From d214fd59d1e130642ee266e5cde144d88eea7d3d Mon Sep 17 00:00:00 2001 From: Shulhan Date: Wed, 29 Nov 2023 23:24:43 +0700 Subject: _ops: setup awwan-play The _ops/awwan-play is the seed for the awwan playground that will be live on "play.awwan.org" later. The image name is awwan-play, to allow us to serve play.awwan.local on local proxy and test it without port number. It use the _play directory as workspace. References: https://todo.sr.ht/~shulhan/awwan/4 --- Makefile | 23 +++- _ops/awwan-play/mkosi.conf | 12 +++ _ops/awwan-play/mkosi.conf.d/archlinux.conf | 12 +++ .../mkosi.extra/etc/ssh/ssh_host_ecdsa_key | 9 ++ .../mkosi.extra/etc/ssh/ssh_host_ecdsa_key.pub | 1 + .../mkosi.extra/etc/ssh/ssh_host_ed25519_key | 7 ++ .../mkosi.extra/etc/ssh/ssh_host_ed25519_key.pub | 1 + .../mkosi.extra/etc/ssh/ssh_host_rsa_key | 38 +++++++ .../mkosi.extra/etc/ssh/ssh_host_rsa_key.pub | 1 + _ops/awwan-play/mkosi.extra/etc/ssh/sshd_config | 117 +++++++++++++++++++++ _ops/awwan-play/mkosi.extra/etc/sudoers.d/awwan | 6 ++ .../etc/systemd/system/org-awwan-play.path | 9 ++ .../etc/systemd/system/org-awwan-play.service | 14 +++ .../etc/systemd/system/systemctl-restart@.service | 6 ++ .../mkosi.extra/home/awwan/.ssh/id_ed25519 | 7 ++ .../mkosi.extra/home/awwan/.ssh/id_ed25519.pub | 1 + .../mkosi.extra/home/awwan/.ssh/known_hosts | 3 + .../mkosi.extra/home/awwan/play/.gitignore | 2 + .../mkosi.extra/home/awwanssh/.ssh/authorized_keys | 1 + _ops/awwan-play/mkosi.finalize.chroot | 9 ++ _ops/awwan-play/mkosi.nspawn | 9 ++ _ops/awwan-play/mkosi.prepare.chroot | 20 ++++ _ops/awwan-play/mkosi.skeleton/etc/pacman.conf | 101 ++++++++++++++++++ _play/.ssh/awwan.key | 39 +++++++ _play/.ssh/awwan.pass | 1 + _play/.ssh/config | 6 ++ _play/awwan.env | 2 + _play/example.aww | 4 + 28 files changed, 460 insertions(+), 1 deletion(-) create mode 100644 _ops/awwan-play/mkosi.conf create mode 100644 _ops/awwan-play/mkosi.conf.d/archlinux.conf create mode 100644 _ops/awwan-play/mkosi.extra/etc/ssh/ssh_host_ecdsa_key create mode 100644 _ops/awwan-play/mkosi.extra/etc/ssh/ssh_host_ecdsa_key.pub create mode 100644 _ops/awwan-play/mkosi.extra/etc/ssh/ssh_host_ed25519_key create mode 100644 _ops/awwan-play/mkosi.extra/etc/ssh/ssh_host_ed25519_key.pub create mode 100644 _ops/awwan-play/mkosi.extra/etc/ssh/ssh_host_rsa_key create mode 100644 _ops/awwan-play/mkosi.extra/etc/ssh/ssh_host_rsa_key.pub create mode 100644 _ops/awwan-play/mkosi.extra/etc/ssh/sshd_config create mode 100644 _ops/awwan-play/mkosi.extra/etc/sudoers.d/awwan create mode 100644 _ops/awwan-play/mkosi.extra/etc/systemd/system/org-awwan-play.path create mode 100644 _ops/awwan-play/mkosi.extra/etc/systemd/system/org-awwan-play.service create mode 100644 _ops/awwan-play/mkosi.extra/etc/systemd/system/systemctl-restart@.service create mode 100644 _ops/awwan-play/mkosi.extra/home/awwan/.ssh/id_ed25519 create mode 100644 _ops/awwan-play/mkosi.extra/home/awwan/.ssh/id_ed25519.pub create mode 100644 _ops/awwan-play/mkosi.extra/home/awwan/.ssh/known_hosts create mode 100644 _ops/awwan-play/mkosi.extra/home/awwan/play/.gitignore create mode 100644 _ops/awwan-play/mkosi.extra/home/awwanssh/.ssh/authorized_keys create mode 100755 _ops/awwan-play/mkosi.finalize.chroot create mode 100644 _ops/awwan-play/mkosi.nspawn create mode 100755 _ops/awwan-play/mkosi.prepare.chroot create mode 100644 _ops/awwan-play/mkosi.skeleton/etc/pacman.conf create mode 100644 _play/.ssh/awwan.key create mode 100644 _play/.ssh/awwan.pass create mode 100644 _play/.ssh/config create mode 100644 _play/awwan.env create mode 100644 _play/example.aww diff --git a/Makefile b/Makefile index bfe9447..677bcc4 100644 --- a/Makefile +++ b/Makefile @@ -28,7 +28,7 @@ embed: .PHONY: build build: embed - go build ./cmd/awwan + go build -o _bin/awwan ./cmd/awwan .PHONY: install install: lint-www lint embed @@ -159,3 +159,24 @@ release-sync-local: release-tip-local: embed build-all-amd64 build-all-arm64 release-sync-local #}}} +#{{{ Tasks for play.awwan.org. + +## Build the play.awwan.org container in local. + +.PHONY: build-awwan-play +build-awwan-play: + @echo ">>> Stopping container ..." + -sudo machinectl stop awwan-play + + @echo ">>> Creating binding ..." + ## We need to bind src/_bin and src/_play into container. + mkdir -p /data/awwan/ + ln -sTf $$(pwd) /data/awwan/src + + @echo ">>> Building container ..." + sudo mkosi --directory=_ops/awwan-play --force build + + sudo machinectl --force import-tar /data/awwan/awwan-play.tar + sudo machinectl start awwan-play + +#}}} diff --git a/_ops/awwan-play/mkosi.conf b/_ops/awwan-play/mkosi.conf new file mode 100644 index 0000000..11a9dc7 --- /dev/null +++ b/_ops/awwan-play/mkosi.conf @@ -0,0 +1,12 @@ +[Output] +CacheDirectory=../mkosi.cache/ +Format=tar +Output=awwan-play +OutputDirectory=/data/awwan/ + +[Content] +Bootable=no +CleanPackageMetadata=false + +[Host] +Incremental=yes diff --git a/_ops/awwan-play/mkosi.conf.d/archlinux.conf b/_ops/awwan-play/mkosi.conf.d/archlinux.conf new file mode 100644 index 0000000..34add3f --- /dev/null +++ b/_ops/awwan-play/mkosi.conf.d/archlinux.conf @@ -0,0 +1,12 @@ +[Match] +Distribution=arch + +[Content] +SkeletonTrees=/var/lib/pacman/sync:/var/lib/pacman/sync +Packages= + systemd + bash + shadow + sudo + openssh + ca-certificates diff --git a/_ops/awwan-play/mkosi.extra/etc/ssh/ssh_host_ecdsa_key b/_ops/awwan-play/mkosi.extra/etc/ssh/ssh_host_ecdsa_key new file mode 100644 index 0000000..4c84aa4 --- /dev/null +++ b/_ops/awwan-play/mkosi.extra/etc/ssh/ssh_host_ecdsa_key @@ -0,0 +1,9 @@ +-----BEGIN OPENSSH PRIVATE KEY----- +b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAaAAAABNlY2RzYS +1zaGEyLW5pc3RwMjU2AAAACG5pc3RwMjU2AAAAQQT7S60hruhfa16IQnYc37bJDHKBgRDH +I26Du3CoMLRGDRZFmFFHdZ7r8v5tLsgEL6XvyOLZiUw1w2vAhONc4E2DAAAAqIaKFjWGih +Y1AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBPtLrSGu6F9rXohC +dhzftskMcoGBEMcjboO7cKgwtEYNFkWYUUd1nuvy/m0uyAQvpe/I4tmJTDXDa8CE41zgTY +MAAAAhAP84kEfvH5BsCNq+N+5R5NZxfIyzm+Utyq/cE3kQLBDLAAAAD3Jvb3RAYXd3YW4t +dGVzdA== +-----END OPENSSH PRIVATE KEY----- diff --git a/_ops/awwan-play/mkosi.extra/etc/ssh/ssh_host_ecdsa_key.pub b/_ops/awwan-play/mkosi.extra/etc/ssh/ssh_host_ecdsa_key.pub new file mode 100644 index 0000000..268f2e6 --- /dev/null +++ b/_ops/awwan-play/mkosi.extra/etc/ssh/ssh_host_ecdsa_key.pub @@ -0,0 +1 @@ +ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBPtLrSGu6F9rXohCdhzftskMcoGBEMcjboO7cKgwtEYNFkWYUUd1nuvy/m0uyAQvpe/I4tmJTDXDa8CE41zgTYM= root@awwan-test diff --git a/_ops/awwan-play/mkosi.extra/etc/ssh/ssh_host_ed25519_key b/_ops/awwan-play/mkosi.extra/etc/ssh/ssh_host_ed25519_key new file mode 100644 index 0000000..5613dbc --- /dev/null +++ b/_ops/awwan-play/mkosi.extra/etc/ssh/ssh_host_ed25519_key @@ -0,0 +1,7 @@ +-----BEGIN OPENSSH PRIVATE KEY----- +b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW +QyNTUxOQAAACBsXuBVZwXij+tW08TqrDJ7ZAgb45M5NK2RS99pfZeNEAAAAJiq/vlwqv75 +cAAAAAtzc2gtZWQyNTUxOQAAACBsXuBVZwXij+tW08TqrDJ7ZAgb45M5NK2RS99pfZeNEA +AAAECQJtEe3tM08NBhUIP03r+vDQ7vTkQA0uqF4KbS6Thhamxe4FVnBeKP61bTxOqsMntk +CBvjkzk0rZFL32l9l40QAAAAD3Jvb3RAYXd3YW4tdGVzdAECAwQFBg== +-----END OPENSSH PRIVATE KEY----- diff --git a/_ops/awwan-play/mkosi.extra/etc/ssh/ssh_host_ed25519_key.pub b/_ops/awwan-play/mkosi.extra/etc/ssh/ssh_host_ed25519_key.pub new file mode 100644 index 0000000..4b588a3 --- /dev/null +++ b/_ops/awwan-play/mkosi.extra/etc/ssh/ssh_host_ed25519_key.pub @@ -0,0 +1 @@ +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGxe4FVnBeKP61bTxOqsMntkCBvjkzk0rZFL32l9l40Q root@awwan-test diff --git a/_ops/awwan-play/mkosi.extra/etc/ssh/ssh_host_rsa_key b/_ops/awwan-play/mkosi.extra/etc/ssh/ssh_host_rsa_key new file mode 100644 index 0000000..3cd073e --- /dev/null +++ b/_ops/awwan-play/mkosi.extra/etc/ssh/ssh_host_rsa_key @@ -0,0 +1,38 @@ +-----BEGIN OPENSSH PRIVATE KEY----- +b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAABlwAAAAdzc2gtcn +NhAAAAAwEAAQAAAYEAyQPHy2DJlH/QwMILv10bf1MmHZQJY+dPBCRhRz8UnWLedGqUyZFY +z33Q4Vkz+jUxLOoO7H5SYeo9iW8wbNoPBg/G7J8yf9nAxn68cRXRmM6C5YE8ZR4HbVMIs0 +htPgHfZVENKeDTXoHTcy3/rxaSTeBOxBpzzPtaBerIlzDA0aucPCOPv22WclD4cKrcoAsz +yebLVPqS3iiegVdp4a7cJMaG0nn+GcqA2FhWn3XCxC5PklXn57+jJhUCa3Fm0CkUXu5+CL +5tnDfFILm/Xu7wel5yka6y/n+zUAE7vQspkl2mo2rKUQCk5Yev4UREmfETnnNeSgaWT+jF +EqxpkhQzst8Glxrrljfxjng6Z8ubixxp7/vZ4BJZI7rDknvH03Zg8IYDr9VcFF4klr62Jg +6EK7ISqHnXbveQFRRwPkepgav60l5+XIuRPdf+kokbv5tHSZ6smrywEUIYsJNDkMKhT9nl +ZHpmoz4PqgtP/e1eRoXZj9++8fJQa2k/twEht9rfAAAFiDtmriw7Zq4sAAAAB3NzaC1yc2 +EAAAGBAMkDx8tgyZR/0MDCC79dG39TJh2UCWPnTwQkYUc/FJ1i3nRqlMmRWM990OFZM/o1 +MSzqDux+UmHqPYlvMGzaDwYPxuyfMn/ZwMZ+vHEV0ZjOguWBPGUeB21TCLNIbT4B32VRDS +ng016B03Mt/68Wkk3gTsQac8z7WgXqyJcwwNGrnDwjj79tlnJQ+HCq3KALM8nmy1T6kt4o +noFXaeGu3CTGhtJ5/hnKgNhYVp91wsQuT5JV5+e/oyYVAmtxZtApFF7ufgi+bZw3xSC5v1 +7u8HpecpGusv5/s1ABO70LKZJdpqNqylEApOWHr+FERJnxE55zXkoGlk/oxRKsaZIUM7Lf +Bpca65Y38Y54OmfLm4scae/72eASWSO6w5J7x9N2YPCGA6/VXBReJJa+tiYOhCuyEqh512 +73kBUUcD5HqYGr+tJeflyLkT3X/pKJG7+bR0merJq8sBFCGLCTQ5DCoU/Z5WR6ZqM+D6oL +T/3tXkaF2Y/fvvHyUGtpP7cBIbfa3wAAAAMBAAEAAAGAMxcb48wwz+aAl016kOPIRl9K07 ++5d0PmKGZatzIIOkxTwAEK2gRwLySKP4xdkp2MZx8CNgeRRsOzakfxZekyYlcGN0PrIOWm +gozZtmBWSmFKkax8PjMYriepkW+6HEV7kxO7pcY30tBqft7VGppBCzwUqPEUN6g25EQdQZ +gpmeDlL7/WHFBtKZb83h3/P0o5mnpneazKQV7Pko42Ih9AYrR2te49sC5w+wvQ0Gys2RHw +NYBSFev2Ooqid8511DhsOmPd25YlzetPxl9pkf5W1uD+QJHOhT2Y6Yx1zkrgX2kfZpWrig +49FgcAFqBcOpuECGFqeXBW1RlRVgrML0RfgKTeOorjOkjAqUqudjgtFqW8jxgsF7zAzDqp +HdfFA7EHMwLZ5cqIh2PqrZ9Sip87MGlX5gOoNsRk6LYvxwPXtyB3K5FenlxaZSYibYBeUd +DWiFIwV2n5SgvSl+t6t0ughvoztl/UqQzmn4BJ5f8eaHVocdSFEagOy30wzji1m/sxAAAA +wHHzn9Y72W+M8xB+wYsFOY/qtsLoiis6o422MhTDFdVtHjDkuV+uwtgm9Dq3ZDvLlvFrTn +AgbyQFmqvVOn6SWZtspnZhAYLFfGhzlAHU05asCyx2u0pB6FLZDHEiUc+F22CXs8vRvBU2 +Du9U/ULMdCkP2Bu1PJN/b98DkyfpErtG/EhUmoPR6GR+Ulpdg+c6KcothUi9rEIu83Hmg0 +sG7OeqcBqOtj5jgifARnHmiS4e1eUfIMSjkO5jfWw4xwvZiAAAAMEA9KtDKbEZr9pnGQPA +2VeuoMnoJ4271UzqufuIE2/uWmXSG3NgBAWnNwcby6cpJdhdnM7u9C7CWFaB3Ay/cGZ64H +U6k4txA/XgGjW0j8H/cBF7S7a3alhJ6SlkfHiyVhuO5jx5ZyJbN/CyyKgd1H3JfTCPd11/ +eyKINWkX2hDuCs2ha87j68cTbUEZK+1Zs/AMqIZoPFlu34PUDf5wxfGxq8aEFo1NLY9E79 +1X6xE/3l7KrHi2d146XnSTJZaX8YQnAAAAwQDSUvbDwbzMu9RQaxo127pySdCkUIfnli/0 +gS+CUBz7yop5Cssk+oMoFZvptpNkm8xHDotLKh/WMBBaI6JK29UN6n+IKWL6NrYdsmWd5w +pVjgqN4bXRgydL+UpsJCUJMiQAgwlj8RLQKAG6BDYU1LV2M457hLnI0hHM5wPnyvwnDhSb +3g8IgVkyxfZT3IpsMtbGZkEOHGyE20pHiOcZGaI/yEboOMKUwAaFgvvVrQmeg+c7mu98e3 +VMececaZKSDokAAAAPcm9vdEBhd3dhbi10ZXN0AQIDBA== +-----END OPENSSH PRIVATE KEY----- diff --git a/_ops/awwan-play/mkosi.extra/etc/ssh/ssh_host_rsa_key.pub b/_ops/awwan-play/mkosi.extra/etc/ssh/ssh_host_rsa_key.pub new file mode 100644 index 0000000..9c58598 --- /dev/null +++ b/_ops/awwan-play/mkosi.extra/etc/ssh/ssh_host_rsa_key.pub @@ -0,0 +1 @@ +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDJA8fLYMmUf9DAwgu/XRt/UyYdlAlj508EJGFHPxSdYt50apTJkVjPfdDhWTP6NTEs6g7sflJh6j2JbzBs2g8GD8bsnzJ/2cDGfrxxFdGYzoLlgTxlHgdtUwizSG0+Ad9lUQ0p4NNegdNzLf+vFpJN4E7EGnPM+1oF6siXMMDRq5w8I4+/bZZyUPhwqtygCzPJ5stU+pLeKJ6BV2nhrtwkxobSef4ZyoDYWFafdcLELk+SVefnv6MmFQJrcWbQKRRe7n4Ivm2cN8Ugub9e7vB6XnKRrrL+f7NQATu9CymSXaajaspRAKTlh6/hRESZ8ROec15KBpZP6MUSrGmSFDOy3waXGuuWN/GOeDpny5uLHGnv+9ngElkjusOSe8fTdmDwhgOv1VwUXiSWvrYmDoQrshKoeddu95AVFHA+R6mBq/rSXn5ci5E91/6SiRu/m0dJnqyavLARQhiwk0OQwqFP2eVkemajPg+qC0/97V5GhdmP377x8lBraT+3ASG32t8= root@awwan-test diff --git a/_ops/awwan-play/mkosi.extra/etc/ssh/sshd_config b/_ops/awwan-play/mkosi.extra/etc/ssh/sshd_config new file mode 100644 index 0000000..2c12987 --- /dev/null +++ b/_ops/awwan-play/mkosi.extra/etc/ssh/sshd_config @@ -0,0 +1,117 @@ +# Include drop-in configurations +Include /etc/ssh/sshd_config.d/*.conf + +# This is the sshd server system-wide configuration file. See +# sshd_config(5) for more information. + +# This sshd was compiled with PATH=/usr/local/sbin:/usr/local/bin:/usr/bin + +# The strategy used for options in the default sshd_config shipped with +# OpenSSH is to specify options with their default value where +# possible, but leave them commented. Uncommented options override the +# default value. + +Port 20022 +AddressFamily inet +#ListenAddress 0.0.0.0 +#ListenAddress :: + +#HostKey /etc/ssh/ssh_host_rsa_key +#HostKey /etc/ssh/ssh_host_ecdsa_key +#HostKey /etc/ssh/ssh_host_ed25519_key + +# Ciphers and keying +#RekeyLimit default none + +# Logging +#SyslogFacility AUTH +#LogLevel INFO + +# Authentication: + +#LoginGraceTime 2m +#PermitRootLogin prohibit-password +#StrictModes yes +#MaxAuthTries 6 +#MaxSessions 10 + +#PubkeyAuthentication yes + +# The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2 +# but this is overridden so installations will only check .ssh/authorized_keys +AuthorizedKeysFile .ssh/authorized_keys + +#AuthorizedPrincipalsFile none + +#AuthorizedKeysCommand none +#AuthorizedKeysCommandUser nobody + +# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts +#HostbasedAuthentication no +# Change to yes if you don't trust ~/.ssh/known_hosts for +# HostbasedAuthentication +#IgnoreUserKnownHosts no +# Don't read the user's ~/.rhosts and ~/.shosts files +#IgnoreRhosts yes + +# To disable tunneled clear text passwords, change to no here! +#PasswordAuthentication yes +#PermitEmptyPasswords no + +# Change to no to disable s/key passwords +#KbdInteractiveAuthentication yes + +# Kerberos options +#KerberosAuthentication no +#KerberosOrLocalPasswd yes +#KerberosTicketCleanup yes +#KerberosGetAFSToken no + +# GSSAPI options +#GSSAPIAuthentication no +#GSSAPICleanupCredentials yes + +# Set this to 'yes' to enable PAM authentication, account processing, +# and session processing. If this is enabled, PAM authentication will +# be allowed through the KbdInteractiveAuthentication and +# PasswordAuthentication. Depending on your PAM configuration, +# PAM authentication via KbdInteractiveAuthentication may bypass +# the setting of "PermitRootLogin prohibit-password". +# If you just want the PAM account and session checks to run without +# PAM authentication, then enable this but set PasswordAuthentication +# and KbdInteractiveAuthentication to 'no'. +#UsePAM no + +#AllowAgentForwarding yes +#AllowTcpForwarding yes +#GatewayPorts no +#X11Forwarding no +#X11DisplayOffset 10 +#X11UseLocalhost yes +#PermitTTY yes +#PrintMotd yes +#PrintLastLog yes +#TCPKeepAlive yes +#PermitUserEnvironment no +#Compression delayed +#ClientAliveInterval 0 +#ClientAliveCountMax 3 +#UseDNS no +#PidFile /run/sshd.pid +#MaxStartups 10:30:100 +#PermitTunnel no +#ChrootDirectory none +#VersionAddendum none + +# no default banner path +#Banner none + +# override default of no subsystems +Subsystem sftp /usr/lib/ssh/sftp-server + +# Example of overriding settings on a per-user basis +#Match User anoncvs +# X11Forwarding no +# AllowTcpForwarding no +# PermitTTY no +# ForceCommand cvs server diff --git a/_ops/awwan-play/mkosi.extra/etc/sudoers.d/awwan b/_ops/awwan-play/mkosi.extra/etc/sudoers.d/awwan new file mode 100644 index 0000000..7288bf3 --- /dev/null +++ b/_ops/awwan-play/mkosi.extra/etc/sudoers.d/awwan @@ -0,0 +1,6 @@ +User_Alias ALLOWED_USER = awwan, awwanssh + +Cmnd_Alias ALLOWED_CMD = /usr/bin/cp, /usr/bin/chown, /usr/bin/chmod, \ + /usr/bin/mv, /usr/bin/rm ^/tmp/[^[:space:]]*$ + +ALLOWED_USER ALL = NOPASSWD: ALLOWED_CMD diff --git a/_ops/awwan-play/mkosi.extra/etc/systemd/system/org-awwan-play.path b/_ops/awwan-play/mkosi.extra/etc/systemd/system/org-awwan-play.path new file mode 100644 index 0000000..523289f --- /dev/null +++ b/_ops/awwan-play/mkosi.extra/etc/systemd/system/org-awwan-play.path @@ -0,0 +1,9 @@ +[Unit] +Description="Watch /usr/local/bin/awwan" + +[Path] +PathChanged=/usr/local/bin/awwan +Unit=systemctl-restart@%p.service + +[Install] +WantedBy=multi-user.target diff --git a/_ops/awwan-play/mkosi.extra/etc/systemd/system/org-awwan-play.service b/_ops/awwan-play/mkosi.extra/etc/systemd/system/org-awwan-play.service new file mode 100644 index 0000000..1797de0 --- /dev/null +++ b/_ops/awwan-play/mkosi.extra/etc/systemd/system/org-awwan-play.service @@ -0,0 +1,14 @@ +[Unit] +Description=org-awwan-play +After=network-online.target + +[Service] +User=awwan +WorkingDirectory=/home/awwan/play +ExecStart=/usr/local/bin/awwan -address=0.0.0.0:27600 \ + serve /home/awwan/play +Restart=always +RestartSec=5s + +[Install] +WantedBy=default.target diff --git a/_ops/awwan-play/mkosi.extra/etc/systemd/system/systemctl-restart@.service b/_ops/awwan-play/mkosi.extra/etc/systemd/system/systemctl-restart@.service new file mode 100644 index 0000000..800316e --- /dev/null +++ b/_ops/awwan-play/mkosi.extra/etc/systemd/system/systemctl-restart@.service @@ -0,0 +1,6 @@ +[Unit] +Description=systemctl-restart@%i + +[Service] +Type=oneshot +ExecStart=/bin/systemctl restart %i diff --git a/_ops/awwan-play/mkosi.extra/home/awwan/.ssh/id_ed25519 b/_ops/awwan-play/mkosi.extra/home/awwan/.ssh/id_ed25519 new file mode 100644 index 0000000..b55b87f --- /dev/null +++ b/_ops/awwan-play/mkosi.extra/home/awwan/.ssh/id_ed25519 @@ -0,0 +1,7 @@ +-----BEGIN OPENSSH PRIVATE KEY----- +b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW +QyNTUxOQAAACCki7C9UqKewWme1AdJTeS+jzoICL8tSkXUvqLNN/aq+QAAAJgeYYttHmGL +bQAAAAtzc2gtZWQyNTUxOQAAACCki7C9UqKewWme1AdJTeS+jzoICL8tSkXUvqLNN/aq+Q +AAAEB1EDYm+eeuejaJJt12dn0ST9VxINRY1v9YslT9cSuEfqSLsL1Sop7BaZ7UB0lN5L6P +OggIvy1KRdS+os039qr5AAAAEGF3d2FuQGF3d2FuLXRlc3QBAgMEBQ== +-----END OPENSSH PRIVATE KEY----- diff --git a/_ops/awwan-play/mkosi.extra/home/awwan/.ssh/id_ed25519.pub b/_ops/awwan-play/mkosi.extra/home/awwan/.ssh/id_ed25519.pub new file mode 100644 index 0000000..6b83dfd --- /dev/null +++ b/_ops/awwan-play/mkosi.extra/home/awwan/.ssh/id_ed25519.pub @@ -0,0 +1 @@ +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKSLsL1Sop7BaZ7UB0lN5L6POggIvy1KRdS+os039qr5 awwan@awwan-test diff --git a/_ops/awwan-play/mkosi.extra/home/awwan/.ssh/known_hosts b/_ops/awwan-play/mkosi.extra/home/awwan/.ssh/known_hosts new file mode 100644 index 0000000..5611175 --- /dev/null +++ b/_ops/awwan-play/mkosi.extra/home/awwan/.ssh/known_hosts @@ -0,0 +1,3 @@ +[127.0.0.1]:20022 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGxe4FVnBeKP61bTxOqsMntkCBvjkzk0rZFL32l9l40Q +[127.0.0.1]:20022 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDJA8fLYMmUf9DAwgu/XRt/UyYdlAlj508EJGFHPxSdYt50apTJkVjPfdDhWTP6NTEs6g7sflJh6j2JbzBs2g8GD8bsnzJ/2cDGfrxxFdGYzoLlgTxlHgdtUwizSG0+Ad9lUQ0p4NNegdNzLf+vFpJN4E7EGnPM+1oF6siXMMDRq5w8I4+/bZZyUPhwqtygCzPJ5stU+pLeKJ6BV2nhrtwkxobSef4ZyoDYWFafdcLELk+SVefnv6MmFQJrcWbQKRRe7n4Ivm2cN8Ugub9e7vB6XnKRrrL+f7NQATu9CymSXaajaspRAKTlh6/hRESZ8ROec15KBpZP6MUSrGmSFDOy3waXGuuWN/GOeDpny5uLHGnv+9ngElkjusOSe8fTdmDwhgOv1VwUXiSWvrYmDoQrshKoeddu95AVFHA+R6mBq/rSXn5ci5E91/6SiRu/m0dJnqyavLARQhiwk0OQwqFP2eVkemajPg+qC0/97V5GhdmP377x8lBraT+3ASG32t8= +[127.0.0.1]:20022 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBPtLrSGu6F9rXohCdhzftskMcoGBEMcjboO7cKgwtEYNFkWYUUd1nuvy/m0uyAQvpe/I4tmJTDXDa8CE41zgTYM= diff --git a/_ops/awwan-play/mkosi.extra/home/awwan/play/.gitignore b/_ops/awwan-play/mkosi.extra/home/awwan/play/.gitignore new file mode 100644 index 0000000..120f485 --- /dev/null +++ b/_ops/awwan-play/mkosi.extra/home/awwan/play/.gitignore @@ -0,0 +1,2 @@ +* +!/.gitignore diff --git a/_ops/awwan-play/mkosi.extra/home/awwanssh/.ssh/authorized_keys b/_ops/awwan-play/mkosi.extra/home/awwanssh/.ssh/authorized_keys new file mode 100644 index 0000000..6b83dfd --- /dev/null +++ b/_ops/awwan-play/mkosi.extra/home/awwanssh/.ssh/authorized_keys @@ -0,0 +1 @@ +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKSLsL1Sop7BaZ7UB0lN5L6POggIvy1KRdS+os039qr5 awwan@awwan-test diff --git a/_ops/awwan-play/mkosi.finalize.chroot b/_ops/awwan-play/mkosi.finalize.chroot new file mode 100755 index 0000000..a3db830 --- /dev/null +++ b/_ops/awwan-play/mkosi.finalize.chroot @@ -0,0 +1,9 @@ +#!/bin/sh + +systemctl enable sshd.service +systemctl enable org-awwan-play.path +systemctl enable org-awwan-play.service + +chmod 0600 /etc/ssh/*_key +chown -R awwan:awwan /home/awwan/ +chown -R awwanssh:awwanssh /home/awwanssh/ diff --git a/_ops/awwan-play/mkosi.nspawn b/_ops/awwan-play/mkosi.nspawn new file mode 100644 index 0000000..2302007 --- /dev/null +++ b/_ops/awwan-play/mkosi.nspawn @@ -0,0 +1,9 @@ +[Files] +Bind=/data/awwan/src/_play:/home/awwan/play:idmap +Bind=/data/awwan/src/_bin:/usr/local/bin +ReadOnly=yes + +[Network] +Private = yes +VirtualEthernet = yes +Zone = awwan diff --git a/_ops/awwan-play/mkosi.prepare.chroot b/_ops/awwan-play/mkosi.prepare.chroot new file mode 100755 index 0000000..ee0cf8e --- /dev/null +++ b/_ops/awwan-play/mkosi.prepare.chroot @@ -0,0 +1,20 @@ +#!/bin/sh + +set -x + +## User testing sudo with password prompt. +## The UID of user in container must equal with UID in host, for +## better compatibility. +## The password is "awwan". + +useradd --create-home --user-group \ + --uid $MKOSI_UID \ + --password '$2a$10$XVhjfOB4Un5DJE4TQEBPrOHfBVGVWP4iA3ElUMzcbJ7jdc2zZPgZ2' \ + awwan + +## User testing with ssh. + +useradd --create-home --user-group --groups wheel \ + --uid $((MKOSI_UID+1)) \ + --password '$2a$10$XVhjfOB4Un5DJE4TQEBPrOHfBVGVWP4iA3ElUMzcbJ7jdc2zZPgZ2' \ + awwanssh diff --git a/_ops/awwan-play/mkosi.skeleton/etc/pacman.conf b/_ops/awwan-play/mkosi.skeleton/etc/pacman.conf new file mode 100644 index 0000000..e288913 --- /dev/null +++ b/_ops/awwan-play/mkosi.skeleton/etc/pacman.conf @@ -0,0 +1,101 @@ +# +# /etc/pacman.conf +# +# See the pacman.conf(5) manpage for option and repository directives + +# +# GENERAL OPTIONS +# +[options] +# The following paths are commented out with their default values listed. +# If you wish to use different paths, uncomment and update the paths. +#RootDir = / +#DBPath = /var/lib/pacman/ +CacheDir = /home/var/cache/pacman/pkg/ +#LogFile = /var/log/pacman.log +#GPGDir = /etc/pacman.d/gnupg/ +#HookDir = /etc/pacman.d/hooks/ +HoldPkg = pacman glibc +#XferCommand = /usr/bin/curl -L -C - -f -o %o %u +#XferCommand = /usr/bin/wget --passive-ftp -c -O %o %u +CleanMethod = KeepInstalled +Architecture = auto + +# Pacman won't upgrade packages listed in IgnorePkg and members of IgnoreGroup +IgnorePkg = go +#IgnoreGroup = + +#NoUpgrade = +#NoExtract = + +# Misc options +#UseSyslog +#Color +#NoProgressBar +CheckSpace +VerbosePkgLists +#ParallelDownloads = 5 +ILoveCandy + +# By default, pacman accepts packages signed by keys that its local keyring +# trusts (see pacman-key and its man page), as well as unsigned packages. +SigLevel = Required DatabaseOptional +LocalFileSigLevel = Optional +#RemoteFileSigLevel = Required + +# NOTE: You must run `pacman-key --init` before first using pacman; the local +# keyring can then be populated with the keys of all official Arch Linux +# packagers with `pacman-key --populate archlinux`. + +# +# REPOSITORIES +# - can be defined here or included from another file +# - pacman will search repositories in the order defined here +# - local/custom mirrors can be added here or in separate files +# - repositories listed first will take precedence when packages +# have identical names, regardless of version number +# - URLs will have $repo replaced by the name of the current repo +# - URLs will have $arch replaced by the name of the architecture +# +# Repository entries are of the format: +# [repo-name] +# Server = ServerName +# Include = IncludePath +# +# The header [repo-name] is crucial - it must be present and +# uncommented to enable the repo. +# + +# The testing repositories are disabled by default. To enable, uncomment the +# repo name header and Include lines. You can add preferred servers immediately +# after the header, and they will be used before the default mirrors. + +#[core-testing] +#Include = /etc/pacman.d/mirrorlist + +[core] +Server = https://mirror.0x.sg/archlinux/$repo/os/$arch + +#[extra-testing] +#Include = /etc/pacman.d/mirrorlist + +[extra] +Server = https://mirror.0x.sg/archlinux/$repo/os/$arch + +# If you want to run 32 bit applications on your x86_64 system, +# enable the multilib repositories as required here. + +#[multilib-testing] +#Include = /etc/pacman.d/mirrorlist + +#[multilib] +#Include = /etc/pacman.d/mirrorlist + +# An example of a custom package repository. See the pacman manpage for +# tips on creating your own repositories. +#[custom] +#SigLevel = Optional TrustAll +#Server = file:///home/custompkgs + +[build.kilabit.info] +Server = https://build.kilabit.info/aur diff --git a/_play/.ssh/awwan.key b/_play/.ssh/awwan.key new file mode 100644 index 0000000..7ff257d --- /dev/null +++ b/_play/.ssh/awwan.key @@ -0,0 +1,39 @@ +-----BEGIN OPENSSH PRIVATE KEY----- +b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABDr7w6Hh7 +Pi0EVk8uC3xWu/AAAAGAAAAAEAAAGXAAAAB3NzaC1yc2EAAAADAQABAAABgQDselAAd35c +/jQLWwXm4U97fiA0PZSIIaeJAJesztTwY4J/Tl8ArjyGq6HgYV/UV652Web7Kpt+YaEF2E +KQpF+O0c2U93cMi0ldEWm67LQIP/NfUPtp/YqJVi5ePtHx6d78zMle31Fg/vp4dt90bCSV +23Sn2i52vorNdp4hr1RW6qTBwcjlkRx++mEwQK7ILdTs7q30RRj/HVq4tJ3YR/Gp04aHkn +UvMn7E3vp3xDEBE8MoSC6capckdVRYwCQPvOrluGU3f3GjmkkW7KzvYAMNqWlFdUMLWigW +LjndIIVAB9EmqMdQxPdLYbRwGbrxzTYKhf/P12yP3s8vbvt2qygCf1WjDttrPY/Bn6NZ/g +jKprznjVeV/MIdPkJwHo+L82BK8bNMpUvPg/lPJkmg1MmDmXxPvqC9DwIK/cGR1DsatXB7 +ZZ1JoQ6wN5Tqsh6Y+SAHHrya2N3jawQnC8aA1yYAGfrScBnC0QMHkk4n5jOvAf5LfON6lq +TrGNFl3jlSrdEAAAWAK4EimrLGSmKtVzJWZay2zUq4880IwAZB8acg0XVZfIFz2DLpulbA +PiIt6+5B4yhMSr2bH6xHx7QSBeEy9AXdi/0IVR/3fI/dpLH6DsBDrsxLMUT/DLjaWm9fdq +4BQnEWXdT0jW7BoGw2ghrsGXtRpw/9Bz4ce3dGqt0AZbIQZ1q8/+m2wZC6hSB2UdxgBWQA +suVlHL28YEAvKcIKc63quWF1NEc/ZxruX7CsBOdZZUeg8ijvzDBdhLaz9XcBkd5ZT18oRj +e5RyCzSwLy7Yv1ZG4065QiIR4eYcg8c7rT2TcdMWfTyqowjoNRIrxoBpdQhBNEsw2sFJ0m +4WRt9GBtrkzExBaFfni3seda9rAgLisfa9BIyErQnBtRPpYLKb1VGCeTfZiUsuCo2O5hDK +EESvayxK1mfjL5l2cv60EBidhzkGM1ThA2WdkjAV7Ge2NDTwVvf7DqrWsJ45UzkXH1mnlf +F68TjHUEGPnAYMmi4CtsQuacy9A13908VaykVO0s1dnO4zqyak8yA5auDzY/6pQRiWEj5T +GIAJuEcjSiHi7N9deuqynVFtuchJN9xBNNznu6SD3zYy+c13/p0oPpjzgscJLcjcA4qtOk +42OifMHvIQFe8ul6PPiXz+P8sRUijUIldHNNrAZNJK3T6IfhNOG7qWu23XZRtXeropK6Q3 +x8HIcc92/DT43OhuRrZVzORNiI0Ff+8lnLsDIjAbYCfqjQkdyxXI9rmcBS+o0GyL3OyDna +IJavT4KRZbds/kG6tH+78Pda6a9PKDTjW0od7ovveJBSq7mcs4azSSpF73Jj1JHE5MIEe7 +D5KcETgV90C5VqUeI/HAQRVNtJWQNaWre4uRYXRxN05EXcog7oFvAmeVvsoN2V26XU9ZAy +i1icys0qkmAn4UdEjpe/Ifgxf6UPpIUnsjjGudnFq/VFzmPncDziZzCdiwjXOLPnyTiohf +mW5orkyIyOFbX7iBlj6PhUyDyX3HdVFBznm/z9qByv1DMP2lpMqq2LhzNirmGsj332NNBa +Lh9XyAyxUD8VFOnj7Q3AWw7f8cH6BA59qEF3Mm302Y8b9ajtpm98wsktPnDB1sAxWFagge +EaDSoM2eAgPKA3VoKGv42YogyOvHnwedUkbiB1yBt1FXzBQxthnjy+qSvC46n2nIFgro3V +Avfy8eLylwS9BQKq4n79cw/rWQV3XP8E/NMWuYJzAOXcRJzgT1AJYAMhTzfssC7x+ZsgJV +MYYFBgH0flCMxe8/dmg5XDJnfrP8fgm0KwHrq1vrscNmrissGxmfpD5lxLPnIHGN+MmHO9 +gVjLWAHnRIHVH78quA9f2HJDDSyX+dOKuDpK3pURnMt3wtN33WfnGM7NrAyWGboTt9Ra8X +WXt2BO8fdB+z8yLMEkLRg9VTPKlvWXShjQSFSciA/m8/vUmpH85dadlhDDpKQoDxwX/fcy +ftqGAZyWenAw+C1N8jy63lIBNGZShE/+5Ohd+tOTRoPeqT0lZJWHly0teeOjR8jhB15Kj+ +a6rHm1ezj8RiDfpiXtpvbW7QPGhGyT2z7MtUOqgwTFfvYkFW9TR9y4B0uZzJ4KWo5zbeof +GZkeHF+wkvh+dp3AdNnurcxfYvhXimUgaebpE+ltVaHk/1WFUmiPOyH8hdOFr56/1B9EOV +wqC0q3JvP33XGzkRFGs3Yig+CDSsGmN3HKp3AxGmY++kC+VVQeDyBvJLS4jth0CwNdJvsr +7HtARoaGx6+fMUv1CKQlwAS3axJNGRGK7MiSUmNBIWA8XDpOOKSmwZRjnn+fIGgRqKQST2 +YCy+2vetljVOWioQMju/cuQ7TwkLqsF2wfTZ/1rljUYFFmRfbUeXySN5MdQWpXseBl5kRW +ovQk9w== +-----END OPENSSH PRIVATE KEY----- diff --git a/_play/.ssh/awwan.pass b/_play/.ssh/awwan.pass new file mode 100644 index 0000000..55b8390 --- /dev/null +++ b/_play/.ssh/awwan.pass @@ -0,0 +1 @@ +s3cret \ No newline at end of file diff --git a/_play/.ssh/config b/_play/.ssh/config new file mode 100644 index 0000000..983eee4 --- /dev/null +++ b/_play/.ssh/config @@ -0,0 +1,6 @@ +## This is an example of remote host to execute awwan command using "play". +Host remotehost + Hostname 127.0.0.1 + Port 20022 + User awwanssh + IdentityFile ~/.ssh/id_ed25519 diff --git a/_play/awwan.env b/_play/awwan.env new file mode 100644 index 0000000..ac4f2d3 --- /dev/null +++ b/_play/awwan.env @@ -0,0 +1,2 @@ +[user "awwan"] +name = ms diff --git a/_play/example.aww b/_play/example.aww new file mode 100644 index 0000000..0b58478 --- /dev/null +++ b/_play/example.aww @@ -0,0 +1,4 @@ +## This is an example of awwan script that can be executed using "local" +## command. + +echo "Hello, local" -- cgit v1.3