From 63d53f5727f8a2551b091abcb853dcf819332aa7 Mon Sep 17 00:00:00 2001 From: root Date: Sun, 2 Mar 2025 22:22:42 -0500 Subject: [PATCH] Start writing out a template for services. --- main.go | 36 +++++++++++++- services/navidrome.json | 0 services/navidrome.template | 0 services/proxy.json | 0 services/proxy.template | 0 services/ssh.json | 6 +++ services/ssh.template | 98 +++++++++++++++++++++++++++++++++++++ 7 files changed, 139 insertions(+), 1 deletion(-) create mode 100644 services/navidrome.json create mode 100644 services/navidrome.template create mode 100644 services/proxy.json create mode 100644 services/proxy.template create mode 100644 services/ssh.json create mode 100644 services/ssh.template diff --git a/main.go b/main.go index 50ee892..0b1870c 100644 --- a/main.go +++ b/main.go @@ -4,8 +4,10 @@ import ( "fmt" "os" "os/exec" + "text/template" "github.com/hjson/hjson-go/v4" + "dario.cat/mergo" ) type Config struct { @@ -24,6 +26,7 @@ type NetworkingConfig struct { type ServiceConfig struct { Enable string Provider string + Packages []string Src string Ports []string Volumes []string @@ -47,8 +50,39 @@ func main() { // Parse services for name, service := range config.Services { + var s ServiceConfig fmt.Printf("Service: %s\n", name) - fmt.Printf(" %v\n", service) + + // Read service config file + c, err := os.ReadFile("services/" + name + ".json") + if err != nil { + fmt.Println("Unknown service: ", err) + return + } + + // Read service template file + t, err := os.ReadFile("services/" + name + ".template") + if err != nil { + fmt.Println("No template for service: ", err) + return + } + + // Parse service config + err = hjson.Unmarshal(c, &s) + if err != nil { + fmt.Println(err) + return + } + mergo.Merge(&s, service, mergo.WithOverride) + config.Services[name] = s + fmt.Printf(" %v\n", s) + + tmpl, err := template.New(name).Parse(string(t)) + if err != nil { + fmt.Println(err) + return + } + err = tmpl.Execute(os.Stdout, s) } // Parse package list diff --git a/services/navidrome.json b/services/navidrome.json new file mode 100644 index 0000000..e69de29 diff --git a/services/navidrome.template b/services/navidrome.template new file mode 100644 index 0000000..e69de29 diff --git a/services/proxy.json b/services/proxy.json new file mode 100644 index 0000000..e69de29 diff --git a/services/proxy.template b/services/proxy.template new file mode 100644 index 0000000..e69de29 diff --git a/services/ssh.json b/services/ssh.json new file mode 100644 index 0000000..38f4e97 --- /dev/null +++ b/services/ssh.json @@ -0,0 +1,6 @@ +{ +enable: "true", +provider: "system", +packages: [ "openssh-server" ], +ports: [ "22" ], +} diff --git a/services/ssh.template b/services/ssh.template new file mode 100644 index 0000000..4801cd7 --- /dev/null +++ b/services/ssh.template @@ -0,0 +1,98 @@ +{{if .Ports -}} +Port {{index .Ports 0}} +{{- end}} +#AddressFamily any +#ListenAddress 0.0.0.0 +#ListenAddress :: + +#HostKey /etc/ssh/ssh_host_rsa_key +#HostKey /etc/ssh/ssh_host_ecdsa_key +#HostKey /etc/ssh/ssh_host_ed25519_key + +# Ciphers and keying +#RekeyLimit default none + +# Logging +#SyslogFacility AUTH +#LogLevel INFO + +# Authentication: + +#LoginGraceTime 2m +#PermitRootLogin prohibit-password +#StrictModes yes +#MaxAuthTries 6 +#MaxSessions 10 + +#PubkeyAuthentication yes + +# The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2 +# but this is overridden so installations will only check .ssh/authorized_keys +AuthorizedKeysFile .ssh/authorized_keys + +#AuthorizedPrincipalsFile none + +#AuthorizedKeysCommand none +#AuthorizedKeysCommandUser nobody + +# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts +#HostbasedAuthentication no +# Change to yes if you don't trust ~/.ssh/known_hosts for +# HostbasedAuthentication +#IgnoreUserKnownHosts no +# Don't read the user's ~/.rhosts and ~/.shosts files +#IgnoreRhosts yes + +# To disable tunneled clear text passwords, change to no here! +#PasswordAuthentication yes +#PermitEmptyPasswords no + +# Change to no to disable s/key passwords +#KbdInteractiveAuthentication yes + +# Kerberos options +#KerberosAuthentication no +#KerberosOrLocalPasswd yes +#KerberosTicketCleanup yes +#KerberosGetAFSToken no + +# GSSAPI options +#GSSAPIAuthentication no +#GSSAPICleanupCredentials yes + +#UsePAM no + +#AllowAgentForwarding yes +# Feel free to re-enable these if your use case requires them. +AllowTcpForwarding no +GatewayPorts no +X11Forwarding no +#X11DisplayOffset 10 +#X11UseLocalhost yes +#PermitTTY yes +#PrintMotd yes +#PrintLastLog yes +#TCPKeepAlive yes +#PermitUserEnvironment no +#Compression delayed +#ClientAliveInterval 0 +#ClientAliveCountMax 3 +#UseDNS no +#PidFile /run/sshd.pid +#MaxStartups 10:30:100 +#PermitTunnel no +#ChrootDirectory none +#VersionAddendum none + +# no default banner path +#Banner none + +# override default of no subsystems +Subsystem sftp internal-sftp + +# Example of overriding settings on a per-user basis +#Match User anoncvs +# X11Forwarding no +# AllowTcpForwarding no +# PermitTTY no +# ForceCommand cvs server