Compare commits
1 commit
main
...
stackscrip
Author | SHA1 | Date | |
---|---|---|---|
55420e5aa9 |
4 changed files with 108 additions and 7 deletions
2
config
2
config
|
@ -1 +1 @@
|
||||||
Subproject commit 099c48acfad1cc0f4a6f09cbf0e691604f9d2f74
|
Subproject commit c87059bbe4d1478e6319e02c2eda35a68f369beb
|
21
config.go
21
config.go
|
@ -7,12 +7,13 @@ import (
|
||||||
)
|
)
|
||||||
|
|
||||||
type platform struct {
|
type platform struct {
|
||||||
Domain domainConfig `json:"domain"`
|
Domain domainConfig `json:"domain"`
|
||||||
Firewall firewallConfig `json:"firewall"`
|
Firewall firewallConfig `json:"firewall"`
|
||||||
Instance instanceConfig `json:"instance"`
|
Instance instanceConfig `json:"instance"`
|
||||||
Region string `json:"region"`
|
Region string `json:"region"`
|
||||||
Tags []string `json:"tags"`
|
Tags []string `json:"tags"`
|
||||||
Volumes []volumeConfig `json:"volumes"`
|
Volumes []volumeConfig `json:"volumes"`
|
||||||
|
StackScript stackScriptConfig `json:"stackScript"`
|
||||||
}
|
}
|
||||||
|
|
||||||
type domainConfig struct {
|
type domainConfig struct {
|
||||||
|
@ -62,6 +63,14 @@ type volumeConfig struct {
|
||||||
Size int32 `json:"size"`
|
Size int32 `json:"size"`
|
||||||
}
|
}
|
||||||
|
|
||||||
|
type stackScriptConfig struct {
|
||||||
|
Label string `json:"label"`
|
||||||
|
Description string `json:"description"`
|
||||||
|
Public bool `json:"public"`
|
||||||
|
SharedGroupGid int32 `json:"sharedGroupGid"`
|
||||||
|
AuthorizedKey string `json:"authorizedKey"`
|
||||||
|
}
|
||||||
|
|
||||||
func newConfig(path string) (*platform, error) {
|
func newConfig(path string) (*platform, error) {
|
||||||
f, err := os.Open(path)
|
f, err := os.Open(path)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
|
46
main.go
46
main.go
|
@ -2,8 +2,10 @@ package main
|
||||||
|
|
||||||
import (
|
import (
|
||||||
"fmt"
|
"fmt"
|
||||||
|
"bytes"
|
||||||
"os"
|
"os"
|
||||||
"strconv"
|
"strconv"
|
||||||
|
"text/template"
|
||||||
|
|
||||||
"github.com/pulumi/pulumi-linode/sdk/v3/go/linode"
|
"github.com/pulumi/pulumi-linode/sdk/v3/go/linode"
|
||||||
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
|
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
|
||||||
|
@ -24,6 +26,10 @@ func infra(ctx *pulumi.Context) error {
|
||||||
return fmt.Errorf("unable to load the platform configuration; %w", err)
|
return fmt.Errorf("unable to load the platform configuration; %w", err)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if err := stackscript(ctx, p); err != nil {
|
||||||
|
return fmt.Errorf("unable to manage the StackScript; %w", err)
|
||||||
|
}
|
||||||
|
|
||||||
instanceDetails, err := instance(ctx, p);
|
instanceDetails, err := instance(ctx, p);
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return fmt.Errorf("unable to manage the instance; %w", err)
|
return fmt.Errorf("unable to manage the instance; %w", err)
|
||||||
|
@ -193,6 +199,46 @@ func instance(ctx *pulumi.Context, cfg *platform) (instanceOutput, error) {
|
||||||
return output, nil
|
return output, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func stackscript(ctx *pulumi.Context, cfg *platform) error {
|
||||||
|
script, err := stackscriptText(cfg)
|
||||||
|
if err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
|
||||||
|
args := linode.StackScriptArgs{
|
||||||
|
Label: pulumi.String(cfg.StackScript.Label),
|
||||||
|
Description: pulumi.String(cfg.StackScript.Description),
|
||||||
|
Script: pulumi.String(script),
|
||||||
|
IsPublic: pulumi.Bool(cfg.StackScript.Public),
|
||||||
|
Images: pulumi.StringArray{
|
||||||
|
pulumi.String("linode/alpine3.17"),
|
||||||
|
pulumi.String("linode/alpine3.16"),
|
||||||
|
},
|
||||||
|
}
|
||||||
|
|
||||||
|
_, err = linode.NewStackScript(ctx, cfg.StackScript.Label, &args)
|
||||||
|
if err != nil {
|
||||||
|
return fmt.Errorf("unable to update StackScript; %w", err)
|
||||||
|
}
|
||||||
|
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
|
||||||
|
func stackscriptText(cfg *platform) (string, error) {
|
||||||
|
tmpl, err := template.New("stackscript.gotmpl").ParseFiles("./templates/stackscript.gotmpl")
|
||||||
|
if err != nil {
|
||||||
|
return "", fmt.Errorf("unable to get the StackScript template; %w", err)
|
||||||
|
}
|
||||||
|
|
||||||
|
var b bytes.Buffer
|
||||||
|
|
||||||
|
if err := tmpl.Execute(&b, cfg); err != nil {
|
||||||
|
return "", err
|
||||||
|
}
|
||||||
|
|
||||||
|
return b.String(), nil
|
||||||
|
}
|
||||||
|
|
||||||
func readme(ctx *pulumi.Context) error {
|
func readme(ctx *pulumi.Context) error {
|
||||||
data, err := os.ReadFile("./README.md")
|
data, err := os.ReadFile("./README.md")
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
|
46
templates/stackscript.gotmpl
Normal file
46
templates/stackscript.gotmpl
Normal file
|
@ -0,0 +1,46 @@
|
||||||
|
#!/bin/sh
|
||||||
|
|
||||||
|
set -e
|
||||||
|
|
||||||
|
# Upgrade system and install required packages
|
||||||
|
apk update
|
||||||
|
apk upgrade
|
||||||
|
|
||||||
|
apk add \
|
||||||
|
curl \
|
||||||
|
docker \
|
||||||
|
openntpd \
|
||||||
|
openssh \
|
||||||
|
shadow \
|
||||||
|
tzdata
|
||||||
|
|
||||||
|
groupadd -g {{ .StackScript.SharedGroupGid }} shared-flow
|
||||||
|
groupadd -g 1001 flow
|
||||||
|
useradd -s /bin/bash -g 1001 -u 1001 -m -G docker,shared-flow flow
|
||||||
|
|
||||||
|
mkdir /home/flow/.ssh
|
||||||
|
chmod 0700 /home/flow/.ssh
|
||||||
|
chown flow:flow /home/flow/.ssh
|
||||||
|
touch /home/flow/.ssh/authorized_keys
|
||||||
|
chown flow:flow /home/flow/.ssh/authorized_keys
|
||||||
|
chmod 0600 /home/flow/.ssh/authorized_keys
|
||||||
|
echo "{{ .StackScript.AuthorizedKey }}" | tee /home/flow/.ssh/authorized_keys
|
||||||
|
|
||||||
|
# TODO: Mount volume and edit /etc/fstab
|
||||||
|
|
||||||
|
# TODO: SSH Hardening (backup original config)
|
||||||
|
# Port 3142
|
||||||
|
# PermitRootLogin no
|
||||||
|
# PasswordAuthentication no
|
||||||
|
# PermitEmptyPasswords no
|
||||||
|
# AllowTcpForwarding no
|
||||||
|
# GatewayPorts no
|
||||||
|
# X11Forwarding no
|
||||||
|
|
||||||
|
# Set the timezone and local time
|
||||||
|
mkdir -p /etc/zoneinfo/Europe
|
||||||
|
chmod -R 0755 /etc/zoneinfo
|
||||||
|
cp /usr/share/zoneinfo/Europe/London /etc/zoneinfo/Europe/
|
||||||
|
ln -fs /etc/zoneinfo/Europe/London /etc/localtime
|
||||||
|
echo "Europe/London" > /etc/timezone
|
||||||
|
apk del tzdata
|
Loading…
Reference in a new issue