small pixel drawing of a pufferfish zoa

hosts/host.example.org

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99
# install a file, set permissions, and update
# the apk repos if things have changed
#
# note that ZOA_FILES is available for use!
# $ZOA_FILES is equal to /var/lib/zoa/<repo>/<branch>/files/
mkdir -p /etc/apk
cp "$ZOA_FILES/repositories" /etc/apk/repositories
chown root:root /etc/apk/repositories
chmod 0644 /etc/apk/repositories
apk update

# this is pretty typical - the above works just fine.
# however, zoa provides a useful helper to wrap the
# above into a single line:
#   remember: file, owners, perms
#   and optionally: a command to run if the file is updated

zoa-file repositories /etc/apk/repositories root:root 0644 'apk update'

# zoa-file will only run "apk update" if the file is changed, or if its permissions
# change. zoa-file also gives you more pretty output.

# install useful packages (this is idempotent already!)
apk add ip6tables nano vim htop tmux tree curl wget prometheus-node-exporter@edge-community pigz

# install another file
# note that this time, we don't run a command!
zoa-file motd /etc/motd root:root 0644

# zoa keeps track of all file changes throughout the run (done via zoa-file)
# so you can always reference them

zoa-changed /etc/motd
# exits 0 now since the file was modified this run :D

# setup cron & metrics
apk add chrony
zoa-file prom_collect /usr/bin/prom-collect root:root 0755
zoa-file cyberia-alpine-metrics /etc/periodic/daily/cyberia-alpine-metrics

# and now, a directory...
mkdir -p /var/lib/prometheus/textfile_collector
chown root:root /var/lib/prometheus/textfile_collector
chmod 0777 /var/lib/prometheus/textfile_collector

# of course, there's a shortcut:
zoa-directory /var/lib/prometheus/textfile_collector root:root 0777

# and of course, the shortcut gives us the ability to run a command & prints
# slightly prettier output when zoa runs.

# and naturally, dirs show up in zoa-changed as well
zoa-changed /var/lib/prometheus/textfile_collector
# exits 0

zoa-file node-exporter /etc/conf.d/node-exporter root:root 0644

# just handle service management via shell
# per usual, bust out a little for loop even
for service in chronyd crond syslog klogd node-exporter; do
  service $service start
  rc-update add $service
done

# if you want to do something more OS-specific:

if [ "$DISTRO" = "debian" ]; then
  # these init commands are idempotent as well
  # since they'll just do nothing and exit cleanly
  # if the service is already started/enabled
  systemctl start docker
  systemctl enable docker
fi

# ???what have we learned so far???
# files and dirs - zoa wraps that & provides helpers
# services and package management - DIY

zoa-file cyberian_authorized_ssh_keys \
  /home/cyberian/.ssh/authorized_keys \
  cyberian:cyberian \
  0600

# here we can see the use of our first "var" - all of the vars in the /vars
# dir are automatically applied to the nodes within the files.
for operator in $operators; do
  # adduser is not in zoa because there's no POSIX standard
  # thus it would be very costly to capture all possible OS permutations
  # and the author of zoa values his time
  #
  # besides, it's pretty easy to automate:
  adduser -D "$operator" || true
  zoa-directory "/home/$operator/.ssh" "$operator:$operator" 0700
  zoa-file "ssh_keys/$operator" "/home/$operator/.ssh/authorized_keys" "$operator:$operator" 0600
done

if [ -z "$make_backup_user" ]; then
  useradd -S backup_user
fi