diff --git a/.gitignore b/.gitignore index 520a490..8c75424 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1,2 @@ +skz-wg/ skz-opack/ diff --git a/.sloptrap b/.sloptrap index d1a905a..96be1d5 100644 --- a/.sloptrap +++ b/.sloptrap @@ -1,4 +1,4 @@ name=skz-void -packages_extra=vagrant make jq python3 ripgrep curl git openssh-client +packages_extra=vagrant make jq python3 ripgrep curl git openssh-client qemu-system netcat-openbsd qemu-utils agent=codex allow_host_network=true diff --git a/server-test/.gitignore b/server-test/.gitignore new file mode 100644 index 0000000..0aa0ab5 --- /dev/null +++ b/server-test/.gitignore @@ -0,0 +1,10 @@ +skz-void-bbb88f038188.json +opack-cloud +opack_deploy_* +opack_installer_* +id_ed25519 +*.log +ssh-config +.vagrant +Vagrantfile +*.json diff --git a/server-test/Makefile b/server-test/Makefile new file mode 100644 index 0000000..276f35a --- /dev/null +++ b/server-test/Makefile @@ -0,0 +1,60 @@ +export PATH := /sloptrap-tools/bin:$(PATH) +export PACKER_CONFIG_DIR := /sloptrap-tools/packer-config +export TF_PLUGIN_CACHE_DIR := /sloptrap-tools/terraform-plugin-cache +export CLOUDSDK_CONFIG := /sloptrap-tools/gcloud-config + +OPACK_TARGET= skz-void-server-test +OPACK_SYS_VERSION= snapshots +OPACK_SYS_RELEASE= 79 +OPACK_SYS_CPU= 2 +OPACK_SYS_MEMORY= 1024 +OPACK_SYS_DISK_SIZE= 10000 +OPACK_SYS_SETS= +* -x* +xbase* -game* -comp* +bsd.rd +OPACK_SYS_HOSTNAME= test.void.sk4.nz +OPACK_SYS_USER= sk4nz +OPACK_SYS_SSH_PRIVATE_KEY= id_ed25519 +OPACK_GCE_MACHINE= e2-micro +OPACK_AUTODISKLABEL_FILE= $(shell realpath ./autodisklabel) +OPACK_PROVISION_FILE= $(shell realpath void-provision.sh) +OPACK_GCE_PROJECT= skz-void +OPACK_GCE_JSON_KEY= ../server/skz-void-bbb88f038188.json +OPACK_COMMIT= $(shell git -C .. log --oneline -n 1 --abbrev-commit --date=short --pretty=format:"%h %ad %s" 2>/dev/null || echo latest) +OPACK_SHORT_REV= latest +OPACK_DEBUG=y + +include ../skz-opack/src/opack.mk + +$(OPACK_PACKER_HTTP_DIR)/install-cloud.conf: $(OPACK_SYS_SSH_PRIVATE_KEY) + +SSH_OPTS= -i $(OPACK_SYS_SSH_PRIVATE_KEY) -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null +FW_TF= $(OPACK_TERRAFORM_DIR)/opack-module/firewall.tf + +IN_TCP= ssh +VPN_TCP= ssh domain http https 1024:65535 +VPN_UDP= domain ntp 1024:65535 + +VOID_CLIENTS= psychopomp skzphone miri +WG_SRC= ../skz-wg + +.DEFAULT_GOAL := all + +all: void + +$(FW_TF): | opack-cloud + cp firewall.tf $@ + cd $(OPACK_TERRAFORM_DIR) && terraform apply \ + -target=module.opack-module.google_compute_firewall.icmp_test \ + -target=module.opack-module.google_compute_firewall.wireguard_test \ + -target=module.opack-module.google_compute_firewall.ssh_test \ + -auto-approve > /dev/null + echo GCP Firewall configured + +void: | $(FW_TF) + ssh $(SSH_OPTS) root@$(shell cat opack-cloud) \ + "uname -a; sysctl kern.version;" 2> /dev/null + scp -q -r $(SSH_OPTS) \ + $(WG_SRC) root@$(shell cat opack-cloud):/root/skz-wg + ssh $(SSH_OPTS) root@$(shell cat opack-cloud) \ + "sh -c 'IN_TCP=\"$(IN_TCP)\" VPN_TCP=\"$(VPN_TCP)\" VPN_UDP=\"$(VPN_UDP)\" CLIENTS=\"$(VOID_CLIENTS)\" make -C /root/skz-wg'" 2> /dev/null + +clean: opack-clean diff --git a/server-test/autodisklabel b/server-test/autodisklabel new file mode 100644 index 0000000..2baf99c --- /dev/null +++ b/server-test/autodisklabel @@ -0,0 +1,5 @@ +/ 1G-* 60% +swap 1G-2G 2% +/tmp 1G-4G 4% +/usr 3G-* 24% +/usr/local 2G-* 10% diff --git a/server-test/firewall.tf b/server-test/firewall.tf new file mode 100644 index 0000000..30f0a3f --- /dev/null +++ b/server-test/firewall.tf @@ -0,0 +1,34 @@ +resource "google_compute_firewall" "icmp_test" { + name = "allow-icmp-server-test" + network = "default" + direction = "INGRESS" + allow { + protocol = "icmp" + } + target_tags = ["skz-opack"] + source_ranges = ["0.0.0.0/0"] +} + +resource "google_compute_firewall" "wireguard_test" { + name = "allow-wireguard-server-test" + network = "default" + direction = "INGRESS" + allow { + protocol = "udp" + ports = ["5353"] + } + target_tags = ["skz-opack"] + source_ranges = ["0.0.0.0/0"] +} + +resource "google_compute_firewall" "ssh_test" { + name = "allow-ssh-server-test" + network = "default" + direction = "INGRESS" + allow { + protocol = "tcp" + ports = ["22"] + } + target_tags = ["skz-opack"] + source_ranges = ["0.0.0.0/0"] +} diff --git a/server-test/id_ed25519.pub b/server-test/id_ed25519.pub new file mode 100644 index 0000000..1dc2ac2 --- /dev/null +++ b/server-test/id_ed25519.pub @@ -0,0 +1 @@ +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIISA7Vxjw7ZNRmRdS/RrRY9RVgsg/dFUGIrK6cWmzgYE sk4nz@psychopomp diff --git a/server-test/void-provision.sh b/server-test/void-provision.sh new file mode 100755 index 0000000..d8e0182 --- /dev/null +++ b/server-test/void-provision.sh @@ -0,0 +1,22 @@ +#!/bin/sh +set -e +set +x +packages="htop vim--no_x11 nload" +( + echo VOID: Starting provisioning. + sysctl -n kern.version + printf 'hw.smt=1\n' >> /etc/sysctl.conf + printf 'permit nopass :wheel\n' > /etc/doas.conf + pkg_add -u 2> /dev/null || pkg_add -u -D snap 2> /dev/null + pkg_add -Iv $packages 2> /dev/null || pkg_add -Iv -D snap $packages 2> /dev/null + while(pgrep -f reorder_kernel > /dev/null) do echo Waiting for reorder_kernel to finish...; sleep 10; done + syspatch 2> /dev/null || (echo "No syspatch, continuing..."; true) + rm -f /etc/ssh/ssh_host* + find /var/log -type f | while read f; do echo -ne '' > $f; done + find /tmp -type f | while read f; do echo -ne '' > $f; done + for part in $(df | tail -n+2 | awk '{print $6}'); do dd if=/dev/zero of=$part/EMPTY bs=1M 2> /dev/null || true; rm -f $part/EMPTY || true; done + sync + sync + echo OPACK: provisionning done. +) +exit 0