28 files changed, 159 insertions, 12 deletions

diff --git a/playbooks.d/etc-portage/description.txt b/playbooks.d/etc-portage/description.txt
new file mode 100644
index 0000000..8d90523
--- /dev/null
+++ b/playbooks.d/etc-portage/description.txt
@@ -0,0 +1 @@
+A symlinked directory to keep its content synced through Bashtard
diff --git a/playbooks.d/etc-portage/playbook.bash b/playbooks.d/etc-portage/playbook.bash
new file mode 100644
index 0000000..3140bb3
--- /dev/null
+++ b/playbooks.d/etc-portage/playbook.bash
@@ -0,0 +1,18 @@
+#!/usr/bin/env bash
+
+# shellcheck disable=SC2034
+
+BASHTARD_PLAYBOOK_VARS[$BASHTARD_PLAYBOOK.path]="required"
+
+playbook_add() {
+	mkdir -pv -- "$(dirname "$(config "$BASHTARD_PLAYBOOK.path")")"
+	ln -sv -- "$(playbook_path "data")" "$(config "$BASHTARD_PLAYBOOK.path")"
+}
+
+playbook_sync() {
+	:;
+}
+
+playbook_del() {
+	rm -- "$(config "$BASHTARD_PLAYBOOK.path")"
+}
diff --git a/playbooks.d/git-server/share/pubkeys.d/root@bast-ed25519.pub b/playbooks.d/git-server/share/pubkeys.d/root@bast-ed25519.pub
deleted file mode 100644
index e1d7ab3..0000000
--- a/playbooks.d/git-server/share/pubkeys.d/root@bast-ed25519.pub
+++ /dev/null
@@ -1 +0,0 @@
-ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICk/6jLojpp5Jaum8C1trxqtZuLd/GJH8sh0SB/Z/y9J root@bast
diff --git a/playbooks.d/git-server/share/pubkeys.d/root@gaeru-ed25519.pub b/playbooks.d/git-server/share/pubkeys.d/root@gaeru-ed25519.pub
index 3056a3d..fe3c6a7 100644
--- a/playbooks.d/git-server/share/pubkeys.d/root@gaeru-ed25519.pub
+++ b/playbooks.d/git-server/share/pubkeys.d/root@gaeru-ed25519.pub
@@ -1 +1 @@
-ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICj0hW49y+AGuMN2D672I5K6ZVLPVZLCsd+2MIat54nP root@gaeru.tyil.net
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILmqoy/OXsmmNpxEN/xISbHwDFt2u8f3HmGIvS2CASHm root@gaeru.tyil.net
diff --git a/playbooks.d/git-server/share/pubkeys.d/root@krohxe-ed25519.pub b/playbooks.d/git-server/share/pubkeys.d/root@krohxe-ed25519.pub
new file mode 100644
index 0000000..ed9e5ff
--- /dev/null
+++ b/playbooks.d/git-server/share/pubkeys.d/root@krohxe-ed25519.pub
@@ -0,0 +1 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIC331lDhnHuQl4vkTUU5riqJ72ShdZN6zWdt1E3UJ/CJ root@krohxe.tyil.net
diff --git a/playbooks.d/git-server/share/pubkeys.d/root@mieshu-ed25519.pub b/playbooks.d/git-server/share/pubkeys.d/root@mieshu-ed25519.pub
new file mode 100644
index 0000000..0faf439
--- /dev/null
+++ b/playbooks.d/git-server/share/pubkeys.d/root@mieshu-ed25519.pub
@@ -0,0 +1 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJLcXzcOPEYQWEARFgPpZCq2NZhTBWTsIezd4Mrkt0PY root@mieshu.tyil.net
diff --git a/playbooks.d/git-server/share/pubkeys.d/root@nouki-ed25519.pub b/playbooks.d/git-server/share/pubkeys.d/root@nouki-ed25519.pub
new file mode 100644
index 0000000..a19b34e
--- /dev/null
+++ b/playbooks.d/git-server/share/pubkeys.d/root@nouki-ed25519.pub
@@ -0,0 +1 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIh9xYBxb5n2N20Dj03lsij32UkPJ27EMQ/6VdKhjWVJ root@nouki.tyil.net
diff --git a/playbooks.d/git-server/share/pubkeys.d/root@oolah-ed25519.pub b/playbooks.d/git-server/share/pubkeys.d/root@oolah-ed25519.pub
new file mode 100644
index 0000000..d4c3c0d
--- /dev/null
+++ b/playbooks.d/git-server/share/pubkeys.d/root@oolah-ed25519.pub
@@ -0,0 +1 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAII6oh68n5HXeK45YaNnQC0mHufB/bUgsEyE500OW40B1 root@oolah.tyil.net
diff --git a/playbooks.d/git-server/share/pubkeys.d/tyil@bast-ed25519.pub b/playbooks.d/git-server/share/pubkeys.d/tyil@bast-ed25519.pub
deleted file mode 100644
index 00e492d..0000000
--- a/playbooks.d/git-server/share/pubkeys.d/tyil@bast-ed25519.pub
+++ /dev/null
@@ -1,5 +0,0 @@
-<<<<<<< HEAD
-ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAXhPa+EGS4NySl0YqG38xGEab6uqdimseqq4tlLWyV4 tyil@bast.tyil.net
-=======
-ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILE1+6HjG3XvLQDHLwnFzq78SEsPTNa8Wu6+inmTMqu7 tyil@bast
->>>>>>> d8b0063 (Update pubkey for tyil@bast)
diff --git a/playbooks.d/git-server/share/pubkeys.d/tyil@gaeru-ed25519.pub b/playbooks.d/git-server/share/pubkeys.d/tyil@gaeru-ed25519.pub
new file mode 100644
index 0000000..d5632d9
--- /dev/null
+++ b/playbooks.d/git-server/share/pubkeys.d/tyil@gaeru-ed25519.pub
@@ -0,0 +1 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ94ffGPvEb/Hi2B2XSaYjKpMiV93fzGLe0QUlXRJb1L tyil@gaeru.tyil.net
diff --git a/playbooks.d/git-server/share/pubkeys.d/tyil@ivdea-ed25519.pub b/playbooks.d/git-server/share/pubkeys.d/tyil@ivdea-ed25519.pub
deleted file mode 100644
index 834bcd2..0000000
--- a/playbooks.d/git-server/share/pubkeys.d/tyil@ivdea-ed25519.pub
+++ /dev/null
@@ -1 +0,0 @@
-ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE+Ki28DBM3A8QUpxbAlZx2x111+rhn8JPcec67y9xi/ tyil@ivdea.tyil.net
diff --git a/playbooks.d/git-server/share/pubkeys.d/tyil@ludifah-ed25519.pub b/playbooks.d/git-server/share/pubkeys.d/tyil@ludifah-ed25519.pub
new file mode 100644
index 0000000..e3503e7
--- /dev/null
+++ b/playbooks.d/git-server/share/pubkeys.d/tyil@ludifah-ed25519.pub
@@ -0,0 +1 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIVPGs2LkDvdkMzwR1Crk8OblMQD2snClUuIcYgUYcu4 tyil@ludifah.tyil.net
diff --git a/playbooks.d/git-server/share/pubkeys.d/tyil@mieshu-ed25519.pub b/playbooks.d/git-server/share/pubkeys.d/tyil@mieshu-ed25519.pub
new file mode 100644
index 0000000..a70b37c
--- /dev/null
+++ b/playbooks.d/git-server/share/pubkeys.d/tyil@mieshu-ed25519.pub
@@ -0,0 +1 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFqLhjoIYRZmkD9sv1l1c03x6EpkadjfrGJ+4gqgkmp5 tyil@mieshu.tyil.net
diff --git a/playbooks.d/git-server/share/pubkeys.d/tyil@nouki-ed25519.pub b/playbooks.d/git-server/share/pubkeys.d/tyil@nouki-ed25519.pub
new file mode 100644
index 0000000..52f292a
--- /dev/null
+++ b/playbooks.d/git-server/share/pubkeys.d/tyil@nouki-ed25519.pub
@@ -0,0 +1 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILNztf75LVF+UvoIDyduHfynZupdC+9g7RaIs6cGgmCa tyil@nouki.tyil.net
diff --git a/playbooks.d/git-server/share/pubkeys.d/tyil@oolah-ed25519.pub b/playbooks.d/git-server/share/pubkeys.d/tyil@oolah-ed25519.pub
new file mode 100644
index 0000000..dabadac
--- /dev/null
+++ b/playbooks.d/git-server/share/pubkeys.d/tyil@oolah-ed25519.pub
@@ -0,0 +1 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJkjrJ6agLK5Bdg2Y5B+88XDbP5UsQyvdUbd3LrOVmjI tyil@oolah.tyil.net
diff --git a/playbooks.d/git-server/share/pubkeys.d/tyil@sessifet-rsa.pub b/playbooks.d/git-server/share/pubkeys.d/tyil@sessifet-rsa.pub
deleted file mode 100644
index 1b8d9e6..0000000
--- a/playbooks.d/git-server/share/pubkeys.d/tyil@sessifet-rsa.pub
+++ /dev/null
@@ -1 +0,0 @@
-ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCqntlHQ/3HHPUoNl7bpQ6pZIxZHnUAAIXTB5eBjDE0auJZE0Qz5HjUkqZNSb0SzoK9GgLLMH7yNMaYMSTRJguRARRTY3MpdQbrsMu5/8HbKZwxhy7jVRAODnIDO2b3A67ZOHQAazNZYlX873fVhDJHP3RPpYWJS1L2jyk6Z3euvg0duo4JolBEHzmuDi8mEhdNhjW54VM9CRofRrD2VBrnxbmH6LCQwVfuEiz7jVlyugKIiPtaX/9fSnwUVjpNVn0TA93FL0M6xypZFywORrAGLV9kuoQ/G0iVfXqH1A04OFzH1RGNq+oHfHWYZdE098SS+ur9E8+wXcIDBkkI37kF tyil@sessifet.tyil.net
diff --git a/playbooks.d/k3s-master b/playbooks.d/k3s-master
-Subproject 00e7ed1c2e5c4cd26aa91fe4e020b301250e252
+Subproject 27d48e4dec3e2eee30d6000f16dc7eb8f67b85e
diff --git a/playbooks.d/k3s-node/description.txt b/playbooks.d/k3s-node/description.txt
new file mode 100644
index 0000000..2a299e3
--- /dev/null
+++ b/playbooks.d/k3s-node/description.txt
@@ -0,0 +1 @@
+Playbook for a single k3s node to be part of an existing cluster.
diff --git a/playbooks.d/k3s-node/etc/defaults b/playbooks.d/k3s-node/etc/defaults
new file mode 100644
index 0000000..3e2c63b
--- /dev/null
+++ b/playbooks.d/k3s-node/etc/defaults
@@ -0,0 +1,3 @@
+pkg.curl=curl
+pkg.nfs-common=nfs-common
+pkg.open-iscsi=open-iscsi
diff --git a/playbooks.d/k3s-node/etc/os.d/linux-gentoo b/playbooks.d/k3s-node/etc/os.d/linux-gentoo
new file mode 100644
index 0000000..5e7bc08
--- /dev/null
+++ b/playbooks.d/k3s-node/etc/os.d/linux-gentoo
@@ -0,0 +1,2 @@
+pkg.nfs-common=net-fs/nfs-utils
+pkg.open-iscsi=sys-block/open-iscsi
diff --git a/playbooks.d/k3s-node/playbook.bash b/playbooks.d/k3s-node/playbook.bash
new file mode 100644
index 0000000..f2ae8d6
--- /dev/null
+++ b/playbooks.d/k3s-node/playbook.bash
@@ -0,0 +1,41 @@
+#!/usr/bin/env bash
+
+BASHTARD_PLAYBOOK_VARS[$BASHTARD_PLAYBOOK.entry.host]="required"
+BASHTARD_PLAYBOOK_VARS[$BASHTARD_PLAYBOOK.entry.token]="required"
+
+playbook_add() {
+	pkg install curl nfs-common open-iscsi
+
+	info "$BASHTARD_PLAYBOOK" "Writing config.yaml for k3s"
+	mkdir -pv -- /etc/rancher/k3s
+	cat <<-EOF > /etc/rancher/k3s/config.yaml
+	node-ip: "$(config "$BASHTARD_PLAYBOOK.node-ip" "$(config "bashtard.ssh.host")")"
+	node-name: "${BASHTARD_PLATFORM[fqdn]}"
+	server: "https://$(config "$BASHTARD_PLAYBOOK.entry.host"):$(config "$BASHTARD_PLAYBOOK.entry.port" "6443")"
+	token: "$(config "$BASHTARD_PLAYBOOK.entry.token")"
+	EOF
+
+	if [[ "$(config "$BASHTARD_PLAYBOOK.role")" == "server" ]]
+	then
+		cat <<-EOF >> /etc/rancher/k3s/config.yaml
+		cluster-cidr: "$(config "$BASHTARD_PLAYBOOK.cluster-cidr" "172.19.0.0/16")"
+		cluster-domain: "$(config "$BASHTARD_PLAYBOOK.cluster-domain" "cluster.local")"
+		service-cidr: "$(config "$BASHTARD_PLAYBOOK.service-cidr" "172.20.0.0/16")"
+		service-node-port-range: "$(config "$BASHTARD_PLAYBOOK.service-node-port-min" "30000")-$(config "$BASHTARD_PLAYBOOK.service-node-port-max" "32767")"
+		EOF
+	fi
+
+	info "$BASHTARD_PLAYBOOK" "Installing k3s"
+	curl -sfL https://get.k3s.io | sh -s - "$(config "$BASHTARD_PLAYBOOK.role" "agent")"
+
+	notice "$BASHTARD_PLAYBOOK" "Waiting for node to become available"
+	{ grep -q -m 1 "${BASHTARD_PLATFORM[fqdn]}[[:space:]]\+Ready"; kill $!; } < <(k3s kubectl get node -w)
+}
+
+playbook_sync() {
+	:;
+}
+
+playbook_del() {
+	/usr/local/bin/k3s-uninstall.sh
+}
diff --git a/playbooks.d/nfs-server/description.txt b/playbooks.d/nfs-server/description.txt
new file mode 100644
index 0000000..8e396fe
--- /dev/null
+++ b/playbooks.d/nfs-server/description.txt
@@ -0,0 +1 @@
+A Bashtard playbook to configure a machine as an NFS server
diff --git a/playbooks.d/nfs-server/etc/defaults b/playbooks.d/nfs-server/etc/defaults
new file mode 100644
index 0000000..f8af32e
--- /dev/null
+++ b/playbooks.d/nfs-server/etc/defaults
@@ -0,0 +1,3 @@
+pkg.nfs-utils=nfs-utils
+svc.nfs=nfs-server
+svc.rpcbind=rpcbind
diff --git a/playbooks.d/nfs-server/etc/os.d/linux-gentoo b/playbooks.d/nfs-server/etc/os.d/linux-gentoo
new file mode 100644
index 0000000..a76300d
--- /dev/null
+++ b/playbooks.d/nfs-server/etc/os.d/linux-gentoo
@@ -0,0 +1 @@
+pkg.nfs-utils=net-fs/nfs-utils
diff --git a/playbooks.d/nfs-server/playbook.bash b/playbooks.d/nfs-server/playbook.bash
new file mode 100644
index 0000000..6856c72
--- /dev/null
+++ b/playbooks.d/nfs-server/playbook.bash
@@ -0,0 +1,75 @@
+#!/usr/bin/env bash
+
+playbook_add() {
+	pkg install nfs-utils
+
+	touch /etc/exports
+
+	playbook_sync
+
+	svc enable nfs
+	svc enable rpcbind
+
+	svc start nfs
+	svc start rpcbind
+}
+
+playbook_sync() {
+	local buffer="$(tmpfile)"
+	local exports="/etc/exports.d/kubernetes.exports"
+	local hash="$(file_hash "$exports")"
+
+	local root_options="ro,no_subtree_check"
+	local export_options="rw,no_root_squash,no_subtree_check"
+	local root_export="/mnt/exports"
+	local allowed_cidr=("10.57.0.0/16" "172.19.0.0/16")
+	local fsid
+
+	{
+		printf "%s" "$root_export"
+		for host in "${allowed_cidr[@]}"
+		do
+			printf " %s(fsid=%s,%s)" "$host" "0" "$export_options"
+		done
+		printf "\n"
+
+		for path in "$root_export"/*
+		do
+			fsid="$(config "$BASHTARD_PLAYBOOK.exports.$path.fsid" "")"
+
+			if [[ "$fsid" == "" ]]
+			then
+				warn "$BASHTARD_PLAYBOOK" "Generating fsid for $path"
+				fsid="$(uuidgen)"
+				$BASHTARD_BIN var "$BASHTARD_PLAYBOOK.exports.$path.fsid" "$fsid"
+			fi
+
+			printf "%s" "$path"
+			for host in "${allowed_cidr[@]}"
+			do
+				printf " %s(fsid=%s,%s)" "$host" "$fsid" "$export_options"
+			done
+			printf "\n"
+
+			unset fsid
+		done
+	} > "$buffer"
+
+	[[ "$(file_hash "$buffer")" == "$hash" ]] && return
+
+	mv -- "$buffer" "$exports"
+
+	[[ "$BASHTARD_ACTION" == "add" ]] && return
+
+	exportfs -rv
+}
+
+playbook_del() {
+	svc stop rpcbind
+	svc stop nfs
+
+	svc disable rpcbind
+	svc disable nfs
+
+	pkg uninstall nfs-utils
+}
diff --git a/playbooks.d/ssh/playbook.bash b/playbooks.d/ssh/playbook.bash
index 066d099..66d5963 100644
--- a/playbooks.d/ssh/playbook.bash
+++ b/playbooks.d/ssh/playbook.bash
@@ -13,7 +13,7 @@ playbook_add() {
 
 playbook_sync() {
 	info "$BASHTARD_PLAYBOOK" "Templating sshd_config"
-	file_template "sshd_config.bpt" \
+	file_template "sshd_config.satpl" \
 		"sftp=$(config "ssh.sftp")" \
 		> /etc/ssh/sshd_config
 
@@ -26,7 +26,7 @@ playbook_sync() {
 	fi
 
 	info "$BASHTARD_PLAYBOOK" "Generating MotD"
-	file_template "motd" \
+	file_template "motd.satpl" \
 		"fqdn=${BASHTARD_PLATFORM[fqdn]}" \
 		"time=$(date -u "+%FT%T")" \
 		> /etc/motd
diff --git a/playbooks.d/ssh/share/motd b/playbooks.d/ssh/share/motd.satpl
index 7fc4e34..7fc4e34 100644
--- a/playbooks.d/ssh/share/motd
+++ b/playbooks.d/ssh/share/motd.satpl
diff --git a/playbooks.d/ssh/share/sshd_config.bpt b/playbooks.d/ssh/share/sshd_config.satpl
index f1976a5..900ed34 100644
--- a/playbooks.d/ssh/share/sshd_config.bpt
+++ b/playbooks.d/ssh/share/sshd_config.satpl
@@ -8,7 +8,7 @@ ListenAddress ::
 PrintMotd yes
 
 # SFTP
-Subsystem sftp {{sftp}}
+Subsystem sftp ${sftp}
 
 # Authentication
 AuthorizedKeysFile /etc/ssh/authorized_keys .ssh/authorized_keys