debian recipe

recipes/debian/provisionning/conf/common/templater.start

@@ -0,0 +1,104 @@
+#!/usr/bin/env bash
+
+#
+# Generate all the configuration files
+# Get all the values from the VLS_DIR
+# Process each template from the TPL_DIR with this values
+#
+
+ENV_FILE=${ENV_FILE:-/var/run/one-context/one_env}
+TPL_DIR="/usr/share/builder/templates"
+VLS_DIR="/usr/share/builder/values"
+CONFIG=""
+
+if [ -f "${ENV_FILE}" ]; then
+. ${ENV_FILE}
+fi
+
+BTR="$(command -v btr)"
+if [ "${?}" -ne 0 ]; then
+  echo "Warning: Nothing to do the templater is not installed"
+  exit 0
+fi
+
+if [ ! -e "${TPL_DIR}" ]; then
+  echo "Error: The template dir is missing (${TPL_DIR})"
+  exit 1
+fi
+
+if [ ! -e "${VLS_DIR}" ]; then
+  echo "Error: The template dir is missing (${VLS_DIR})"
+  exit 1
+fi
+
+jsonQuery() {
+  local data="${1}"
+  local query="${2}"
+  echo "${data}" | jq -cr "${query}"
+}
+
+# NAME: @jsonMerge
+# AIM: Merge two json structures
+# NOTES:
+#   The last one has de last word
+#   if you have the same key in A and B
+#   this keeps the value of the B structure.
+# PARAMS:
+#  $1: original JSON Structure
+#  $2: updated JSON Structure
+jsonMerge() {
+  local data="${1}"
+  local data2="${2}"
+
+  echo "${data} ${data2}" | jq -cr -s ".[0] * .[1]"
+}
+
+jsonUpdateVal() {
+  local json="${1}"
+  local key="${2}"
+  local value="${3}"
+
+  echo "${json}" | jq --arg a "${value}" "${key} = \$a" 
+}
+
+getValues() {
+
+  local values=""
+
+  for file in $(find ${VLS_DIR} -name "*.json"); do
+    values="${values}$(cat ${file})"
+  done
+
+  if [ -n "${RAW_CONFIG}" ]; then
+    values="$(jsonMerge ${values} ${RAW_CONFIG})"
+  fi
+
+  for svc in $(echo ${values} | jq -cr '.Services|keys[]'); do
+    for key in $(echo ${values} | jq -cr ".Services.${svc}.Vars|keys[]"); do
+      ukey=${key^^}
+      vkeys="$(echo ${values} | jq -cr \".Services.${svc}.Vars.${key}\|keys[]\")"
+      if [ ${?} -eq 0 ]; then
+        for var in $(echo ${values} | jq -cr ".Services.${svc}.Vars.${key}|keys[]"); do
+          uvar=${var^^}
+          val=$(eval echo "\$${ukey}_${uvar}")
+          if [ -n "${val}" ]; then
+            values=$(jsonUpdateVal "${values}" ".Services.${svc}.Vars.${key}.${var}" "${val}")
+          fi
+        done
+      else
+        values=$(jsonUpdateVal "${values}" ".Services.${svc}.Vars.${key}" "${!ukey}")
+      fi
+    done
+  done
+  echo ${values}
+}
+
+processTemplates() {
+  ${BTR} -t ${TPL_DIR} -c "${1}"
+}
+
+VALUES=$(getValues)
+file=$(mktemp)
+echo "${VALUES}" > "${file}"
+processTemplates "${file}"
+rm -rf "${file}"

recipes/debian/provisionning/conf/harbor/init.d/harbor

@@ -0,0 +1,64 @@
+#!/sbin/openrc-run
+
+: ${SUBCFGDIR:=/srv}
+DOCKER_COMPOSE_UP_ARGS=${DOCKER_COMPOSE_UP_ARGS-"--no-build --no-recreate --no-deps"}
+
+SUBSVC="${SVCNAME#*.}"
+[ -z "${SUBSVC}" ] && exit 1
+: ${SUBCFG:="${SUBCFGDIR}/${SUBSVC}/docker-compose.yml"}
+DOCOCMD="/usr/bin/docker-compose"
+export COMPOSE_HTTP_TIMEOUT=300
+
+description="Manage docker services defined in ${SUBCFG}"
+extra_commands="configtest build"
+description_configtest="Check configuration via \"docker-compose -f ${SUBCFG} config\""
+description_build="Run \"docker-compose -f ${SUBCFG} build\""
+
+depend() {
+  need localmount net docker
+  use dns
+  after docker
+}
+
+configtest() {
+  if ! [ -f "${SUBCFG}" ]; then
+    eerror "The config file ${SUBCFG} does not exist!"
+    return 1
+  fi
+  if "${DOCOCMD}" -f "${SUBCFG}" config >&/dev/null; then
+    einfo "config: ok"
+  else
+    eerror "config: error"
+    return 1
+  fi
+}
+
+build() {
+  configtest || return 1
+  ebegin "Building dockerservice ${SUBSVC}"
+  "${DOCOCMD}" -f "${SUBCFG}" build
+  eend $?
+}
+
+start() {
+  configtest || return 1
+  ebegin "Starting dockerservice ${SUBSVC}"
+  sleep 5
+  "${DOCOCMD}" -f "${SUBCFG}" up -d ${DOCKER_COMPOSE_UP_ARGS}
+  eend $?
+}
+
+stop() {
+  ebegin "Stopping dockerservice ${SUBSVC}"
+  "${DOCOCMD}" -f "${SUBCFG}" stop --timeout=300
+  eend $?
+}
+
+status() {
+  if [ "$("${DOCOCMD}" -f "${SUBCFG}" top | wc -l)" -gt "0" ]; then
+    einfo "status: started"
+  else
+    einfo "status: stopped"
+    return 3
+  fi
+}

recipes/debian/provisionning/conf/kubernetes/initkubernetes.start

@@ -0,0 +1,181 @@
+#!/bin/sh
+
+ENV_FILE=${ENV_FILE:-/var/run/one-context/one_env}
+LOG_FILE="/var/log/initkubernets.log"
+FIRST_BOOT="/var/run/firstboot.flag"
+
+infoLog() {
+    echo "Info: $@" | tee -a ${LOG_FILE}
+}
+
+errorLog() {
+    echo "Error: $@" | tee -a ${LOG_FILE}
+}
+
+waitReadyState() {
+    local vmID="${1}"
+    local timeout="${2}"
+
+    local tick=0
+    while true ;do
+        local ready=$(onegate vm show ${vmID} --json | jq -rc ".VM.USER_TEMPLATE.READY")
+        if [ "${ready}" = "YES" ];then
+            return 0
+        elif [ "${timeout}" -eq "${tick}" ];then
+            return ${timeout}
+        else
+            sleep 1
+            tick=$((tick+1))
+        fi
+    done
+}
+
+returnToken() {
+    infoLog "Returning tokens"
+    local caSecretKey="${1}"
+    local caToken=$(openssl x509 -in /etc/kubernetes/pki/ca.crt -noout -pubkey | openssl rsa -pubin -outform DER 2>/dev/null | sha256sum | cut -d' ' -f1)
+    local kubeToken=$(kubeadm token list  | awk '/authentication,signing.*The default*/ {print $1}')
+    local masterAddr=$(awk -F '/' '/server/ {print $3}' /etc/kubernetes/admin.conf)
+
+    if [ -n "${ONEGATE_ENDPOINT}" ];then
+        infoLog "Onegate detected"
+        data="READY=YES"
+        data="${data} MASTER_ADDR=${masterAddr}"
+        data="${data} MASTER_TOKEN=${kubeToken}"
+        data="${data} MASTER_CA_TOKEN=sha256:${caToken}"
+        data="${data} MASTER_CA_SECRET_KEY=${caSecretKey}"
+        onegate vm update --data "${data}"
+        infoLog "Onegate data seted"
+    else
+        infoLog "Onegate is not present"
+        echo "${masterAdd} ${kubeToken} ${caToken}" >> /root/kube.token
+        infoLog "Tokens are available at /root/kube.token"
+    fi
+}
+
+joinCluster() {
+    local master="${MASTER_ADDR}"
+    local token="${MASTER_TOKEN}"
+    local caToken="${MASTER_CA_TOKEN}"
+    local caSecretKey="${MASTER_CA_SECRET_KEY}"
+    local sname="${SERVICE_NAME}"
+
+    if [ -n "${ONEGATE_ENDPOINT}" ];then
+        local masterID=$(onegate service show --json | jq -c '.SERVICE.roles[]  | select(.name == "leader") | .nodes[0].deploy_id')
+        if [ "${?}" -eq 0 ]; then
+            waitReadyState ${masterID} 600
+            if [ "${?}" -ne 0 ];then
+                errorLog "Master node is node ready after 600s"
+                return 3
+            fi
+            local masterInfo=$(onegate vm show ${masterID} --json | \
+                jq -cr ".VM.USER_TEMPLATE.MASTER_ADDR, .VM.USER_TEMPLATE.MASTER_TOKEN, .VM.USER_TEMPLATE.MASTER_CA_TOKEN,.VM.USER_TEMPLATE.MASTER_CA_SECRET_KEY, .VM.TEMPLATE.NIC[0].IP")
+            master=$(echo ${masterInfo} | cut -d " " -f 1)
+            token=$(echo ${masterInfo} | cut -d " " -f 2)
+            caToken=$(echo ${masterInfo} | cut -d " " -f 3)
+            caSecretKey=$(echo ${masterInfo} | cut -d " " -f 4)
+            masterIP=$(echo ${masterInfo} | cut -d " " -f 5)
+            sname=$(onegate service show --json | jq -cr ".SERVICE.name")
+        fi
+
+        # Setting dns resolution for cluster
+        echo "${masterIP} ${sname}" >> /etc/hosts
+        onegate service show --json  | jq -rc '.SERVICE.roles[].nodes[].vm_info.VM | .TEMPLATE.NIC[].IP + " " + .NAME' >> /etc/hosts
+    fi
+    if [ -n "${master}" ] & [ -n "${token}" ] & [ -n "${caToken}" ];then
+        opts="--node-name $(hostname -f)"
+        opts="${opts} --token ${token}"
+        opts="${opts} --discovery-token-ca-cert-hash ${caToken}"
+        if [ -n "${1}" ];then
+            opts="${opts} --control-plane"
+            opts="${opts} --certificate-key ${caSecretKey}"
+        fi
+        opts="${opts} ${master}"
+
+        kubeadm join ${opts} | tee -a "${LOG_FILE}"
+    else
+        errorLog "Something is missing, can't join the cluster:"
+        errorLog "   Master addr: [${master}]"
+        errorLog "   Master token: [${token}]"
+        errorLog "   Master CA token: [${caToken}]"
+        return 3
+    fi
+}
+
+getServiceName() {
+    local sname=$(onegate service show --json | jq -cr ".SERVICE.name")
+    local tmout=30
+    local tick=0
+    while true ;do
+        if [ -z "${sname}" ];then
+            sname=$(onegate service show --json | jq -cr ".SERVICE.name")
+        else
+            echo ${sname}
+            return 0
+        fi
+        sleep 1
+        tick=$((tick+1))
+        if [ ${tmout} -eq ${tick} ];then
+            hostname -f
+            return 3
+        fi
+    done
+}
+
+initLeader() {
+    sname="$(hostname -f)"
+
+    if [ -n "${ONEGATE_ENDPOINT}" ];then
+        sname=$(getServiceName)
+        sip=$(onegate vm show --json | jq -rc ".VM.TEMPLATE.NIC[0].IP")
+        echo "${sip} ${sname} $(hostname -f)" >> /etc/hosts
+        onegate service show --json  | jq -rc '.SERVICE.roles[].nodes[].vm_info.VM | .TEMPLATE.NIC[].IP + " " + .NAME' >> /etc/hosts
+    fi
+
+    caSecretKey=$(date | sha256sum | awk '{print $1}')
+
+    infoLog "Kubernetes init started"
+    kubeadm init --pod-network-cidr=10.244.0.0/16        \
+        --node-name="${SET_HOSTNAME}"                    \
+        --control-plane-endpoint "${sname}:6443"         \
+        --upload-certs --certificate-key "${caSecretKey}" | tee -a "${LOG_FILE}"
+    infoLog "Kubernetes init ended"
+
+    infoLog "Configuring kubectl"
+    mkdir /root/.kube
+    ln -s /etc/kubernetes/admin.conf /root/.kube/config
+    infoLog "kubectl configured"
+
+    infoLog "Installing cilium"
+    sleep 20
+    kubectl config view --minify -o jsonpath='{.clusters[].name}'
+    sleep 20
+    cilium install --helm-set 'cni.binPath=/usr/libexec/cni' --wait | tee -a "${LOG_FILE}"
+    infoLog "Cilium is installed"
+
+    returnToken "${caSecretKey}"
+}
+
+initKube() {
+    if [ "${SERVER_ROLE}" == "leader" ];then
+        initLeader
+    elif [ "${SERVER_ROLE}" == "worker" ];then
+        joinCluster
+    elif [ "${SERVER_ROLE}" == "master" ];then
+        joinCluster "${SERVER_ROLE}"
+    fi
+    touch ${FIRST_BOOT}
+    infoLog "Kubernetes cluster init is finished"
+}
+
+if [ -f "${ENV_FILE}" ]; then
+  . "${ENV_FILE}"
+fi
+
+if [ -f  "${FIRST_BOOT}" ];then
+    exit 0
+else
+    uuidgen > /etc/machine-id
+    swapoff -a # Make sure swap is disabled
+    initKube &
+fi

recipes/debian/provisionning/conf/kubernetes/sharemetrics.start

@@ -0,0 +1,3 @@
+#!/bin/sh
+
+mount --make-rshared /

recipes/debian/provisionning/conf/matchbox/initmatchbox.start

@@ -0,0 +1,25 @@
+#!/bin/sh
+
+FL_VERSIONS="current 3374.2.0"
+MATCHBOX_DIR="/var/lib/matchbox"
+ASSETS_DIR="${MATCHBOX_DIR}/assets/"
+
+GPG_FNAME="Flatcar_Image_Signing_Key.asc"
+GPG_KEYS_URL="https://www.flatcar.org/security/image-signing-key/"
+
+cd /tmp
+curl -L -O ${GPG_KEYS_URL}/${GPG_FNAME}
+gpg --import --keyid-format LONG ${GPG_FNAME}
+cd -
+
+echo "Provisionning matchbox with flatcar images"
+tout=30
+for version in ${FL_VERSIONS}; do
+   for i in $(seq 1 ${tout});do
+      echo "  * ${FL_VERSIONS} stable image (try ${i})"
+      /usr/local/bin/get-flatcar stable ${version} ${ASSETS_DIR}
+      if [[ "${?}" -eq 0 ]]; then
+         break
+      fi
+   done
+done

recipes/debian/provisionning/conf/matchbox/inittftp.start

@@ -0,0 +1,10 @@
+#!/bin/sh
+
+dest="${1}"
+
+ipxeEFISource="http://boot.ipxe.org/ipxe.efi"
+kpxeSource="http://boot.ipxe.org/undionly.kpxe"
+
+cd "${dest}"
+wget "${ipxeEFISource}"
+wget "${kpxeSource}"

recipes/debian/provisionning/conf/nuo-harbor

@@ -0,0 +1 @@
+harbor

recipes/debian/provisionning/conf/nuo-matchbox

@@ -0,0 +1 @@
+matchbox

recipes/debian/provisionning/conf/one-context/net-90-jenkins-slave

@@ -0,0 +1,13 @@
+#!/bin/sh
+
+CONF="/etc/conf.d/jenkins-slave"
+if [ -e "/etc/jenkins-slave.conf" ]; then
+   CONF="/etc/jenkins-slave.conf"
+fi
+
+TOTAL_MEMORY=$(cat /proc/meminfo | grep MemTotal | awk '{ printf "%sg", int($2/1024/1024)+1 }')
+sed -i "s|^JENKINS_SLAVE_NAME=.*$|JENKINS_SLAVE_NAME='slave-$ETH0_IP'|" "${CONF}"
+sed -i "s|^JENKINS_SLAVE_USERNAME=.*$|JENKINS_SLAVE_USERNAME='$JENKINS_SLAVE_USERNAME'|" "${CONF}"
+sed -i "s|^JENKINS_SLAVE_PASSWORD=.*$|JENKINS_SLAVE_PASSWORD='$JENKINS_SLAVE_PASSWORD'|" "${CONF}"
+sed -i "s|^JENKINS_MASTER_URL=.*$|JENKINS_MASTER_URL='$JENKINS_MASTER_URL'|" "${CONF}"
+sed -i "s|^JENKINS_SLAVE_LABELS=.*$|JENKINS_SLAVE_LABELS='docker docker-compose mem-$TOTAL_MEMORY $JENKINS_SLAVE_LABELS'|" "${CONF}"

recipes/debian/provisionning/conf/one-context/net-96-gitlab-register

@@ -0,0 +1,31 @@
+#!/usr/bin/env bash
+
+ENV_FILE=${ENV_FILE:-/var/run/one-context/one_env}
+
+# $TOKENTXT is available only through the env. file
+# shellcheck disable=SC1090
+if [ -f "${ENV_FILE}" ]; then
+  . "${ENV_FILE}"
+fi
+
+###
+
+if [ -n "${GITLAB_URL}" ]; then
+  if command -v gitlab-runner; then
+    if [ -n "${GITLAB_SHELL}" ]; then
+      opts="--shell=${GITLAB_SHELL}"
+    fi
+    # shellcheck disable=SC2086
+    gitlab-runner register \
+      --non-interactive \
+      --url="${GITLAB_URL}" \
+      --registration-token="${GITLAB_TOKEN}" \
+      --executor="${GITLAB_EXECUTOR}" \
+      --description="${GITLAB_RUNNER_NAME}" \
+      --tag-list="${GITLAB_TAG_LIST}" \
+      --locked=false \
+      --access-level=not_protected \
+      --run-untagged=false \
+      "${opts}"
+  fi
+fi

recipes/debian/provisionning/conf/one-context/net-96-templater

@@ -0,0 +1,80 @@
+#!/usr/bin/env bash
+
+#
+# Generate all the configuration files
+# Get all the values from the VLS_DIR
+# Process each template from the TPL_DIR with this values
+#
+
+ENV_FILE=${ENV_FILE:-/var/run/one-context/one_env}
+TPL_DIR="/usr/share/builder/templates"
+VLS_DIR="/usr/share/builder/values"
+CONFIG=""
+
+. ${ENV_FILE}
+
+BTR="$(command -v btr)"
+if [ "${?}" -ne 0 ]; then
+  echo "Warning: Nothing to do the templater is not installed"
+  exit 0
+fi
+
+if [ ! -e "${TPL_DIR}" ]; then
+  echo "Error: The template dir is missing (${TPL_DIR})"
+  exit 1
+fi
+
+if [ ! -e "${VLS_DIR}" ]; then
+  echo "Error: The template dir is missing (${VLS_DIR})"
+  exit 1
+fi
+
+jsonQuery() {
+  local data="${1}"
+  local query="${2}"
+  echo "${data}" | jq -cr "${query}"
+}
+
+# NAME: @jsonMerge
+# AIM: Merge two json structures
+# NOTES:
+#   The last one has de last word
+#   if you have the same key in A and B
+#   this keeps the value of the B structure.
+# PARAMS:
+#  $1: original JSON Structure
+#  $2: updated JSON Structure
+jsonMerge() {
+  local data="${1}"
+  local data2="${2}"
+
+  echo "${data} ${data2}" | jq -cr -s ".[0] * .[1]"
+}
+
+getValues() {
+
+  local values=""
+
+  for file in $(find ${VLS_DIR} -name "*.json"); do
+    values="${values}$(cat ${file})"
+  done
+
+  if [ -n "${RAW_CONFIG}" ]; then
+    values="$(jsonMerge ${values} ${RAW_CONFIG})"
+  fi
+
+  for key in $(echo ${values} | jq -cr '.|keys[]'); do
+    ukey=${key^^}
+    if [ -n "${!ukey}" ]; then
+      values="$(jsonMerge "${values}" "{\"${key}\":\"${!ukey}\"}")"
+    fi
+  done
+  echo ${values}
+}
+
+processTemplates() {
+  ${BTR} -t ${TPL_DIR} -c "${1}"
+}
+VALUES=$(getValues)
+echo ${VALUES}
+processTemplates "${VALUES}"

recipes/debian/provisionning/conf/one-context/net-97-k3s

@@ -0,0 +1,21 @@
+#!/usr/bin/env bash
+
+ENV_FILE=${ENV_FILE:-/var/run/one-context/one_env}
+
+# $TOKENTXT is available only through the env. file
+# shellcheck disable=SC1090
+if [ -f "${ENV_FILE}" ]; then
+  . "${ENV_FILE}"
+fi
+
+###
+
+if [ -n "${K3S_ROLE}" ]; then
+  if [ "${K3S_ROLE}" = "server" ]; then
+    rc-update add dnsmasq default
+    service dnsmasq start
+
+    rc-update add k3s default
+    service k3s start
+  fi
+fi

recipes/debian/provisionning/debian/cloud-init/meta-data

@@ -0,0 +1,3 @@
+{
+"instance-id": "iid-local01"
+}

recipes/debian/provisionning/debian/debian-11-install.sh

@@ -0,0 +1,9 @@
+#!/bin/sh
+
+echo "${1}" >/etc/hostname
+
+apt-get update
+apt-get -y dist-upgrade
+apt-get install wget curl -y
+
+touch /etc/cloud/cloud-init.disabled

recipes/debian/provisionning/debian/http/preseed.cfg

@@ -0,0 +1,107 @@
+# To see all available options execute this command once the install is done:
+# sudo less /var/log/installer/cdebconf/questions.dat
+# If you need information about an option use the command below (example for keymap):
+# grep -A 4 "keyboard-configuration/xkb-keymap" /var/log/installer/cdebconf/templates.dat
+
+# Use network mirror for package installation
+# d-i apt-setup/use_mirror boolean true
+
+# Automatic installation
+d-i auto-install/enable boolean true
+
+# "linux-server" is substituted by "linux-image-amd64"
+# Possible options : "linux-image-amd64"(default) or "linux-image-rt-amd64"
+d-i base-installer/kernel/override-image string linux-server
+
+# Configure hardware clock
+d-i clock-setup/utc boolean true
+d-i clock-setup/utc-auto boolean true
+
+d-i netcfg/choose_interface select auto
+d-i netcfg/use_dhcp boolean true
+
+# d-i console-setup/ask_detect boolean false
+
+# d-i debconf/frontend select noninteractive
+
+# Set OS locale
+d-i debian-installer/language string fr
+d-i debian-installer/country string FR
+d-i debian-installer/locale string fr_FR.UTF-8
+
+# d-i debian-installer/framebuffer boolean false
+
+# Reboot once the install is done
+d-i finish-install/reboot_in_progress note
+
+# Bootloader options
+d-i grub-installer/only_debian boolean true
+d-i grub-installer/with_other_os boolean true
+d-i grub-installer/bootdev string /dev/vda
+
+# Set the keyboard layout
+d-i keyboard-configuration/xkb-keymap select fr
+
+# Mirror from which packages will be downloaded
+d-i mirror/country string manual
+d-i mirror/http/directory string /debian
+d-i mirror/http/hostname string httpredir.debian.org
+
+# Configure http proxy if needed "http://[[user][:pass]@]host[:port]/"
+d-i mirror/http/proxy string
+
+# Disk configuration
+d-i partman-efi/non_efi_system boolean true
+d-i partman-auto-lvm/guided_size string max
+d-i partman-auto/choose_recipe select atomic
+d-i partman-auto/method string lvm
+d-i partman-lvm/confirm boolean true
+d-i partman-lvm/confirm_nooverwrite boolean true
+d-i partman-lvm/device_remove_lvm boolean true
+d-i partman/choose_partition select finish
+d-i partman/confirm boolean true
+d-i partman/confirm_nooverwrite boolean true
+d-i partman/confirm_write_new_label boolean true
+
+# User configuration
+d-i passwd/root-login boolean true
+d-i passwd/root-password-crypted password $1$hA6nLFTh$FitTH.KXJWluJN9z7lDjr0
+d-i passwd/user-fullname string packer
+d-i passwd/user-uid string 1000
+d-i passwd/username string packer
+d-i passwd/user-password-crypted password $1$hA6nLFTh$FitTH.KXJWluJN9z7lDjr0
+
+# Extra packages to be installed
+d-i pkgsel/include string sudo
+d-i pkgsel/include string openssh-server build-essential
+
+d-i pkgsel/install-language-support boolean false
+d-i pkgsel/update-policy select none
+
+# Whether to upgrade packages after debootstrap
+d-i pkgsel/upgrade select full-upgrade
+
+# Set timezone
+d-i time/zone string Europe/Paris
+
+# Allow weak user password
+d-i user-setup/allow-password-weak boolean true
+
+# Home folder encryption
+d-i user-setup/encrypt-home boolean false
+
+# Do not scan additional CDs
+apt-cdrom-setup apt-setup/cdrom/set-first boolean false
+
+# Use network mirror
+apt-mirror-setup apt-setup/use_mirror boolean true
+
+# Disable polularity contest
+popularity-contest popularity-contest/participate boolean false
+
+# Select base install
+tasksel tasksel/first multiselect standard, ssh-server
+
+# Setup passwordless sudo for packer user
+d-i preseed/late_command string \
+  echo "packer ALL=(ALL:ALL) NOPASSWD:ALL" > /target/etc/sudoers.d/packer && chmod 0440 /target/etc/sudoers.d/packer

recipes/debian/provisionning/letsencrypt.sh

@@ -0,0 +1,26 @@
+#!/bin/sh
+
+set -eo pipefail
+
+DESTDIR=/usr/local/share/ca-certificates
+UPDATE_CERTS_CMD=update-ca-certificates
+CERTS="$(cat <<EOF
+https://letsencrypt.org/certs/isrgrootx1.pem
+https://letsencrypt.org/certs/isrg-root-x2.pem
+https://letsencrypt.org/certs/lets-encrypt-r3.pem
+https://letsencrypt.org/certs/lets-encrypt-e1.pem
+https://letsencrypt.org/certs/lets-encrypt-r4.pem
+https://letsencrypt.org/certs/lets-encrypt-e2.pem
+EOF
+)"
+
+cd "$DESTDIR"
+
+for cert in $CERTS; do
+    echo "Downloading '$cert'..."
+    filename=$(basename "$cert")
+    wget --tries=10 --timeout=30 -O "$filename" "$cert"
+    #openssl x509 -in "$filename" -inform PEM -out "$filename.crt"
+done
+
+$UPDATE_CERTS_CMD

recipes/debian/provisionning/one-context.sh

@@ -0,0 +1,12 @@
+#!/bin/sh
+
+set -e
+
+ONE_CONTEXT_VERSION="6.4.0"
+ONE_CONTEXT_PKG_VERSION="1"
+PKG="one-context-${ONE_CONTEXT_VERSION}-r${ONE_CONTEXT_PKG_VERSION}.apk"
+PKG_URL="https://github.com/OpenNebula/addon-context-linux/releases/download/v${ONE_CONTEXT_VERSION}/${PKG}"
+
+cd /tmp || exit 3
+wget -q --no-check-certificate ${PKG_URL}
+apk add --allow-untrusted --no-cache ${PKG}

recipes/debian/provisionning/one-context/net-96-templater

@@ -0,0 +1,102 @@
+#!/usr/bin/env bash
+
+#
+# Generate all the configuration files
+# Get all the values from the VLS_DIR
+# Process each template from the TPL_DIR with this values
+#
+
+ENV_FILE=${ENV_FILE:-/var/run/one-context/one_env}
+TPL_DIR="/usr/share/builder/templates"
+VLS_DIR="/usr/share/builder/values"
+CONFIG=""
+
+. ${ENV_FILE}
+
+BTR="$(command -v btr)"
+if [ "${?}" -ne 0 ]; then
+  echo "Warning: Nothing to do the templater is not installed"
+  exit 0
+fi
+
+if [ ! -e "${TPL_DIR}" ]; then
+  echo "Error: The template dir is missing (${TPL_DIR})"
+  exit 1
+fi
+
+if [ ! -e "${VLS_DIR}" ]; then
+  echo "Error: The template dir is missing (${VLS_DIR})"
+  exit 1
+fi
+
+jsonQuery() {
+  local data="${1}"
+  local query="${2}"
+  echo "${data}" | jq -cr "${query}"
+}
+
+# NAME: @jsonMerge
+# AIM: Merge two json structures
+# NOTES:
+#   The last one has de last word
+#   if you have the same key in A and B
+#   this keeps the value of the B structure.
+# PARAMS:
+#  $1: original JSON Structure
+#  $2: updated JSON Structure
+jsonMerge() {
+  local data="${1}"
+  local data2="${2}"
+
+  echo "${data} ${data2}" | jq -cr -s ".[0] * .[1]"
+}
+
+jsonUpdateVal() {
+  local json="${1}"
+  local key="${2}"
+  local value="${3}"
+
+  echo "${json}" | jq --arg a "${value}" "${key} = \$a" 
+}
+
+getValues() {
+
+  local values=""
+
+  for file in $(find ${VLS_DIR} -name "*.json"); do
+    values="${values}$(cat ${file})"
+  done
+
+  if [ -n "${RAW_CONFIG}" ]; then
+    values="$(jsonMerge ${values} ${RAW_CONFIG})"
+  fi
+
+  for svc in $(echo ${values} | jq -cr '.Services|keys[]'); do
+    for key in $(echo ${values} | jq -cr ".Services.${svc}.Vars|keys[]"); do
+      ukey=${key^^}
+      vkeys="$(echo ${values} | jq -cr \".Services.${svc}.Vars.${key}\|keys[]\")"
+      if [ ${?} -eq 0 ]; then
+        for var in $(echo ${values} | jq -cr ".Services.${svc}.Vars.${key}|keys[]"); do
+          uvar=${var^^}
+          val=$(eval echo "\$${ukey}_${uvar}")
+          if [ -n "${val}" ]; then
+            values=$(jsonUpdateVal "${values}" ".Services.${svc}.Vars.${key}.${var}" "${val}")
+          fi
+        done
+      else
+        values=$(jsonUpdateVal "${values}" ".Services.${svc}.Vars.${key}" "${!ukey}")
+      fi
+    done
+  done
+  echo ${values}
+}
+
+processTemplates() {
+  ${BTR} -t ${TPL_DIR} -c "${1}"
+}
+
+VALUES=$(getValues)
+file=$(mktemp)
+echo "${VALUES}" > "${file}"
+processTemplates "${file}"
+rm -rf "${file}"

recipes/debian/provisionning/one-context/net-97-k3s

@@ -0,0 +1,21 @@
+#!/usr/bin/env bash
+
+ENV_FILE=${ENV_FILE:-/var/run/one-context/one_env}
+
+# $TOKENTXT is available only through the env. file
+# shellcheck disable=SC1090
+if [ -f "${ENV_FILE}" ]; then
+  . "${ENV_FILE}"
+fi
+
+###
+
+if [ -n "${K3S_ROLE}" ]; then
+  if [ "${K3S_ROLE}" = "server" ]; then
+    rc-update add dnsmasq default
+    service dnsmasq start
+
+    rc-update add k3s default
+    service k3s start
+  fi
+fi

recipes/debian/provisionning/ssh/cadoles/pcaseiro.pub

@@ -0,0 +1 @@
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDDph3zh6ojSvH44k13z9B6xj+Hargo3uzkxnYv5s5NI4yagNuBXEc3aS++KdocND+FtVfLK+iVE8qHo2bvmpMmVkqU6WU2apN7DfIP0QGLlSGeo+UOZ9hGeEDlgVO4AOnZKZ5kPGBEPZ84JXuE9CmhKfwEVCK8w3B8XQttA8alFl4A4/4F14x2w4njsSLY1H3b0qah7hgYKU5zHIGLg8Lxx+1BxGIF0l5n5m5rqAskRNaF+aYbs0CcWHv49bPK0sJJ0qPV2r2sq8BlzuZFHExnZRIxpsIXdce4Bm4rdlGi7tBmmurLk4OOtDkwvhD0LMaNJf10k6QLSmRUTVzgsYz/dmGxopbMtwwIXkwi014uSZgi8wAuznXx5I4j2TUGPZHOVf+1iw/yaxWlgTVOSoX7ZxyhDgW5cCgZZGNzU5UWe0vUuVTB+hfSMj50/Q6+Vi92/mDMbPhm4nBoVzD5DT15mB+yGyN45Ej61m0JzVUyZexfvVaffEug1/u5dnwilP0WGKr4i2OXxOXtvSdAs5rlZjvppZk6IxRCwXIcPwEFL97ZrQZAxlVS5Nh+ZnlSwTe3zfQhzHj1ao0AdCAHFPUEdoUPJhSb0OjyCvZ9XZ1KCkXhuhuN/3IUhuoWl4soNCeC3KmU/USx1wda438Exj0hM1mTyBZScDPGyD9nw78DGw== Philippe Caseiro

recipes/debian/provisionning/ssh/cadoles/vfebvre.pub

@@ -0,0 +1 @@
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDZxr8C81Dm5Zl2AtDzTVa8hFs04aV1z8ANrXYVHnLf7gEG4c1BI9iWbm94gVCQT4IvoKR5oZxjxGnx1a7VaX6h6dt33+p/s2IJiwG+9/DykPnImw+ALTcnMcyrwOYh68jnQIOGkYzK/VaHRzrvFNuoVWIU+FqfN+sW+bLQWi9v/K5oiup83xQBze6kjMEL2PT48bJwT/dQgP5cnTTEYwcOK/Yes1Cmb+VqjAs5B3uiHDoch10fy4b4duuALozPGhgoOfTLqe9Ekbt8PdIhUzGxFCw79W7IBA9vw79tYBy4B2et8Zb9sf+sMmxPINDkouYmfSnU0PjNjida7Tii2IEWbrb/qbSkRNcyIBmpGKz6VnSIvomv4FA9dGkOLYRyvTjAM6Shy5aiGV8F7T9hMxm3zGDjiVseyPVtMdSjM2SCx95uPCH5oSrj8M1OIjC2D+w3DsmTPFvTjA1gmKEYnXfFj82DvO+wDcbb6/DF2qS6y5rNpdnPWDb57iBqKeZISQ5x+h8arV0U3yItHoi7z4Cb51V29pdBE0xgFx5DE5akuPO3RC+BP0CK242HBdb94YXQCfmoQ1dV59mvu0ObAhP4CH/efOqONHXjTG9eurQyJWUr8yYO9DI7HkQHwvYDS7xuEO9yvs7gizm22FOTcxBPc4M/KFhPfnUs7Nyfw6I0Nw== vfebvre@cadoles.com

recipes/debian/provisionning/ssh/cnous/nmelin.pub

@@ -0,0 +1 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOsoXFfQcqFp6+5QbB1o1ZpjCGeiPMM9aOK2DoZoMM/7 nicolas.melin@cnous.fr

recipes/debian/provisionning/ssh/cnous/operrot.pub

@@ -0,0 +1 @@
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCwyKvtyfZibpHNDDsfg7N6PHPnv9AzA2PowGd7iqF6YRv6CgGPnUixWE791bmekr57TR1QwW58aSEPSQMfLBwo0OwZ7GXYbOb9Fdb6WHAUJHSyMNsFvakgjq0g7TERMw3UksiYpUBCLgvWhF5jNjKsXgK3LyMUVqJs9KlUBt6elxy3CWoMYaWVJTQwXqLEbvr7W9F1rb9PQi80vxcSZXgk5XPPZH4vh7oN7GLB5UwaTFRh4lcup0xnV938gSgLxttPg4t5li5cmvXXMgtCrIDj7JPh9Cic+UXo80cV14nOpX23nuu408Veys/4p5tYiYFCg6NnUtW2dJrfyga9W1h6nc/6JaY8aXdoE+pi7lL7XrMvJPQxVYdwA9rPUBSZAIOmZQQx2aKFMsXocyVXQDzLQyg8lAF9gbMkjXH7DluXd+s0OAdijW9VFxhjutojaC76vhH+ZqSq511vdCTuq+6juW/By/pYQRtKiL1jJqfQoC+JU8RmOVOml5ciT7I0OM/0dakdIMYINX1FaRuSYb8wm0k3pKh+PGmMigja5lY7Bv8M89gRRw+8bJ42h5XkR0Jd04Wagd9eFXvaLa9OdarwF5rE2d6NM5Gfr2wJ4XuDMC7C3r/b6U3sZr6CWvQ5URrXS9OLtZG09DtEGIIuMcu0pgqclitVDi06Ffz5dZMnVQ== olivier.perrot@cnous.fr

recipes/debian/provisionning/templater-install.sh

@@ -0,0 +1,23 @@
+#!/bin/sh
+
+set -ex
+
+TOOL_DIR="${1:-/usr/local/bin}"
+TOOL_USER="${2:-root}"
+TOOL_GROUP="${3:-root}"
+ATTACHMENT_URL="https://forge.cadoles.com/attachments/"
+
+installTool() {
+  NAME="${1}"
+  URL="${2}"
+
+  curl -k -o ${TOOL_DIR}/${NAME} ${URL}
+  chmod +x ${TOOL_DIR}/${NAME}
+}
+
+apk add curl
+
+# Install templater
+installTool "tpr" "https://forge.cadoles.com/attachments/242b3cba-8d07-4b89-80ab-7c12253a8524"
+# Install bootstraper
+installTool "btr" "https://forge.cadoles.com/attachments/e8442b2a-2065-4282-b4a4-648681fa044c"

recipes/debian/provisionning/tools/additionnal-disk

@@ -0,0 +1,27 @@
+#!/bin/sh
+
+# 
+# Quick and dirty script to add disk space
+# It creates a new PV (with the additionnal disk),
+# a new VG and a new LV with 100% disk space
+# The names and devices are provided with env variables:
+#   - PV_DEVICE : The /dev/xxx device
+#   - VG_NAME: The new vg name
+#   - LV_NAME: Then new lv name
+#   - LV_MTP: The mount point for the FS created on the LV
+#   - LV_FS: The fstype of the new FS
+#
+if [ -e ${PV_DEVICE} ]; then
+   pvcreate ${PV_DEVICE}
+   vgcreate ${VG_NAME} ${PV_DEVICE}
+   lvcreate -Ay -l 100%FREE -n ${LV_NAME} ${VG_NAME}
+   mkfs.${LV_FS} /dev/${VG_NAME}/${LV_NAME}
+   if [ ! -d ${LV_MTP} ]; then
+      mkdir -p ${LV_MTP}
+   fi
+   mount /dev/${VG_NAME}/${LV_NAME} ${LV_MTP}
+   echo "/dev/${VG_NAME}/${LV_NAME}	${LV_MTP}	${LV_FS}	rw,relatime 0 1" >> /etc/fstab
+else
+    echo "${PV_DEVICE} is missing"
+    exit 3
+fi