scripts/host.example.org
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
# install a file, set permissions, and update # the apk repos mkdir -p /etc/apk cp "$zoa_root/files/repositories" /etc/apk/repositories chown root:root /etc/apk/repositories chmod 0644 /etc/apk/repositories apk update # this is pretty typical - the above works just fine. # however, zoa provides a useful helper to wrap the # above into a single line: # remember: file, owners, perms # and optionally: a command to run if the file is updated zoa-file repositories /etc/apk/repositories root:root 0644 'apk update' zoa file -f repositories -o root -g root -m 0644 /etc/apk/repositories # zoa-file will only run "apk update" if the file is changed, or if its permissions # change. zoa-file also gives you more pretty output. # install useful packages (this is idempotent already!) apk add ip6tables nano vim htop tmux tree curl wget prometheus-node-exporter@edge-community pigz # install another file # note that this time, we don't run a command! zoa-file motd /etc/motd root:root 0644 # zoa keeps track of all file changes throughout the run (done via zoa-file) # so you can always reference them zoa-changed /etc/motd # exits 0 now since the file was modified this run :D # setup cron & metrics apk add chrony zoa-file prom_collect /usr/bin/prom-collect root:root 0755 zoa-file cyberia-alpine-metrics /etc/periodic/daily/cyberia-alpine-metrics # and now, a directory... mkdir -p /var/lib/prometheus/textfile_collector chown root:root /var/lib/prometheus/textfile_collector chmod 0777 /var/lib/prometheus/textfile_collector # of course, there's a shortcut: zoa-directory /var/lib/prometheus/textfile_collector root:root 0777 # and of course, the shortcut gives us the ability to run a command & prints # slightly prettier output when zoa runs. # and naturally, dirs show up in zoa-changed as well zoa-changed /var/lib/prometheus/textfile_collector # exits 0 zoa-file node-exporter /etc/conf.d/node-exporter root:root 0644 # just handle service management via shell # per usual, bust out a little for loop even for service in chronyd crond syslog klogd node-exporter; do service $service start rc-update add $service done # if you want to do something more OS-specific: if [ "$DISTRO" = "debian" ]; then # these init commands are idempotent as well # since they'll just do nothing and exit cleanly # if the service is already started/enabled systemctl start docker systemctl enable docker fi # ???what have we learned so far??? # files and dirs - zoa wraps that & provides helpers # services and package management - DIY zoa-file cyberian_authorized_ssh_keys \ /home/cyberian/.ssh/authorized_keys \ cyberian:cyberian \ 0600 # here we can see the use of our first "var" - all of the vars in the /vars # dir are automatically applied to the nodes within the files. for operator in $operators; do # adduser is not in zoa because there's no POSIX standard # thus it would be very costly to capture all possible OS permutations # and the author of zoa values his time # # besides, it's pretty easy to automate: adduser -D "$operator" || true zoa-directory "/home/$operator/.ssh" "$operator:$operator" 0700 zoa-file "ssh_keys/$operator" "/home/$operator/.ssh/authorized_keys" "$operator:$operator" 0600 done if [ "$make_backup_user" = "true" ]; then useradd -S backup_user fi