19 files changed, 24 insertions(+), 525 deletions(-)

M type/__evilham_alertmanager/manifest
M type/__evilham_prometheus/manifest
M type/__evilham_prometheus_blackbox_exporter/manifest
M type/__evilham_prometheus_ipmi_exporter/manifest
M type/__evilham_redis/manifest
D type/__evilham_single_binary_service/explorer/explorer-version
D type/__evilham_single_binary_service/man.rst
D type/__evilham_single_binary_service/manifest
D type/__evilham_single_binary_service/parameter/boolean
D type/__evilham_single_binary_service/parameter/default/service-args
D type/__evilham_single_binary_service/parameter/default/state
D type/__evilham_single_binary_service/parameter/default/unpack-extension
D type/__evilham_single_binary_service/parameter/default/user
D type/__evilham_single_binary_service/parameter/default/user-home-dir
D type/__evilham_single_binary_service/parameter/optional
D type/__evilham_single_binary_service/parameter/optional_multiple
D type/__evilham_single_binary_service/parameter/required
M type/__evilham_victoriametrics/manifest
M type/__evilham_victoriametrics_vmauth/manifest

@@ 35,7 35,7 @@ CONFIG_FILE_PATH="${ETC_DIR}/${SERVICE}.conf"
 
 
 # Install and enable the service
-__evilham_single_binary_service "${SERVICE}" \
+__single_binary_service "${SERVICE}" \
 	--user "${USER}" \
 	--version "${TYPE_VERSION}" \
 	--checksum "${CHECKSUM}" \

@@ 36,7 36,7 @@ CONFIG_FILE_PATH="${ETC_DIR}/${SERVICE}.conf"
 
 # TODO: check console.libraries/templates
 # Install and enable the service
-__evilham_single_binary_service "${SERVICE}" \
+__single_binary_service "${SERVICE}" \
 	--user "${USER}" \
 	--version "${TYPE_VERSION}" \
 	--checksum "${CHECKSUM}" \

@@ 35,7 35,7 @@ CONFIG_FILE_PATH="${ETC_DIR}/${SERVICE}.conf"
 
 
 # Install and enable the service
-__evilham_single_binary_service "${SERVICE}" \
+__single_binary_service "${SERVICE}" \
 	--user "${USER}" \
 	--version "${TYPE_VERSION}" \
 	--checksum "${CHECKSUM}" \

@@ 30,7 30,7 @@ SHOULD_VERSION="1.4.0"
 CHECKSUM="sha256:e052c05ac7d4a2a653d082fd01c3d5e782af72087baecf8d38538d16a86fe111"
 DOWNLOAD_URL="https://github.com/soundcloud/ipmi_exporter/releases/download/v${SHOULD_VERSION}/ipmi_exporter-${SHOULD_VERSION}.linux-amd64.tar.gz"
 
-__evilham_single_binary_service ipmi_exporter \
+__single_binary_service ipmi_exporter \
 	--user "${USER}" \
 	--service-args ' --config.file=/etc/ipmi_exporter.conf' \
 	--version "${SHOULD_VERSION}" \

@@ 4,11 4,26 @@ export CDIST_ORDER_DEPENDENCY=1
 __package redis
 __start_on_boot redis
 
+os="$(cat "${__global}/explorer/os")"
+
+case $os in
+	freebsd)
+		REDIS_CONF="/usr/local/etc/redis.conf"
+	;;
+	debian|devuan)
+		REDIS_CONF="/etc/redis/redis.conf"
+	;;
+	*)
+		echo "Your OS '${os}' is currently not supported" >> /dev/stderr
+		exit 1
+	;;
+esac
+
 # Prepare aux dir
 __directory /var/run/redis --owner redis --group redis --mode 0755
 # Setup on UNIX socket by default
 __block "__evilham_redis/unix_socket" \
-	--file "/usr/local/etc/redis.conf" \
+	--file "${REDIS_CONF}" \
 	--text '-' <<EOF
 # Use UNIX sockets
 unixsocket /var/run/redis/redis.sock


@@ 20,7 35,7 @@ pidfile /var/run/redis/redis.pid
 EOF
 # Restart service as needed
 __check_messages "__evilham_redis/restart_redis" \
-	--pattern '^__(package/redis|block/__evilham_redis/unix_socket|file/usr/local/etc/redis.conf)' \
+	--pattern "^__(package/redis|block/__evilham_redis/unix_socket|file${REDIS_CONF})" \
 	--execute 'service redis reload || service redis restart'
 
 unset CDIST_ORDER_DEPENDENCY

@@ 1,10 0,0 @@
-#!/bin/sh -e
-
-BIN_PREFIX="/usr/local/bin"
-SERVICE_NAME="${__object_id}"
-
-VERSION_FILE="${BIN_PREFIX}/.${SERVICE_NAME}.cdist.version"
-
-if [ -f "${VERSION_FILE}" ]; then
-	cat "${VERSION_FILE}"
-fi

@@ 1,190 0,0 @@
-cdist-type__evilham_single_binary_service(7)
-============================================
-
-NAME
-----
-cdist-type__evilham_single_binary_service - Setup a single-binary service
-
-
-DESCRIPTION
------------
-This type is designed to easily deploy and configure a single-binary service
-named `${__object_id}`.
-
-A good example of this are Prometheus exporters.
-
-This type makes certain assumptions that might not be correct on your system.
-If you need more flexibility, please get in touch and provide a use-case
-(and hopefully a backwards-compatible patch).
-
-This type will place the downloaded binary and, if requested, other extra
-binaries in `/usr/local/bin`.
-
-If a `--config-file-source` is provided, it will be placed under:
-`/etc/${__object_id}.conf`.
-
-This type supports services managed by `__runit(7)` when `systemd` is not
-the init system being used.
-
-
-REQUIRED PARAMETERS
--------------------
-checksum
-    This will be passed verbatim to `__download(7)`.
-    Use something like `sha256:...`.
-
-url
-    This will be passed verbatim to `__download(7)`.
-
-version
-    This type will use a thumbstone file with a "version" number to track
-    whether or not a service must be updated.
-    This thumbstone file is placed under
-    `/usr/local/bin/.${__object_id}.cdist.version`.
-
-
-BOOLEAN PARAMETERS
-------------------
-unpack
-    If present, the contents of `--url` will be treated as an archive to be
-    unpacked with `__unpack(7)`.
-    See also `--unpack-args` and `--extra-binary`.
-
-do-not-manage-user
-    Always considered present when `--user` is `root`.
-    If present, the user in `--user` will not be managed by this type with
-    `__user`, this means it *must* exist beforehand when installing the service
-    and it will not be removed by this type.
-
-
-OPTIONAL PARAMETERS
--------------------
-config-file-source
-    If present, this file's contents will be placed under
-    `/etc/${__object_id}.conf` with permissions `0440` and ownership assigned to
-    `--user` and `--group`.
-    If `-` is passed, this type's `stdin` will be used.
-
-user
-    The user under which the service will run. Defaults to `root`.
-    If this user is not `root` and `--do-not-manage-user` is not present,
-    this user will be created or removed as per the `--state` parameter.
-
-user-home-dir
-    Does not have an effect if `--do-not-manage-user` is used or `--user` is
-    `root`.
-    The home directory of the service user. It will be created.
-    Defaults to `/nonexistent`, in this case the home directory will not be
-    created.
-
-group
-    The group under which the service will run. Defaults to `--user`.
-
-state
-    Whether the service is to be `present` (default) or `absent`.
-    When `absent`, this type will clean any binaries listed in `--extra-binary`
-    and also the config file as described in `--config-file-source`.
-
-binary
-    This will be the binary name. Defaults to `${__object_id}`.
-    If `--unpack` is used, a binary with this name must be unpacked.
-    Otherwise, the contents of `--url` will be placed under this binary name.
-
-service-args
-    Any extra arguments to pass along with `--service-exec`. Beware that any
-    service-args having the format `--config=/etc/foo.cfg` should be
-    represented in the following way `--service-exec='--config=/etc/foo.cfg'`
-
-service-exec
-    The executable to use for this service.
-    Defaults to `/usr/local/bin/BINARY_NAME` where `BINARY_NAME` is the
-    resulting value of `--binary`.
-
-service-definition
-    The service definition to be used as an override.
-    Note that this type decides dinammically between runit and systemd, and
-    you can currently only define either a systemd unit or a runit script here.
-    Use this parameter only for testing and get in touch to discuss how your
-    particular use-case can be supported by the type.
-
-service-description
-    The service description to be used in, e.g. the systemd unit file.
-    Defaults to `cdist-managed '${__object_id}' service`.
-
-unpack-args
-    Only has an effect if `--unpack` is used.
-    These arguments will be passed verbatim to `__unpack(7)`.
-    Very useful as this type assumes the archive does not have the binaries in
-    subdirectories; that can be worked around with
-    `--unpack-args '--tar-strip 1'`.
-
-unpack-extension
-    Only has an effect if `--unpack` is used.
-    The file extension of the file to unpack, defaults to `.tar.gz`.
-
-working-directory
-    If set, the working directory with which the service will be started.
-
-
-OPTIONAL MULTIPLE PARAMETERS
-----------------------------
-extra-binary
-    Only useful with `--unpack`.
-    If passed, these binaries will also be installed when `--state` is `present`
-    and removed when `--state` is `absent`.
-    Handle with care :-).
-
-
-EXAMPLES
---------
-
-.. code-block:: sh
-
-	# Install and enable the ipmi_exporter service
-	#   The variables are defined in the manifest previously
-	__evilham_single_binary_service ipmi_exporter \
-		--user "${USER}" \
-		--service-args ' --config.file=/etc/ipmi_exporter.conf' \
-		--version "${SHOULD_VERSION}" \
-		--checksum "${CHECKSUM}" \
-		--url "${DOWNLOAD_URL}" \
-		--state "present" \
-		--unpack \
-		--unpack-args "--tar-strip 1" \
-		--config-file-source '-' <<-EOF
-	# Remotely managed, changes will be lost
-	# [...] config contents goes here
-	EOF
-
-	# Remove the ipmi_exporter service along with the user and its config
-	__evilham_single_binary_service ipmi_exporter \
-		--user "${USER}" \
-		--version "${SHOULD_VERSION}" \
-		--checksum "${CHECKSUM}" \
-		--url "${DOWNLOAD_URL}" \
-		--state "absent"
-
-	# Same, but the service was using my user! Let's not delete that!
-	__evilham_single_binary_service ipmi_exporter \
-		--user "evilham" \
-		--do-not-manage-user \
-		--version "${SHOULD_VERSION}" \
-		--checksum "${CHECKSUM}" \
-		--url "${DOWNLOAD_URL}" \
-		--state "absent"
-
-
-SEE ALSO
---------
-- `__download(7)`
-- `__unpack(7)`
-
-
-AUTHORS
--------
-Evilham <contact@evilham.com>
-
-
-COPYING
--------
-Copyright \(C) 2021 Evilham.

@@ 1,292 0,0 @@
-#!/bin/sh -e
-SERVICE_NAME="${__object_id}"
-
-OS="$(cat "${__global}/explorer/os")"
-
-case "${OS}" in
-	debian|devuan)
-		SUPER_USER_GROUP=root
-		ETC_DIR="/etc"
-	;;
-	*bsd)
-		SUPER_USER_GROUP=wheel
-		ETC_DIR="/usr/local/etc"
-	;;
-	*)
-		echo "Your OS '${OS}' is currently not supported." >&2
-		exit 1
-	;;
-esac
-INIT="$(cat "${__global}/explorer/init")"
-
-case "${INIT}" in
-	systemd)
-		service_definition_require="__systemd_unit/${SERVICE_NAME}.service"
-		service_command="service ${SERVICE_NAME} %s"
-	;;
-	runit|sysvinit)
-		# We will use runit to manage these services
-		__runit
-		export require="__runit"
-		service_definition_require="__runit_service/${SERVICE_NAME}"
-		service_command="sv %s ${SERVICE_NAME}"
-	;;
-	*)
-		echo "Init system ${INIT}' is currently not supported." >&2
-		exit 1
-	;;
-esac
-
-BIN_DIR="/usr/local/bin"
-
-# Ensure the target bin dir exists
-#   Care, we never want to remove it :-D
-__directory "${BIN_DIR}" \
-	--state "exists" \
-	--mode 0755
-export require="${require} __directory${BIN_DIR}"
-
-STATE="$(cat "${__object}/parameter/state")"
-USER="$(cat "${__object}/parameter/user")"
-GROUP="$(cat "${__object}/parameter/group" 2>/dev/null || true)"
-CUSTOM_CODE="$(cat "${__object}/parameter/custom-code")"
-if [ -z "${GROUP}" ]; then
-	if [ "${USER}" != "root" ]; then
-		GROUP="${USER}"
-	else
-		GROUP="${SUPER_USER_GROUP}"
-	fi
-fi
-
-
-BINARY="$(cat "${__object}/parameter/binary" 2>/dev/null || true)"
-if [ -z "${BINARY}" ]; then
-	BINARY="${SERVICE_NAME}"
-fi
-EXTRA_BINARIES="$(cat "${__object}/parameter/extra-binary" 2>/dev/null || true)"
-# This only makes sense for file archives
-if [ -n "${EXTRA_BINARIES}" ] && [ -f "${__object}/parameter/unpack" ]; then
-	cat >&2 <<-EOF
-	You cannot specify extra binaries without the --unpack argument.
-	Make sure that the --url argument points to a file archive.
-EOF
-fi
-
-SERVICE_EXEC="$(cat "${__object}/parameter/service-exec" 2>/dev/null || true)"
-if [ -z "${SERVICE_EXEC}" ]; then
-	SERVICE_EXEC="${BIN_DIR}/${BINARY}"
-fi
-SERVICE_ARGS="$(cat "${__object}/parameter/service-args")"
-SERVICE_EXEC="${SERVICE_EXEC} ${SERVICE_ARGS}"
-
-SERVICE_DESCRIPTION="$(cat "${__object}/parameter/service-description" \
-	2>/dev/null || true)"
-if [ -z "${SERVICE_DESCRIPTION}" ]; then
-	SERVICE_DESCRIPTION="cdist-managed '${SERVICE_NAME}' service"
-fi
-
-SERVICE_DEFINITION="$(cat "${__object}/parameter/service-definition" 2>/dev/null || true)"
-
-WORKING_DIRECTORY_PATH="$(cat "${__object}/parameter/working-directory" 2>/dev/null || true)"
-if [ -n "${WORKING_DIRECTORY_PATH}" ]; then
-	WORKING_DIRECTORY_SYSTEMD="WorkingDirectory=${WORKING_DIRECTORY_PATH}"
-	WORKING_DIRECTORY_RUNIT="cd '${WORKING_DIRECTORY_PATH}'"
-fi
-
-DOWNLOAD_URL="$(cat "${__object}/parameter/url")"
-CHECKSUM="$(cat "${__object}/parameter/checksum")"
-SHOULD_VERSION="$(cat "${__object}/parameter/version")"
-
-# Create a user for the service if it is not root
-USER_HOME_DIR="/root"
-if [ "${USER}" != "root" ] && \
-		[ ! -f "${__object}/parameter/do-not-manage-user" ]; then
-	if [ "${STATE}" = "absent" ]; then
-		# When removing, ensure user is not being used
-		user_require="${service_definition_require}"
-	fi
-	USER_HOME_DIR="$(cat "${__object}/parameter/user-home-dir")"
-	if [ "${USER_HOME_DIR}" != "/nonexistent" ]; then
-		USER_CREATE_HOME="--create-home"
-	fi
-	# shellcheck disable=SC2086  # We want the user home args
-	require="${require} ${user_require}" __user "${USER}" \
-		--system \
-		--state "${STATE}" \
-		--home "${USER_HOME_DIR}" \
-		--comment "cdist-managed user" \
-		${USER_CREATE_HOME}
-	# Track dependencies
-	service_require="${service_require} __user/${USER}"
-fi
-
-# Place config file if necessary
-CONFIG_FILE_DEST="${ETC_DIR}/${SERVICE_NAME}.conf"
-CONFIG_FILE_SOURCE="$(cat "${__object}/parameter/config-file-source" 2>/dev/null || true)"
-if [ "${CONFIG_FILE_SOURCE}" = "-" ]; then
-	CONFIG_FILE_SOURCE="${__object}/stdin"
-fi
-if [ -n "${CONFIG_FILE_SOURCE}" ] && [ "${STATE}" = "present" ]; then
-	require="${require} __user/${USER}" __file \
-		"${CONFIG_FILE_DEST}" \
-		--owner "${USER}" \
-		--group "${GROUP}" \
-		--mode "0440" \
-		--source "${CONFIG_FILE_SOURCE}"
-	service_require="${service_require} __file${CONFIG_FILE_DEST}"
-fi
-
-
-
-# This should setup the object in $service_definition_require
-# See above.
-case "${INIT}" in
-	systemd)
-		if [ -z "${SERVICE_DEFINITION}" ]; then
-			SERVICE_DEFINITION="$(cat <<EOF
-[Unit]
-Description=${SERVICE_DESCRIPTION}
-After=network.target
-
-[Service]
-Type=simple
-
-User=${USER}
-Group=${GROUP}
-ExecStart=${SERVICE_EXEC}
-Restart=always
-${WORKING_DIRECTORY_SYSTEMD}
-
-[Install]
-WantedBy=multi-user.target
-EOF
-)"
-		fi
-		__systemd_unit "${SERVICE_NAME}.service" \
-			--source "-" \
-			--state "${STATE}" \
-			--enablement-state "enabled" <<EOF
-${SERVICE_DEFINITION}
-EOF
-	;;
-	runit|sysvinit)
-		if [ -z "${SERVICE_DEFINITION}" ]; then
-			SERVICE_DEFINITION="$(cat <<EOF
-#!/bin/sh -e
-${WORKING_DIRECTORY_RUNIT}
-exec 2>&1
-export HOME="\$(getent passwd '${USER}' | cut -d: -f6)"
-export USER="${USER}"
-export GROUP="${GROUP}"
-${CUSTOM_CODE}
-exec chpst -u "${USER}:${GROUP}" ${SERVICE_EXEC}
-EOF
-)"
-		fi
-		__runit_service "${SERVICE_NAME}" \
-			--state "${STATE}" \
-			--log \
-			--source - <<EOF
-${SERVICE_DEFINITION}
-EOF
-	;;
-esac
-service_require="${service_require} ${service_definition_require}"
-
-# Proceed after user and service description have been prepared
-export require="${require} ${service_require}"
-
-VERSION_FILE="${BIN_DIR}/.${SERVICE_NAME}.cdist.version"
-IS_VERSION="$(cat "${__object}/explorer/explorer-version")"
-
-
-if [ "${STATE}" = "absent" ]; then
-	# Perform cleanup of generated files
-	for bin_file in ${BINARY} ${EXTRA_BINARIES}; do
-		__file "${BIN_DIR}/${bin_file}" --state "absent"
-	done
-	__file "${VERSION_FILE}" --state "absent"
-	__file "${CONFIG_FILE_DEST}" --state "absent"
-fi
-
-if [ "${STATE}" != "present" ]; then
-	exit
-fi
-
-sv_cmd() {
-	# This is intentional
-	# shellcheck disable=SC2059
-	printf "${service_command}" "$1"
-}
-
-if [ "${SHOULD_VERSION}" != "${IS_VERSION}" ]; then
-	# We are installing the service and there has been a version change
-	# (or it is first-time install)
-	TMP_PATH="/tmp/${SERVICE_NAME}-${SHOULD_VERSION}"
-
-	# This is what will stop the service, replace the binaries and
-	# start the service again
-	perform_service_upgrade="$(cat <<EOF
-$(sv_cmd stop) || true
-if [ -f '${TMP_PATH}' ]; then
-	chown root:${SUPER_USER_GROUP} '${TMP_PATH}'
-	chmod 0555 '${TMP_PATH}'
-	cp -af '${TMP_PATH}' '${BIN_DIR}/${BINARY}'
-else
-	for bin_file in ${BINARY} ${EXTRA_BINARIES}; do
-		bin_path="${TMP_PATH}/\${bin_file}"
-		chown root:${SUPER_USER_GROUP} "\${bin_path}"
-		chmod 0555 "\${bin_path}"
-		cp -af "\${bin_path}" "${BIN_DIR}/\${bin_file}"
-	done
-fi
-$(sv_cmd start) || true
-EOF
-)"
-
-	if [ -f "${__object}/parameter/unpack" ]; then
-		UNPACK_EXTENSION="$(cat "${__object}/parameter/unpack-extension")"
-		UNPACK_ARGS="$(cat "${__object}/parameter/unpack-args" \
-			2>/dev/null || true)"
-		# Download packed file
-		__download "${TMP_PATH}${UNPACK_EXTENSION}" \
-			--url "${DOWNLOAD_URL}" \
-			--download remote \
-			--sum "${CHECKSUM}"
-
-		# Unpack file and also perform service upgrade
-		# shellcheck disable=SC2086
-		require="__download${TMP_PATH}${UNPACK_EXTENSION}" \
-			__unpack "${TMP_PATH}${UNPACK_EXTENSION}" \
-			${UNPACK_ARGS} \
-			--destination "${TMP_PATH}"
-		version_bump_require="__unpack${TMP_PATH}${UNPACK_EXTENSION}"
-	else
-		# Create temp directory
-		__directory "${TMP_PATH}"
-		# Download binary directoy to the temp directory with the
-		# specified binary name
-		require="__directory${TMP_PATH}" __download \
-			"${TMP_PATH}/${BINARY}" \
-			--url "${DOWNLOAD_URL}" \
-			--download remote \
-			--sum "${CHECKSUM}"
-		version_bump_require="__download${TMP_PATH}/${BINARY}"
-	fi
-
-	# Perform update of cdist-managed version file
-	# And also perform service upgrade
-	# This is a bug if service_upgrade fails >,<
-	printf "%s" "${SHOULD_VERSION}" | \
-		require="${version_bump_require}" __file \
-			"${VERSION_FILE}" \
-			--onchange "${perform_service_upgrade}" \
-			--source "-"
-else
-	# We only restart here if there was a config change
-	# but there was not a version change
-	require="${service_require}" __check_messages \
-		"single_binary_service_${__object_id}" \
-		--pattern "^__file${CONFIG_FILE_DEST}" \
-		--execute "$(sv_cmd restart)"
-fi

@@ 1,2 0,0 @@
-do-not-manage-user
-unpack

@@ 1,1 0,0 @@
-present

@@ 1,1 0,0 @@
-.tar.gz>
\ No newline at end of file

@@ 1,1 0,0 @@
-root

@@ 1,1 0,0 @@
-/nonexistent

@@ 1,14 0,0 @@
-config-file-source
-custom-code
-user
-group
-state
-binary
-service-args
-service-exec
-service-description
-service-definition
-unpack-extension
-unpack-args
-user-home-dir
-working-directory

@@ 1,1 0,0 @@
-extra-binary

@@ 1,3 0,0 @@
-url
-checksum
-version

@@ 33,7 33,7 @@ VM_RETENTION="$(cat "${__object}/parameter/retention-period")"
 
 
 # Install and enable the service
-__evilham_single_binary_service "${__object_id}" \
+__single_binary_service "${__object_id}" \
 	--user "${USER}" \
 	--version "${TYPE_VERSION}" \
 	--checksum "${CHECKSUM}" \


@@ 47,6 47,6 @@ __evilham_single_binary_service "${__object_id}" \
 	--binary "victoria-metrics-prod"
 
 # Create this instance's data dir, with restrictive permissions
-require="__evilham_single_binary_service/${__object_id}" __directory \
+require="__single_binary_service/${__object_id}" __directory \
 	"${WORK_DIR}" --state present \
 	--mode 0750 --owner "${USER}" --group "${USER}"

@@ 38,7 38,7 @@ CONFIG_FILE_PATH="${ETC_DIR}/${SERVICE}.conf"
 CONFIG_FILE_CONTENTS="$(grep -vE "^users:[[:space:]]*$" "${CONFIG_FILE_SOURCE}")"
 
 # Install and enable the service
-__evilham_single_binary_service "${SERVICE}" \
+__single_binary_service "${SERVICE}" \
 	--user "${USER}" \
 	--version "${TYPE_VERSION}" \
 	--checksum "${CHECKSUM}" \