git.j3s.sh

README

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286 287 288 289 290 291 292 293 294 295 296 297 298 299 300 301 302 303 304 305 306 307 308 309 310 311 312 313 314 315 316 317 318 319 320 321 322 323 324 325 326 327 328 329 330 331 332 333 334 335 336 337 338 339 340 341 342 343 344 345 346 347 348 349 350 351 352 353 354 355 356 357 358 359 360 361 362 363 364 365 366 367 368 369 370 371 372 373 374 375 376 377 378

?????????????????
? what is zoa ?
?????????????????

zoa is a simple, opinionated, shell-based config management tool.
it's the best. it's pull-based.

zoa makes you feel good about config management.

zoa config lives in a git repo, and all of the systems you manage
simply point at the repo.

zoa is intended for human-scale deployment, and generally
works best if you're not trying to manage a crazy complicated
fleet of systems between multiple teams. zoa is for small,
tight-knit teams who want to keep it all in their heads with
minimal effort.

it's also for individuals who like understanding their systems,
and hate maintaining them when things break for no reason.

you might like zoa if:
- you enjoy alpine, gentoo, linux from scratch, etc
- you use a tiling window manager
- you like messing with dotfiles
- you dislike chef, ansible, saltstack, and puppet intensely
- you like smallness and simplicity
- you think nix just seems way too god-damned complicated

you might not like zoa if:
- you are an abstraction enjoyer
- you dislike shell, the language
- you dislike the terminal in general

-> quickstart (for linux)

# install zoa
$ wget https://trash.j3s.sh/zoa
$ mv zoa /usr/local/sbin
$ chmod +x /usr/local/sbin/zoa
# set up a zoa repo
$ mkdir zoa
$ cd zoa
$ printf 'uname -a' > main
# finally, run zoa as root
$ sudo zoa .

done!

why did you write this? (are you insane)

first, yes, duh, but also:
i manage systems with config management tools for a living. (6+ years)
i know how impossible they all are to operate & keep up with
years of painful, painful experience. i wrote zoa to use on my personal
systems, because i hate the main config management tools a lot.

also, i <3 shell :D

~~ zoa doesn't pretend ~~

this section is a rant that i'll convert into a blog post tbh

chef & ansible & puppet & salt all pretend to be
fully idempotent & declarative, but leave
actual declarative-ness and idempotence as
an exercise to the user.

zoa doesn't pretend. zoa is not idempotent. zoa
is not declarative. it assumes your state changes
over time, and zoa makes it easy to keep up with those
changes. you won't have to look at horrible doc websites
or commit a week to learning a god
damned
stupid
DSL

other config management systems make their users
feel stupid.

zoa doesn't. zoa uses shell scripts like every
single linux distro has used for millenia. it
has exactly zero dependencies besides zoa itself.

zoa adheres to standards, and uses well-known
distro conventions.

zoa is easy. and simple. and honestly,
quite a smol guy

the other tools want to do a lot - search across
your nodes, deploy via their tooling, automate
testing, manage AWS resources?!?!?

zoa is only concerned with _managing configuration_

_on servers_

and nothing else. forever.

the other tools break constantly because they
try to do everything.

zoa breaks rarely because it does almost nothing.

other tools are slow because they have HUGE runtimes and scopes

zoa is comparatively fast, because it's just running god dang
shell scripts :3
zoa doesn't require:
- ssh
- python
- ruby
- a chef server or salt master

other tools abstract too much

zoa abstracts a few definitely useful functions, but
otherwise gets out of the way and gives you a light
framework to speak shell to your systems.

in zoa, you write plain POSIX shell. Why?
- posix shell is productive!
- posix shell is portable!
- posix shell is the language of system configuration!
- posix shell is easy to remember!
- posix shell rarely changes!

zoa's design touchstones
------------------------
* no config on the nodes
node-side config is cumbersome. everything
should be adjustable via git and git alone.
* expose 1 way to do common things
zoa exposes only 1 hostname var, only 1 copy function,
has 0 flags, and 1 way to run via git, and 1 way to
format your repository. less overhead for you.
* adopt functionality slowly
zoa is starting with a minimal set of built-in functions
because i only want to maintain functions in order to address
severe pain-points. most things should just be handled via shell.
* as standards-compliant as reasonable
but not ball-breakingly so tbh, see $HOSTNAME for an example
of zoa not being "fully" standards compliant.

!!!!!!!!!!!!!!!!!
! DETAILS !
!!!!!!!!!!!!!!!!!

- ~ - understand: there are three components - ~ -

everything you need to know:

1: the utility
2: env vars and helpers
3: the layout

--- 1: the utility ---

zoa is a single binary.

it expects to run as root (it is managing your system, after all),
and it should probably run on a cron/timer/whatever schedule at
whatever interval you want.

installation process:
wget https://j3s.sh/zoa/zoa # TODO
mv zoa /usr/local/sbin
chmod +x /usr/local/sbin/zoa

to run zoa:
zoa https://git.j3s.sh/j3s/config main
^ ^ ^
zoa, duh. git repo optional git branch

zoa will clone the repo+branch specified to /var/lib/zoa/repo, and then
it will execute the "main" script in that repo - more on that later.

to run zoa in local-only mode:
zoa /path/to/zoa/dir

in which case, zoa will just execute main from that dir you specify

that's it, you've run zoa! now set up a cronjob/systemd timer to
run zoa on a schedule, if that's your thing. or just login and run zoa
periodically.

👀👀👀👀👀👀👀👀👀👀👀👀👀👀👀👀👀👀👀👀👀👀👀
you could even have the first zoa run set up a cronjob that runs zoa
on a schedule, to make your life even easier.
👀👀👀👀👀👀👀👀👀👀👀👀👀👀👀👀👀👀👀👀👀👀👀

--- 2: environment variables and helper functions ---

ENVIRONMENT VARIABLES

before zoa runs, it sets a few standard environment variables for your usage.
here are _all of them_.

displayed values are from my dev system
caveats are marked with *

$PATH - the search path for binaries. this is hardcoded.
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin

$ARCH - the name of the hardware type on which the system is running
ARCH=x86_64

$HOSTNAME - the name of this node.
HOSTNAME=nostromo.j3s.sh
* there is no shortname vs fqdn standard, so this env var may vary
by distro

$OS - the operating system name
OS=Linux
* on BSD systems, this var is a lot more useful
* if you want your distro, take a look at OS_RELEASE_ID

$RELEASE - the current release level of the operating system implementation
RELEASE=5.19.5-arch1-1

! WARNING: ALL $OS_RELEASE_* VARIABLES ARE UNRELIABLE !
be sure to check for their existence before
using them. ty~ :3

$OS_RELEASE_ID - short uncapitalized name of your distro
OS_RELEASE_ID=arch
* see above warning

$OS_RELEASE_VERSION_ID - version of your distro, if applicable
OS_RELEASE_VERSION_ID= # note that arch has no version ID
* see above warning

TODO: expose hardware info, cpu cores, ip address, memory availability, etc

HELPER FUNCTIONS

zoa has some little helper functions for common operations.

* zoa-file
usage:
zoa-file example.conf /etc/example.conf optional-command
^ ^ ^
source destination executed if the file changes

description:
zoa-file takes a file from $zoa_root/files/ and places it on-disk
somewhere. if the file is changed, a command is optionally executed.
this can be very useful for things like reloading configurations.

when you think about zoa-file, just think of it as regular cp, with an
extra argument for running arbitrary code if the cp does anything.

examples:
zoa-file motd /etc/motd
zoa-file nginx/j3s.sh /etc/nginx/conf.d/j3s.sh systemctl reload nginx

todo:
add a template processing step of some kind?

* zoa-script
usage:
zoa-script scriptname
^
script to execute

description:
zoa-script executes the given script from /var/lib/zoa/scripts/
this is basically shorthand for ". /var/lib/zoa/repo/script/scriptname",
and also adds some nice decorators.

examples:
zoa-script nginx
zoa-script 420/69

--- 3: the layout ---

ah. finally. how do i lay out my zoa repo?

here's the canonical repo layout:

main <-- file, entrypoint
files/ <-- dir, contains arbitrary text files
scripts/ <-- dir, contains arbitrary shell scripts

you need at least main. everything else is optional.

main is your entrypoint. you could just stick everything in main and
be done with it, if you want.

however, if you want main to be a little more capable,
here's one starting point:

case $HOSTNAME in
git.j3s.sh)
# note that the CERTS env var will
# pass into any scripts called after
# it is defined, as if they're all 1
# long script
CERTS='git.j3s.sh'
zoa-script certs
zoa-script git
;;
j3s.sh)
CERTS='j3s.sh'
zoa-script certs
zoa-script web
;;
esac

scripts/ contains arbitrary shell scripts. you can organize them
how you'd like. dirs are supported.

files/ contains text files (no big files or binaries) that you might be
interested in placing on hosts. these can be accessed with the zoa-file function.

wat is borked?
- custom functions don't work within if statements
- branch cloning doesn't work rn idk why
- the cloned git repo has root perms & git hates that
- the repo is re-cloned on every run *shrug*

BONUS SECTION! :3 :3 <3 :3
common config management patterns in zoa

### define a reusable function
in zoa, this is easy - just define a shell
function:
die() {
printf "%s.\n" "$1"
exit 1
}

every sub-script that is called will automatically
have access to it. env vars work the same way.

### install a package

(this is distro dependent)
apt update
apt install -y cowsay

### install a package, but only if the distro is debian

if [ "$OS_RELEASE_ID" = "debian" ]; then
apt install -y cowsay
fi

### place sshd_config, set permissions, and reload ssh when it changes

zoa-file sshd /etc/ssh/sshd_config systemctl restart sshd
chown root:root /etc/ssh/sshd_config
chmod 0644 /etc/ssh/sshd_config

### append an iptables rule to the input chain

rule='INPUT --protocol tcp --dport 69 --jump ACCEPT'
iptables --check $rule || iptables --append $rule

### clone a remote git repo, pull it constantly

git clone git@git.sr.ht:~example/example /opt/repo ||
git fetch /opt/repo