local.aww b/_tour/01_local.aww new file mode 100644 index 0000000..3ec57b1 --- /dev/null +++ b/_tour/01_local.aww @@ -0,0 +1,50 @@ +The "local" command execute the lines in the host using shell. + +In the CLI, the "local" command only have two arguments: the file and comma +separated line or line range to be executed. + +In this web-user interface (WUI) we can run local command by inputting comma +separated line or line range in the "Execute line" and then click on "Local" +button. + +Let say we have the following lines of commands, + +echo "Hello #1" + +echo "Hello #2" + +echo "Hello #3" + + +To execute line 12 only in the CLI, run + + awwan local 00_local.aww 12 + +You can try running it in by filling "Execute line" to "12" and clicking +"Local" button. +It would print the following output, + + 2023/11/29 17:58:58 --> 12: echo "Hello #1" + Hello #1 + +To execute line 14 until 16, + + awwan local 00_local.aww 14-16 + +It will print the following output, + + 2023/11/29 18:00:26 --> 14: echo "Hello #2" + Hello #2 + 2023/11/29 18:00:26 --> 16: echo "Hello #3" + Hello #3 + +To execute line 12 and 16 only, + + awwan local 00_local.aww 12,16 + +It will print the following output, + + 2023/11/29 18:07:10 --> 12: echo "Hello #1" + Hello #1 + 2023/11/29 18:07:10 --> 16: echo "Hello #3" + Hello #3 diff --git a/_tour/02_script_variables.aww b/_tour/02_script_variables.aww new file mode 100644 index 0000000..44b1192 --- /dev/null +++ b/_tour/02_script_variables.aww @@ -0,0 +1,28 @@ +There are several global variables that is exported by awwan and accessible +in the script. + +{{.ScriptDir}} - variable that contains the value of script directory. + +{{.BaseDir}} - variable that contains the value of base directory, the root +of awwan workspace. + +Both of those variables are accessible in "local" and "play" command. + +There are another variables like {{.SSHKey}}, {{.SSHHost}}, {{.SSHPort}}, +and {{.SSHUser}} but only applicable on "play" command so we will discuss it +later. + +Lets try the ScriptDir and BaseDir first. + + echo "Base directory is {{.BaseDir}}" + echo "Script directory is {{.ScriptDir}}" + +Run both of those lines, you will get the following output, + + 2023/12/02 14:10:09 --> 17: echo "Base directory is /home/awwan/play" + 2023/12/02 14:10:09 --> 18: echo "Script directory is /home/awwan/play" + Base directory is /home/awwan/play + Script directory is /home/awwan/play + +Since the script directory is under the workspace, both print the same +value. diff --git a/_tour/03_env.aww b/_tour/03_env.aww new file mode 100644 index 0000000..56c5574 --- /dev/null +++ b/_tour/03_env.aww @@ -0,0 +1,57 @@ +Before we play with other other commands, there is one fundamental things +that we need to understand, the awwan environment. + +Awwan environment is stored in file "awwan.env". +There is another environment file named ".awwan.env.vault" for storing +encrypted values, but we will discuss it later. +For now lets just focus on non-encypted environment. + +Awwan environment is a key-value storage, formatted using Git INI +syntax, + + [section "subsection"] + key = value + +The "subsection" is optional, so one can write + + [section] + key = value + +The value can span multiple lines by ending it with backslash "\", for +example + + key_long = multiple \ + line \ + value + +In any script, we can get the value of key using the following syntax + + {{.Val "section:subsection:key"}} + +Lets fill in the "awwan.env" file with the following content, + + [host] + name = awwan + + [user "awwan"] + name = ms + +To get the value of key "name" under section "host", + + echo {{.Val "host::name"}} + +Try it, put the line number of above command in "Execute line" and click on +"Local" button, it should print, + + 2023/12/02 13:54:37 --> 41: echo awwan + awwan + +To get the value of key "name" in section "user", subsection "awwan", + + echo {{.Val "user:awwan:name"}} + +Try it, put the line number of above command in "Execute line" and click on +"Local" button, it should print, + + 2023/12/02 13:55:42 --> 51: echo ms + ms diff --git a/_tour/04_env-set.aww b/_tour/04_env-set.aww new file mode 100644 index 0000000..bc74b20 --- /dev/null +++ b/_tour/04_env-set.aww @@ -0,0 +1,41 @@ +The "env-set" is the command to set the value in environment file +"awwan.env". + +The syntax is + + + +Let say we want to set "host::ip_internal" to "127.0.0.1", run it in the +terminal as + + awwan env-set host::ip_internal 127.0.0.1 awwan.env + +When using this web user interface, we need to prefix the file with variable +".ScriptDir" or ".BaseDir" depends on where the environment file located. +Lets try, + + awwan env-set host::ip_internal 127.0.0.1 {{.ScriptDir}}/awwan.env + +Run the above line number, you will get + + 2023/12/02 14:21:54 --> 17: awwan env-set host::ip_internal 127.0.0.1 /home/awwan/play/awwan.env + 2023/12/02 21:21:54 --- BaseDir: /home/awwan/play + +Open the "awwan.env" file, you should see the new key "ip_internal" is +added under section "host" with value "127.0.0.1", + + cat {{.ScriptDir}}/awwan.env + +Output, + + 2023/12/02 14:23:11 --> 27: cat /home/awwan/play/awwan.env + ## DO NOT remove this section. + [section "subsection"] + key = value + + [host] + name = awwan + ip_internal = 127.0.0.1 + + [user "awwan"] + name = ms diff --git a/_tour/05_env-get.aww b/_tour/05_env-get.aww new file mode 100644 index 0000000..33352b4 --- /dev/null +++ b/_tour/05_env-get.aww @@ -0,0 +1,39 @@ +The "env-get" is the command to get the value from environment files, +"awwan.env" or ".awwan.env.vault" for encrypted file. + +The syntax is + + + +Remember, the second parameter is a directory not a file, because the +environment files are loaded recursively from top to bottom. +An environment key may not exist in sub directory, but defined in their +parent directory. + +Lets try on the base directory first, + + awwan env-get "host::name" {{.BaseDir}} + +It will print, + + 2023/12/04 22:18:06 --- BaseDir: /home/awwan/play + 2023/12/04 22:18:06 --- NewSession "." + 2023/12/04 22:18:06 --- Loading "awwan.env" ... + 2023/12/04 15:18:06 --> 15: awwan env-get "host::name" /home/awwan/play + awwan + +But if we changes the directory to "remotehost", + + awwan env-get "host::name" {{.BaseDir}}/remotehost + +It will print, + + 2023/12/04 15:24:32 --> 29: awwan env-get "host::name" /home/awwan/play/remotehost + 2023/12/04 22:24:32 --- BaseDir: /home/awwan/play + 2023/12/04 22:24:32 --- NewSession "remotehost" + 2023/12/04 22:24:32 --- Loading "awwan.env" ... + 2023/12/04 22:24:32 --- Loading "remotehost/awwan.env" ... + remotehost + +Because the environment variable "host::name" is overridden in "awwan.env" +file under directory "remotehost". diff --git a/_tour/06_magic_put.aww b/_tour/06_magic_put.aww new file mode 100644 index 0000000..bf6f0e7 --- /dev/null +++ b/_tour/06_magic_put.aww @@ -0,0 +1,50 @@ +The magic command "#put" is not a CLI command, it is used in the script to +copy file from source to target. + +There are two modes of magic "#put" command, one to copy the file as current user, + + "#put:[+mode] " + +and the other one is to copy with sudo, + + "#put![owner][+mode] " + +The [owner] option set the target file owner, using "user:group" format. +The [+mode] option set the target file mode, in octal format, for example +0644. + +Lets copy file "put_source.txt" into directory "remotehost", + + #put: {{.BaseDir}}/put_source.txt {{.BaseDir}}/remotehost/put_target.txt + cat {{.BaseDir}}/remotehost/put_target.txt + ls -l {{.BaseDir}}/remotehost/put_target.txt + +It will print the following output, + + 2023/12/04 17:19:07 --> 17: #put: /home/awwan/play/put_source.txt /home/awwan/play/remotehost/put_target.txt + 2023/12/04 17:19:07 --> 18: cat /home/awwan/play/remotehost/put_target.txt + The host name is awwan. + 2023/12/04 17:19:07 --> 19: ls -l /home/awwan/play/remotehost/put_target.txt + -rw------- 1 awwan awwan 24 Dec 5 00:19 /home/awwan/play/remotehost/put_target.txt + +Take a look at the source "put_source.txt" file and the target +"remotehost/put_target.txt" file. +As you can see, the source file can contain variable, which will be replaced +in the destination file. + +Lets copy it using "#put!" and set the owner to user "awwan" and +group "awwanssh", with permission 0600. + + #put!awwan:awwanssh+0600 \ + {{.ScriptDir}}/put_source.txt \ + {{.ScriptDir}}/remotehost/put_target.txt + cat {{.ScriptDir}}/remotehost/put_target.txt + ls -l {{.ScriptDir}}/remotehost/put_target.txt + +The file copied succesfully with user, group, and mode set based on the +"#put" options, + + 2023/12/04 17:47:40 --> 34: #put!awwan:awwanssh+600 /home/awwan/play/put_source.txt /home/awwan/play/remotehost/put_target.txt + 2023/12/04 17:48:55 --> 37: cat /home/awwan/play/remotehost/put_target.txt + The host name is awwan. + 2023/12/04 17:48:55 --> 38: ls -l /home/awwan/play/remotehost/put_target.txt + -rw------- 1 awwan awwanssh 24 Dec 4 17:48 /home/awwan/play/remotehost/put_target.txt diff --git a/_tour/07_magic_get.aww b/_tour/07_magic_get.aww new file mode 100644 index 0000000..6429401 --- /dev/null +++ b/_tour/07_magic_get.aww @@ -0,0 +1,21 @@ +The magic command "#get" copy file from source to target. + +When used with "local" command, it behave like "#put", +but when used with "play" it copy file from remote server to local host. + +Similar to magic command "#put" it have two modes, get file as current +user "#get:" or get file using sudo "#get!", + + "#get:+mode " + "#get!owner+mode " + +Lets copy file that can be read by root only into this directory, + + #get!awwan:awwan /etc/shadow {{.ScriptDir}}/get_shadow.txt + ls -l {{.ScriptDir}}/get_shadow.txt + +We should get the following output, + + 2023/12/04 18:08:26 --> 14: #get!awwan:awwan /etc/shadow /home/awwan/play/get_shadow.txt + 2023/12/04 18:09:17 --> 15: ls -l /home/awwan/play/get_shadow.txt + -rw------- 1 awwan awwan 586 Dec 4 18:08 /home/awwan/play/get_shadow.txt diff --git a/_tour/08_encrypt.aww b/_tour/08_encrypt.aww new file mode 100644 index 0000000..a32fd0f --- /dev/null +++ b/_tour/08_encrypt.aww @@ -0,0 +1,31 @@ +The "encrypt" command encrypt the file using RSA based private key. +This command require private key file that is stored with name "awwan.key" +under ".ssh" directory. + +The CLI syntax is, + + awwan encrypt + +In this workspace we provide the private key with passphrase, see the +".ssh/awwan.key". +The passphrase is stored in ".ssh/awwan.pass". + +This passphrase file is optional. +If we remove the passphrase file, awwan will ask passphrase when its running. + +In the WUI you can encrypt the file by clicking the "Encrypt" button. + +Lets try the CLI command by encrypting the "secret" file in this workspace, + + awwan encrypt secret.txt + +Run the above line, it will encrypt the file with name "secret.txt.vault", + + 2023/12/06 14:23:29 --> 20: awwan encrypt secret.txt + 2023/12/06 14:23:29 --- BaseDir: /home/awwan/play + 2023/12/06 14:23:29 --- Loading passphrase file ".ssh/awwan.pass" ... + 2023/12/06 14:23:29 --- Loading private key file ".ssh/awwan.key" (enter to skip passphrase) ... + Encrypted file output: secret.txt.vault + +Refresh the list of file (or this page) by clicking on the directory "/", you will see +new file "secret.txt.vault" created. diff --git a/_tour/09_decrypt.aww b/_tour/09_decrypt.aww new file mode 100644 index 0000000..72958f9 --- /dev/null +++ b/_tour/09_decrypt.aww @@ -0,0 +1,22 @@ +The "decrypt" command decrypt ".vault" file that is encrypted using +"encrypt" command. +This command has the following syntax + + awwan decrypt + +The file MUST have the ".vault" suffix, otherwise it will be ignored. + +Lets try decrypting the previous file that we encrypt, + + awwan decrypt secret.txt.vault + +Execute the above line and it will decrypt the file into "secret.txt", + + 2023/12/06 15:09:55 --> 11: awwan decrypt secret.txt.vault + 2023/12/06 15:09:55 --- BaseDir: /home/awwan/play + 2023/12/06 15:09:55 --- Loading passphrase file ".ssh/awwan.pass" ... + 2023/12/06 15:09:55 --- Loading private key file ".ssh/awwan.key" (enter to skip passphrase) ... + Decrypted file output: secret.txt + +In the WUI, we can use the "Decrypt" button to decrypt the file directly. +Select the file to be decrypted and then click "Decrypt" button. diff --git a/_tour/10_encrypted_env.aww b/_tour/10_encrypted_env.aww new file mode 100644 index 0000000..9710812 --- /dev/null +++ b/_tour/10_encrypted_env.aww @@ -0,0 +1,16 @@ +Now that we know about environment variables and encryption, both of them +can be combined into storing encrypted environment variables into file +".awwan.env.vault". + +The ".awwan.env.vault" is created from file ".awwan.env" that then +encrypted. + +In this workspace, we provide an example of ".awwan.env.vault". +Lets get one of the value on it, + + echo {{.Val "user:awwan:pass"}} + +If we run it, it will print the value of "user:awwan:pass", + + 2023/12/06 14:45:16 --> 11: echo s3cret + s3cret diff --git a/_tour/11_encrypted_put.aww b/_tour/11_encrypted_put.aww new file mode 100644 index 0000000..ceb5372 --- /dev/null +++ b/_tour/11_encrypted_put.aww @@ -0,0 +1,37 @@ +The magic line "#put" can copy encrypted file or file that contains +values from encrypted environment variables, ".awwan.env.vault". + +In this example we have "secret.txt" that read value +"user:awwan:pass" which exist only in ".awwan.env.vault". + +Lets remove the "secret.txt.vault" first and then copy the file +to "remotehost", + + rm -f {{.ScriptDir}}/secret.txt.vault + #put: {{.ScriptDir}}/secret.txt {{.ScriptDir}}/remotehost/put_secret.txt + cat {{.ScriptDir}}/remotehost/put_secret.txt + +Run the above three lines, we got + + 2023/12/06 15:32:36 --> 10: rm -f /home/awwan/play/secret.txt.vault + 2023/12/06 15:32:36 --> 11: #put: /home/awwan/play/secret.txt /home/awwan/play/remotehost/put_secret.txt + 2023/12/06 15:32:36 --> 12: cat /home/awwan/play/remotehost/put_secret.txt + My password is s3cret. + +The magic line "#put" also can copy whole file that has been encrypted. +When copying the encrypted file we did not need to add ".vault" suffix, +awwan will take care of it. + + rm -f {{.ScriptDir}}/app.conf ## Make sure we copy the .vault file. + #put: {{.ScriptDir}}/app.conf {{.ScriptDir}}/remotehost/app.conf + cat {{.ScriptDir}}/remotehost/app.conf + +Run the above two lines and we got, + + 2023/12/06 15:25:29 --> 25: rm -f /home/awwan/play/app.conf ## Make sure we copy the .vault file. + 2023/12/06 15:25:29 --> 26: #put: /home/awwan/play/app.conf /home/awwan/play/remotehost/app.conf + 2023/12/06 15:25:29 --> 27: cat /home/awwan/play/remotehost/app.conf + [database "app"] + host = 10.16.1.4 + user = app + pass = pazzw0rd diff --git a/_tour/12_magic_require.aww b/_tour/12_magic_require.aww new file mode 100644 index 0000000..e98361e --- /dev/null +++ b/_tour/12_magic_require.aww @@ -0,0 +1,29 @@ +The magic line "#require" is line that will always executed +when we executed line numbers below it. + +For example, + + #require: echo "require #1" + echo "Hello after first require" + #require: echo "require #2" + echo "Hello after second require" + +If we execute line 7 only, we got + + 2023/12/06 15:36:10 --- require 6: #require: echo "require #1" + require #1 + 2023/12/06 15:36:10 --> 7: echo "Hello after first require" + Hello after first require + +The second "#require" require will not get executed. + +But if we execute line number 9 only, we got, + + 2023/12/06 15:36:43 --- require 6: #require: echo "require #1" + require #1 + 2023/12/06 15:36:43 --- require 8: #require: echo "require #2" + require #2 + 2023/12/06 15:36:43 --> 9: echo "Hello after second require" + Hello after second require + +The first and second "#require" will always get executed, in order. diff --git a/_tour/app.conf.vault b/_tour/app.conf.vault new file mode 100644 index 0000000..9032d84 Binary files /dev/null and b/_tour/app.conf.vault differ diff --git a/_tour/awwan.env b/_tour/awwan.env new file mode 100644 index 0000000..97b1383 --- /dev/null +++ b/_tour/awwan.env @@ -0,0 +1,10 @@ +## DO NOT remove this section. +[section "subsection"] +key = value + +[host] +name = awwan +ip_internal = 127.0.0.1 + +[user "awwan"] +name = ms diff --git a/_tour/example.aww b/_tour/example.aww new file mode 100644 index 0000000..0b58478 --- /dev/null +++ b/_tour/example.aww @@ -0,0 +1,4 @@ +## This is an example of awwan script that can be executed using "local" +## command. + +echo "Hello, local" diff --git a/_tour/put_source.txt b/_tour/put_source.txt new file mode 100644 index 0000000..5067c47 --- /dev/null +++ b/_tour/put_source.txt @@ -0,0 +1 @@ +The host name is {{.Val "host::name"}}. diff --git a/_tour/remotehost/01_play.aww b/_tour/remotehost/01_play.aww new file mode 100644 index 0000000..4384bab --- /dev/null +++ b/_tour/remotehost/01_play.aww @@ -0,0 +1,53 @@ +Now we enter the "play" command. + +The "play" command execute every line in the remote host +using SSH. +The CLI syntax is + + awwan play + +Awwan derive the remote host name based on the directory +names. +In this script, the directory name is "remotehost". +We have register the "remotehost" name in ".ssh/config" so +awwan can know the user and private key file to be used +to connect to remote host "remotehost", + + Host remotehost + Hostname 127.0.0.1 + Port 20022 + User awwanssh + IdentityFile ~/.ssh/id_ed25519 + +In this example, the "remotehost" is connected using user "awwanssh" +with private key in "~/.ssh/id_ed25519". + +Lets try execute the following command in remotehost, + + echo "Connect with {{.SSHUser}}@{{.SSHHost}}:{{.SSHPort}} using {{.SSHKey}}" + +Using local we got + + 2023/12/06 16:03:32 --> 27: echo "Connect with @: using " + Connect with @: using + +Because the variable {{.SSHUser}} and others are empty if not running +under SSH session. + +Using CLI, + + awwan play {{.ScriptDir}}/01_play.aww 27 + +Using WUI, put "27" in "Execute line" and click button "Play". +We got, + + 2023/12/06 15:45:55 --- SSH identity file: [/home/awwan/.ssh/id_ed25519] + 2023/12/06 15:47:10 === BEGIN: remote /remotehost/01_play.aww 27 + 2023/12/06 15:47:10 --> 27: echo "Connect with awwanssh@127.0.0.1:20022 using /home/awwan/.ssh/id_ed25519" + Connect with awwanssh@127.0.0.1:20022 using /home/awwan/.ssh/id_ed25519 + 2023/12/06 15:47:10 === END: remote /remotehost/01_play.aww 27 + +The behaviour of other magic lines like "#put" or "#get" are identical +with local command. +The magic line "#put" command copy file from local to remote, +while magic line "#get" copy file from remote to local. diff --git a/_tour/remotehost/02_magic_local.aww b/_tour/remotehost/02_magic_local.aww new file mode 100644 index 0000000..7fe9fbc --- /dev/null +++ b/_tour/remotehost/02_magic_local.aww @@ -0,0 +1,25 @@ +The magic line "#local" execute the command in local host +when script is executed using "play". + + #local: pwd + pwd + +Running the above two lines will output, + + 2023/12/06 16:30:41 --> 4: #local: pwd + /home/awwan/play + 2023/12/06 16:30:41 --> 5: pwd + /home/awwanssh + +The first line print the working directory in local host, +in this case the current directory. +While the second line print the working directory of +remote host, in this case the user home of "awwanssh". + +Using "#local" we can combine command that need to be executed +in local host first and then continue to execute in remote, +for example by creating directory in local to backup file from +remote host, + + #local: mkdir -p {{.ScriptDir]}/etc/ + #get: /etc/hosts {{.ScriptDir}}/etc/hosts diff --git a/_tour/remotehost/awwan.env b/_tour/remotehost/awwan.env new file mode 100644 index 0000000..62d03d0 --- /dev/null +++ b/_tour/remotehost/awwan.env @@ -0,0 +1,2 @@ +[host] +name = remotehost diff --git a/_tour/secret.txt b/_tour/secret.txt new file mode 100644 index 0000000..f9e7103 --- /dev/null +++ b/_tour/secret.txt @@ -0,0 +1 @@ +My password is {{.Val "user:awwan:pass"}}. -- cgit v1.3