From 7d74493850bd594a3207f855fb57e04084d7bd1f Mon Sep 17 00:00:00 2001
From: Thomas von Dein <tom@vondein.org>
Date: Thu, 12 Dec 2024 13:01:26 +0100
Subject: [PATCH] add devzat chat server

---
 TODO.md                              |  1 +
 group_vars/all/all.yaml              |  4 ++-
 roles/chat/files/devzat              | 20 +++++++++++
 roles/chat/files/devzat.yml          | 18 ++++++++++
 roles/chat/tasks/main.yaml           | 52 ++++++++++++++++++++++++++++
 roles/chat/templates/Bastillefile.j2 |  9 +++++
 roles/network/tasks/main.yaml        |  4 +++
 7 files changed, 107 insertions(+), 1 deletion(-)
 create mode 100644 roles/chat/files/devzat
 create mode 100644 roles/chat/files/devzat.yml
 create mode 100644 roles/chat/tasks/main.yaml
 create mode 100644 roles/chat/templates/Bastillefile.j2

diff --git a/TODO.md b/TODO.md
index 2456a84..b724397 100644
--- a/TODO.md
+++ b/TODO.md
@@ -28,3 +28,4 @@
 Admin id: 82f6872383933e913b31dbb906e4c44ea2937bea9531ac11429f16cee2e5a975
 
 https://github.com/quackduck/devzat
+
diff --git a/group_vars/all/all.yaml b/group_vars/all/all.yaml
index 185c28b..0a4dd13 100644
--- a/group_vars/all/all.yaml
+++ b/group_vars/all/all.yaml
@@ -9,9 +9,11 @@ packages:
   - bash
   - doas
   - knot-resolver
+  - go122
+  - git
 
 # used by bastille to build a base
-release: 14.1-RELEASE
+release: 14.2-RELEASE
 
 # snapshot to install in new vps
 snapshot: FreeBSD-14.2-RELEASE-p0-0-hcloud-init
diff --git a/roles/chat/files/devzat b/roles/chat/files/devzat
new file mode 100644
index 0000000..f713ab8
--- /dev/null
+++ b/roles/chat/files/devzat
@@ -0,0 +1,20 @@
+#!/bin/sh
+
+. /etc/rc.subr
+
+name=devzat
+rcvar=devzat_enable 
+
+start_cmd="${name}_start"
+stop_cmd=":"
+
+load_rc_config $name 
+: ${devzat_enable:=no} 
+: ${devzat_config="/usr/local/etc/devzat.yml"}
+: ${devzat_daemon="/usr/local/sbin/devzat"}
+
+devzat_start() {
+    DEVZAT_CONFIG="${devzat_config}" ${devzat_daemon}
+}
+
+run_rc_command "$1"
diff --git a/roles/chat/files/devzat.yml b/roles/chat/files/devzat.yml
new file mode 100644
index 0000000..5527a5b
--- /dev/null
+++ b/roles/chat/files/devzat.yml
@@ -0,0 +1,18 @@
+# what port to host a server on ($PORT overrides this)
+port: 22
+
+# what port to host profiling on (unimportant)
+profile_port: 5555
+
+# where to store data such as bans and logs
+data_dir: /var/run/devzat-data
+
+# where the SSH private key is stored
+key_file: /var/run/devzat-sshkey
+
+# whether to censor messages (optional)
+censor: false
+
+# a list of admin IDs and notes about them
+admins:
+  82f6872383933e913b31dbb906e4c44ea2937bea9531ac11429f16cee2e5a975: 'Seher Taak: github.com/tlinden'
diff --git a/roles/chat/tasks/main.yaml b/roles/chat/tasks/main.yaml
new file mode 100644
index 0000000..b272203
--- /dev/null
+++ b/roles/chat/tasks/main.yaml
@@ -0,0 +1,52 @@
+---
+- name: build devzat
+  shell: |
+    cd /tmp
+    git clone https://github.com/quackduck/devzat
+    cd /tmp/devzat
+    go build
+  
+- name: create services template dir
+  file:
+    path: "/usr/local/bastille/templates/services/{{ role_name }}"
+    state: directory
+    recurse: yes
+
+- name: copy template config files
+  template:
+    src: Bastillefile.j2
+    dest: "/usr/local/bastille/templates/services/{{ role_name }}/Bastillefile"
+
+- name: create config paths
+  file:
+    path: "/usr/local/bastille/templates/services/{{ role_name }}/{{ item }}/"
+    state: directory
+    recurse: yes
+  loop:
+    - usr/local/etc
+    - usr/local/etc/rc.d
+    - usr/local/sbin
+
+- name: copy devzat binary
+  shell: install -m 755 /tmp/devzat/devzat /usr/local/bastille/templates/services/{{ role_name }}/usr/local/sbin/devzat
+  
+- name: copy devzat config file
+  copy:
+    src: devzat.yml
+    dest: "/usr/local/bastille/templates/services/{{ role_name }}/usr/local/etc/"
+
+- name: copy devzat rc file
+  copy:
+    src: devzat
+    dest: "/usr/local/bastille/templates/services/{{ role_name }}/usr/local/etc/rc.d/"
+
+- name: create jail
+  shell: "bastille create -B {{ role_name }} {{ release }} {{ chatip.stdout }}/64 bridge0"
+  args:
+    creates: /usr/local/bastille/jails/{{ role_name }}
+
+- name: start jail
+  shell: bastille start {{ role_name }} || true
+
+- name: template jail
+  shell: "bastille template {{ role_name }} services/{{ role_name }}"
diff --git a/roles/chat/templates/Bastillefile.j2 b/roles/chat/templates/Bastillefile.j2
new file mode 100644
index 0000000..6d46e2f
--- /dev/null
+++ b/roles/chat/templates/Bastillefile.j2
@@ -0,0 +1,9 @@
+CP usr /
+
+SYSRC sendmail_enable=NONE
+SYSRC tmpsize=500m
+SYSRC tmpmfs=AUTO
+SYSRC clear_tmp_enable=YES
+SYSRC devzat_enable=YES
+
+SERVICE devzat start
diff --git a/roles/network/tasks/main.yaml b/roles/network/tasks/main.yaml
index 77d5542..191a71d 100644
--- a/roles/network/tasks/main.yaml
+++ b/roles/network/tasks/main.yaml
@@ -3,6 +3,10 @@
   shell: echo {{ server_ipv6 }} | sed 's/::1/::2/'
   register: jailip
 
+- name: determine ipv6 jail address
+  shell: echo {{ server_ipv6 }} | sed 's/::1/::3/'
+  register: chatip
+
 - name: determine ipv6 net
   shell: echo '{{ ipv6_network }}/64'
   register: jailnet