Add server-test

.gitignore

@@ -1 +1,2 @@
+skz-wg/
 skz-opack/

.sloptrap

@@ -1,4 +1,4 @@
 name=skz-void
-packages_extra=vagrant make jq python3 ripgrep curl git openssh-client
+packages_extra=vagrant make jq python3 ripgrep curl git openssh-client qemu-system netcat-openbsd qemu-utils
 agent=codex
 allow_host_network=true

server-test/.gitignore

@@ -0,0 +1,10 @@
+skz-void-bbb88f038188.json
+opack-cloud
+opack_deploy_*
+opack_installer_*
+id_ed25519
+*.log
+ssh-config
+.vagrant
+Vagrantfile
+*.json

server-test/Makefile

@@ -0,0 +1,60 @@
+export PATH := /sloptrap-tools/bin:$(PATH)
+export PACKER_CONFIG_DIR := /sloptrap-tools/packer-config
+export TF_PLUGIN_CACHE_DIR := /sloptrap-tools/terraform-plugin-cache
+export CLOUDSDK_CONFIG := /sloptrap-tools/gcloud-config
+
+OPACK_TARGET=			skz-void-server-test
+OPACK_SYS_VERSION=		snapshots
+OPACK_SYS_RELEASE=		79
+OPACK_SYS_CPU=			2
+OPACK_SYS_MEMORY=		1024
+OPACK_SYS_DISK_SIZE=		10000
+OPACK_SYS_SETS=			+* -x* +xbase* -game* -comp* +bsd.rd
+OPACK_SYS_HOSTNAME=		test.void.sk4.nz
+OPACK_SYS_USER=			sk4nz
+OPACK_SYS_SSH_PRIVATE_KEY=	id_ed25519
+OPACK_GCE_MACHINE=		e2-micro
+OPACK_AUTODISKLABEL_FILE=	$(shell realpath ./autodisklabel)
+OPACK_PROVISION_FILE=		$(shell realpath void-provision.sh)
+OPACK_GCE_PROJECT=		skz-void
+OPACK_GCE_JSON_KEY=		../server/skz-void-bbb88f038188.json
+OPACK_COMMIT=			$(shell git -C .. log --oneline -n 1 --abbrev-commit --date=short --pretty=format:"%h %ad %s" 2>/dev/null || echo latest)
+OPACK_SHORT_REV=		latest
+OPACK_DEBUG=y
+
+include ../skz-opack/src/opack.mk
+
+$(OPACK_PACKER_HTTP_DIR)/install-cloud.conf: $(OPACK_SYS_SSH_PRIVATE_KEY)
+
+SSH_OPTS=	-i $(OPACK_SYS_SSH_PRIVATE_KEY) -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null
+FW_TF=		$(OPACK_TERRAFORM_DIR)/opack-module/firewall.tf
+
+IN_TCP=		ssh
+VPN_TCP=	ssh domain http https 1024:65535
+VPN_UDP=	domain ntp 1024:65535
+
+VOID_CLIENTS=	psychopomp skzphone miri
+WG_SRC=		../skz-wg
+
+.DEFAULT_GOAL := all
+
+all: void
+
+$(FW_TF): | opack-cloud
+	cp firewall.tf $@
+	cd $(OPACK_TERRAFORM_DIR) && terraform apply \
+		-target=module.opack-module.google_compute_firewall.icmp_test \
+		-target=module.opack-module.google_compute_firewall.wireguard_test \
+		-target=module.opack-module.google_compute_firewall.ssh_test \
+		-auto-approve > /dev/null
+	echo GCP Firewall configured
+
+void: | $(FW_TF)
+	ssh $(SSH_OPTS) root@$(shell cat opack-cloud) \
+		"uname -a; sysctl kern.version;" 2> /dev/null
+	scp -q -r $(SSH_OPTS) \
+		$(WG_SRC) root@$(shell cat opack-cloud):/root/skz-wg
+	ssh $(SSH_OPTS) root@$(shell cat opack-cloud) \
+		"sh -c 'IN_TCP=\"$(IN_TCP)\" VPN_TCP=\"$(VPN_TCP)\" VPN_UDP=\"$(VPN_UDP)\" CLIENTS=\"$(VOID_CLIENTS)\" make -C /root/skz-wg'" 2> /dev/null
+
+clean: opack-clean

server-test/autodisklabel

@@ -0,0 +1,5 @@
+/              1G-*     60%
+swap           1G-2G    2%
+/tmp           1G-4G    4%
+/usr           3G-*     24%
+/usr/local     2G-*     10%

server-test/firewall.tf

@@ -0,0 +1,34 @@
+resource "google_compute_firewall" "icmp_test" {
+  name        = "allow-icmp-server-test"
+  network     = "default"
+  direction   = "INGRESS"
+  allow {
+    protocol = "icmp"
+  }
+  target_tags   = ["skz-opack"]
+  source_ranges = ["0.0.0.0/0"]
+}
+
+resource "google_compute_firewall" "wireguard_test" {
+  name        = "allow-wireguard-server-test"
+  network     = "default"
+  direction   = "INGRESS"
+  allow {
+    protocol = "udp"
+    ports    = ["5353"]
+  }
+  target_tags   = ["skz-opack"]
+  source_ranges = ["0.0.0.0/0"]
+}
+
+resource "google_compute_firewall" "ssh_test" {
+  name        = "allow-ssh-server-test"
+  network     = "default"
+  direction   = "INGRESS"
+  allow {
+    protocol = "tcp"
+    ports    = ["22"]
+  }
+  target_tags   = ["skz-opack"]
+  source_ranges = ["0.0.0.0/0"]
+}

server-test/id_ed25519.pub

@@ -0,0 +1 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIISA7Vxjw7ZNRmRdS/RrRY9RVgsg/dFUGIrK6cWmzgYE sk4nz@psychopomp

server-test/void-provision.sh

@@ -0,0 +1,22 @@
+#!/bin/sh
+set -e
+set +x
+packages="htop vim--no_x11 nload"
+(
+	echo VOID: Starting provisioning.
+	sysctl -n kern.version
+	printf 'hw.smt=1\n' >> /etc/sysctl.conf
+	printf 'permit nopass :wheel\n' > /etc/doas.conf
+	pkg_add -u 2> /dev/null || pkg_add -u -D snap 2> /dev/null
+	pkg_add -Iv $packages 2> /dev/null || pkg_add -Iv -D snap $packages 2> /dev/null
+	while(pgrep -f reorder_kernel > /dev/null) do echo Waiting for reorder_kernel to finish...; sleep 10; done
+	syspatch 2> /dev/null || (echo "No syspatch, continuing..."; true)
+	rm -f /etc/ssh/ssh_host*
+	find /var/log -type f | while read f; do echo -ne '' > $f; done
+	find /tmp -type f | while read f; do echo -ne '' > $f; done
+	for part in $(df | tail -n+2 | awk '{print $6}'); do dd if=/dev/zero of=$part/EMPTY bs=1M 2> /dev/null || true; rm -f $part/EMPTY || true; done
+	sync
+	sync
+	echo OPACK: provisionning done.
+)
+exit 0