190 lines
5.8 KiB
Clojure
190 lines
5.8 KiB
Clojure
; Copyright (C) 2023 Val Lorentz
|
|
;
|
|
; This program is free software: you can redistribute it and/or modify it under the
|
|
; terms of the GNU Affero General Public License version 3, as published by the Free
|
|
; Software Foundation.
|
|
;
|
|
; This program is distributed in the hope that it will be useful, but WITHOUT ANY
|
|
; WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
|
|
; PARTICULAR PURPOSE. See the GNU Affero General Public License for more details.
|
|
;
|
|
; You should have received a copy of the GNU Affero General Public License along with
|
|
; this program. If not, see <http://www.gnu.org/licenses/>.
|
|
|
|
(ns jable.db
|
|
(:require [clojure.tools.logging :refer :all]
|
|
[clojure.data.json :as json]
|
|
[clojure.string :as str]
|
|
[jepsen [control :as c]
|
|
[db :as db]]
|
|
[jepsen.control.util :as cu]
|
|
[jepsen.control.core :as cc]
|
|
[jepsen.control.scp :as scp]
|
|
[jepsen.os.debian :as debian]))
|
|
|
|
(def sable_binaries ["auth_client" "listener_process" "sable_ircd"])
|
|
|
|
(defn fingerprint
|
|
[node]
|
|
(str/trim (slurp (str "resources/server_" node ".pem.sha1"))))
|
|
|
|
(defn network_conf
|
|
[nodes]
|
|
{
|
|
:fanout 2
|
|
:ca_file "/usr/local/etc/sable/ca_cert.pem"
|
|
|
|
:peers (map (fn [node] {:name node
|
|
:address (str node ":6668")
|
|
:fingerprint (fingerprint node)})
|
|
nodes)})
|
|
|
|
(def network_config_json
|
|
{
|
|
:opers [
|
|
{
|
|
:name "operuser",
|
|
; echo -n "operpassword" | openssl passwd -6 -stdin
|
|
:hash "$6$z5yA.OfGliDoi/R2$BgSsguS6bxAsPSCygDisgDw5JZuo5.88eU3Hyc7/4OaNpeKIxWGjOggeHzOl0xLiZg1vfwxXjOTFN14wG5vNI."
|
|
}
|
|
],
|
|
|
|
:alias_users [
|
|
{
|
|
:nick "ChanServ",
|
|
:user "ChanServ",
|
|
:host "services.",
|
|
:realname "Channel services compatibility layer",
|
|
:command_alias "CS"
|
|
},
|
|
{
|
|
:nick "NickServ",
|
|
:user "NickServ",
|
|
:host "services.",
|
|
:realname "Account services compatibility layer",
|
|
:command_alias "NS"
|
|
}
|
|
],
|
|
|
|
:default_roles {
|
|
"builtin:op" [
|
|
"always_send",
|
|
"op_self", "op_grant", "voice_self", "voice_grant",
|
|
"receive_op", "receive_voice", "receive_opmod",
|
|
"topic", "kick", "set_simple_mode", "set_key",
|
|
"ban_view", "ban_add", "ban_remove_any",
|
|
"quiet_view", "quiet_add", "quiet_remove_any",
|
|
"exempt_view", "exempt_add", "exempt_remove_any",
|
|
"invite_self", "invite_other",
|
|
"invex_view", "invex_add", "invex_remove_any"
|
|
],
|
|
"builtin:voice" [
|
|
"always_send",
|
|
"voice_self",
|
|
"receive_voice",
|
|
"ban_view", "quiet_view"
|
|
],
|
|
:builtin:all [
|
|
"ban_view", "quiet_view"
|
|
]
|
|
},
|
|
|
|
:debug_mode true
|
|
})
|
|
|
|
|
|
(defn server_conf
|
|
[nodes node]
|
|
{
|
|
:server_id (.indexOf nodes node),
|
|
:server_name node,
|
|
:management {
|
|
:address "[::]:8888",
|
|
:client_ca "/usr/local/etc/sable/ca_cert.pem",
|
|
:authorised_fingerprints [],
|
|
},
|
|
:server {
|
|
:listeners [
|
|
{ :address "[::]:6667" }
|
|
]
|
|
},
|
|
:event_log {
|
|
:event_expiry 3600 ; an hour
|
|
},
|
|
:tls_config {
|
|
:key_file (str "/usr/local/etc/sable/server_" node ".key"),
|
|
:cert_file (str "/usr/local/etc/sable/server_" node ".pem"),
|
|
},
|
|
:node_config {
|
|
:listen_addr "[::]:6668",
|
|
:cert_file (str "/usr/local/etc/sable/server_" node ".pem"),
|
|
:key_file (str "/usr/local/etc/sable/server_" node ".key"),
|
|
},
|
|
:log {
|
|
:dir (str "/var/log/"),
|
|
:module-levels {
|
|
"sable" "trace"
|
|
},
|
|
:targets [
|
|
{
|
|
:target "stdout",
|
|
:level "trace",
|
|
:modules [ "sable" "audit" "client_listener" ],
|
|
},
|
|
],
|
|
}
|
|
})
|
|
|
|
(defn configure_node
|
|
[nodes node]
|
|
(c/exec "echo" (json/write-str (network_conf nodes)) :> "/etc/sable/network.conf")
|
|
(c/exec "echo" (json/write-str network_config_json) :> "/etc/sable/network_config.json")
|
|
(c/exec "echo" (json/write-str (server_conf nodes node)) :> "/etc/sable/server.conf"))
|
|
|
|
(def logfile "/var/log/sable_ircd.log")
|
|
(def pidfile "/var/run/sable_ircd.pid")
|
|
|
|
(defn sable
|
|
"Sable IRCd install from binaries in a local directory."
|
|
[sable_bin_path nodes]
|
|
(reify db/DB
|
|
(setup! [_ test node]
|
|
(c/exec "rm" "-rf" "/etc/sable" "/tmp/sable_upload" "/usr/local/etc/sable")
|
|
(c/exec "mkdir" "/tmp/sable_upload" "/etc/sable")
|
|
(info node "configuring Sable")
|
|
(let [remote_tmp_path (c/upload "resources/config"
|
|
"/tmp/sable_upload")]
|
|
(c/su
|
|
(c/exec* "mv" (str remote_tmp_path "/*") "/usr/local/etc/sable/")))
|
|
(c/su (configure_node nodes node))
|
|
(info node "installing Sable from" sable_bin_path)
|
|
(let [remote_tmp_path (c/upload (map (fn [file] (str sable_bin_path file))
|
|
sable_binaries)
|
|
"/tmp/sable_upload")]
|
|
(c/su
|
|
(c/exec* "mv" (str remote_tmp_path "/*") "/usr/local/bin/")))
|
|
(c/su
|
|
(cu/start-daemon!
|
|
{:logfile logfile
|
|
:pidfile pidfile
|
|
:chdir "/usr/local/bin/"}
|
|
"sable_ircd"
|
|
"--foreground"
|
|
"--server-conf" "/etc/sable/server.conf"
|
|
"--network-conf" "/etc/sable/network.conf"
|
|
"--bootstrap-network" "/etc/sable/network_config.json"))
|
|
(Thread/sleep 1000))
|
|
|
|
(teardown! [_ test node]
|
|
(info node "tearing down Sable")
|
|
(cu/stop-daemon! "sable_ircd" pidfile)
|
|
(c/exec "rm" "-f"
|
|
"/var/log/sable_ircd.log"
|
|
(map (fn [file] (str "/usr/local/bin/" file)) sable_binaries))
|
|
(c/exec "rm" "-rf" "/tmp/sable_upload" "/usr/local/etc/sable" "/etc/sable")
|
|
)
|
|
|
|
db/LogFiles
|
|
(log-files [_ test node]
|
|
["/var/log/sable_ircd.log"])))
|