.
This commit is contained in:
commit
821ef85f0a
5 changed files with 256 additions and 0 deletions
80
INSTALL.md
Normal file
80
INSTALL.md
Normal file
|
@ -0,0 +1,80 @@
|
|||
```
|
||||
install crates-pijul, pijul id new, pil21
|
||||
clone pijul-tests manually, run braid.sh first time, del pijul-tests
|
||||
|
||||
cat .profile
|
||||
ulimit -s unlimited
|
||||
ulimit -c unlimited
|
||||
export TZ="Europe/Riga"
|
||||
export EDITOR=micro
|
||||
export PATH=$PATH:~/pil21:~/pijul/target/release:~/.cargo/bin
|
||||
alias xup='sudo pacman -Syu'
|
||||
alias mi='micro'
|
||||
alias xup='sudo pacman -Syu'
|
||||
alias g1='git commit -aqm . && git push -q'
|
||||
alias pdb='pijul reset --force && pijul pull -a && cargo update && nice cargo build --release'
|
||||
alias pi='pijul'
|
||||
alias pin='pijul pull -a'
|
||||
alias pir='pijul rec -am"."'
|
||||
alias pis='pijul diff --short --untracked'
|
||||
alias pre='pijul record -am"." && pijul push -a'
|
||||
|
||||
apk add bash cronie, switch
|
||||
|
||||
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/home/suite/pil21:/home/suite/pijul/target/release:/home/suite/.cargo/bin
|
||||
0 4 * * * /home/suite/pijul-suite/start.l -main 1>/dev/null 2>&1
|
||||
|
||||
acme.sh --register-account -m tankf33der@disroot.org
|
||||
acme.sh --issue -d pulsar.pb1n.de -w /var/www/localhost/htdocs --keylength ec-256
|
||||
acme.sh --install-cert -d pulsar.pb1n.de --key-file /etc/lighttpd/pulsar.key --fullchain-file /etc/lighttpd/pulsar.pem
|
||||
|
||||
apk add opensmptd
|
||||
rc-update add smptd
|
||||
cat secrets
|
||||
myrelay mpech@envs.net:qwerty123
|
||||
cat smtpd.conf
|
||||
table aliases file:/etc/smtpd/aliases
|
||||
table secrets file:/etc/smtpd/secrets
|
||||
listen on lo
|
||||
action "local" maildir alias <aliases>
|
||||
action "relay" relay host smtp+tls://myrelay@mail.envs.net:587 auth <secrets>
|
||||
match for local action "local"
|
||||
match from local for any action "relay"
|
||||
|
||||
server.bind = "0.0.0.0"
|
||||
server.port = "80"
|
||||
$SERVER["socket"] == "[::]:80" { }
|
||||
server.document-root = "/var/www/localhost/htdocs"
|
||||
server.username = "lighttpd"
|
||||
server.groupname = "lighttpd"
|
||||
server.pid-file = "/run/lighttpd.pid"
|
||||
# accesslog.filename = "/var/log/lighttpd/access.log"
|
||||
server.modules = (
|
||||
"mod_redirect",
|
||||
"mod_dirlisting",
|
||||
"mod_openssl",
|
||||
"mod_setenv",
|
||||
# "mod_accesslog"
|
||||
)
|
||||
dir-listing.activate = "enable"
|
||||
dir-listing.set-footer = "lighttpd"
|
||||
|
||||
url.redirect = ("^[^?]*/$" => "$0?C=M&O=A")
|
||||
|
||||
$HTTP["scheme"] == "http" {
|
||||
url.redirect = ("" => "https://${url.authority}${url.path}${qsa}")
|
||||
}
|
||||
|
||||
ssl.privkey = "/etc/lighttpd/pulsar.key"
|
||||
ssl.pemfile = "/etc/lighttpd/pulsar.pem"
|
||||
$SERVER["socket"] == "*:443" {ssl.engine = "enable"}
|
||||
$SERVER["socket"] == "[::]:443" {ssl.engine = "enable"}
|
||||
var.response_header_policy = (
|
||||
"strict-transport-security" => "max-age=63072000; includeSubDomains; preload",
|
||||
"x-frame-options" => "DENY",
|
||||
"x-content-type-options" => "nosniff",
|
||||
"x-xss-protection" => "1; mode=block",
|
||||
"permissions-policy" => "interest-cohort=()"
|
||||
)
|
||||
setenv.set-response-header += var.response_header_policy
|
||||
```
|
14
README.md
Normal file
14
README.md
Normal file
|
@ -0,0 +1,14 @@
|
|||
### Welcome to PulsarCI
|
||||
System can run [tests](https://git.envs.net/mpech/pijul-tests) automagically and send reports:
|
||||
- [web](https://pulsar.pb1n.de/suite)
|
||||
- email
|
||||
- [mastodon](https://mastodon.social/@pijul_status) ([RSS](https://mastodon.social/@pijul_status.rss))
|
||||
|
||||
##### Highlights:
|
||||
- written on greate and the only [PicoLisp](https://picolisp.com) programming language
|
||||
- triggered by cron under reentrance protection
|
||||
- identified by [latest](https://nest.pijul.com/pijul/pijul/changes) hash and run test once
|
||||
- [example](https://pulsar.pb1n.de/EXAMPLE-OK.txt) of report (Apr 2024)
|
||||
- on web latest [report](https://pulsar.pb1n.de/suite) is always on top of deck (sorted by date)
|
||||
|
||||
Happy coding!
|
24
UNLICENSE
Normal file
24
UNLICENSE
Normal file
|
@ -0,0 +1,24 @@
|
|||
This is free and unencumbered software released into the public domain.
|
||||
|
||||
Anyone is free to copy, modify, publish, use, compile, sell, or
|
||||
distribute this software, either in source code form or as a compiled
|
||||
binary, for any purpose, commercial or non-commercial, and by any
|
||||
means.
|
||||
|
||||
In jurisdictions that recognize copyright laws, the author or authors
|
||||
of this software dedicate any and all copyright interest in the
|
||||
software to the public domain. We make this dedication for the benefit
|
||||
of the public at large and to the detriment of our heirs and
|
||||
successors. We intend this dedication to be an overt act of
|
||||
relinquishment in perpetuity of all present and future rights to this
|
||||
software under copyright law.
|
||||
|
||||
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
|
||||
EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
|
||||
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
|
||||
IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY CLAIM, DAMAGES OR
|
||||
OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE,
|
||||
ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
|
||||
OTHER DEALINGS IN THE SOFTWARE.
|
||||
|
||||
For more information, please refer to <http://unlicense.org/>
|
33
sshaudit.cfg
Normal file
33
sshaudit.cfg
Normal file
|
@ -0,0 +1,33 @@
|
|||
#
|
||||
# Custom policy based on ssh.pijul.com (created on 2024/05/26)
|
||||
#
|
||||
|
||||
# The name of this policy (displayed in the output during scans). Must be in quotes.
|
||||
name = "Custom Policy (based on ssh.pijul.com on 2024/05/26)"
|
||||
|
||||
# The version of this policy (displayed in the output during scans). Not parsed, and may be any value, including strings.
|
||||
version = 1
|
||||
|
||||
# The banner that must match exactly. Commented out to ignore banners, since minor variability in the banner is sometimes normal.
|
||||
# banner = "SSH-2.0-thrussh_0.35.1"
|
||||
|
||||
# The compression options that must match exactly (order matters). Commented out to ignore by default.
|
||||
# compressions = none, zlib, zlib@openssh.com
|
||||
|
||||
# Dictionary containing all host key and size information. Optionally contains the certificate authority's signature algorithm ('ca_key_type') and signature length ('ca_key_size'), if any.
|
||||
host_key_sizes = {"rsa-sha2-256": {"hostkey_size": 0}, "ssh-rsa": {"hostkey_size": 0}, "rsa-sha2-512": {"hostkey_size": 0}, "ssh-ed25519": {"hostkey_size": 256}}
|
||||
|
||||
# The host key types that must match exactly (order matters).
|
||||
host keys = ssh-ed25519, rsa-sha2-256, rsa-sha2-512
|
||||
|
||||
# Host key types that may optionally appear.
|
||||
#optional host keys = ssh-ed25519-cert-v01@openssh.com,sk-ssh-ed25519@openssh.com,sk-ssh-ed25519-cert-v01@openssh.com,rsa-sha2-256-cert-v01@openssh.com,rsa-sha2-512-cert-v01@openssh.com
|
||||
|
||||
# The key exchange algorithms that must match exactly (order matters).
|
||||
key exchanges = curve25519-sha256@libssh.org, kex-strict-s-v00@openssh.com
|
||||
|
||||
# The ciphers that must match exactly (order matters).
|
||||
ciphers = chacha20-poly1305@openssh.com
|
||||
|
||||
# The MACs that must match exactly (order matters).
|
||||
macs = none
|
105
start.l
Executable file
105
start.l
Executable file
|
@ -0,0 +1,105 @@
|
|||
#!/usr/bin/env pil
|
||||
(de protection ()
|
||||
(let C 0
|
||||
(in '(pgrep -f start.l)
|
||||
(while (line)
|
||||
(inc 'C) ) )
|
||||
(when (>= C 2) (bye)) ) )
|
||||
(de ok (S)
|
||||
(push '*Res (cons 0 S)) )
|
||||
(de fatal (S)
|
||||
(nil (push '*Res (cons 1 S))) )
|
||||
(de connection ()
|
||||
(if (call 'bash '-c "ssh-audit -t30 -P/home/suite/pijul-suite/sshaudit.cfg ssh.pijul.com > /dev/null")
|
||||
(ok "connect")
|
||||
(throw 'exit) ) )
|
||||
(de pijul-tests ()
|
||||
(if
|
||||
(and
|
||||
(cd "/home/suite")
|
||||
(call 'git 'clone '-q 'https://git.envs.net/mpech/pijul-tests)
|
||||
(cd "/home/suite/pijul-tests")
|
||||
(call 'bash 'braid.sh) )
|
||||
(ok "get tests")
|
||||
(fatal "get tests") ) )
|
||||
(de getstate ()
|
||||
(if
|
||||
(and
|
||||
(cd "/home/suite/pijul")
|
||||
(in '(bash -c "pijul log --hash-only | head -1")
|
||||
(setq *Hash (pack (head 8 (line)))) ) )
|
||||
(ok "get state")
|
||||
(fatal "get state") ) )
|
||||
(de clone ()
|
||||
(if
|
||||
(and
|
||||
(cd "/home/suite")
|
||||
(call '/home/suite/.cargo/bin/pijul 'clone 'tankf33der@ssh.pijul.com:pijul/pijul) )
|
||||
(ok "clone")
|
||||
(fatal "clone") ) )
|
||||
(de recompile ()
|
||||
(if
|
||||
(and
|
||||
(cd "/home/suite/pijul")
|
||||
(call 'cargo 'update)
|
||||
(call 'cargo 'build '--release)
|
||||
(call '/home/suite/pijul/target/release/pijul '-V) )
|
||||
(ok "recompile")
|
||||
(fatal "recompile") ) )
|
||||
(de suite ()
|
||||
(cd "/home/suite/pijul-tests")
|
||||
(for File (sort (dir "./"))
|
||||
(let (C (chop File) Task (pack (car (split C '.))))
|
||||
(when (match '`(chop "@.sh") C)
|
||||
(if (call 'bash File)
|
||||
(ok Task)
|
||||
(fatal Task) ) ) ) ) )
|
||||
(de fin? ()
|
||||
(if (fully '((L) (=0 (car L))) *Res)
|
||||
"-OK"
|
||||
"-FATAL" ) )
|
||||
(de found? ()
|
||||
(t
|
||||
(when (= *Hash (rc *RC 'last))
|
||||
(throw 'exit) ) ) )
|
||||
(de writelog ()
|
||||
(let
|
||||
(Base (pack "/var/www/localhost/htdocs/suite/" *Hash)
|
||||
File (pack Base (fin?) ".txt")
|
||||
Fmt (25 10) )
|
||||
(call 'bash '-c (pack "rm -f " Base "*"))
|
||||
(out File
|
||||
(for L (reverse *Res)
|
||||
(tab
|
||||
Fmt
|
||||
(cdr L)
|
||||
(if (=0 (car L)) 'OK 'FATAL) ) ) ) ) )
|
||||
(de main NIL
|
||||
(protection)
|
||||
(setq *RC "~/.pil/suite")
|
||||
(unless (info *RC)
|
||||
(rc *RC 'last NIL) )
|
||||
# Global state are two vars
|
||||
(let (*Res NIL *Hash "CONNECTION")
|
||||
(catch 'exit
|
||||
(and
|
||||
(connection) # throw 'exit, protection for clone
|
||||
(clone)
|
||||
(getstate)
|
||||
(found?) # throw 'exit, total silent stop
|
||||
(recompile)
|
||||
(pijul-tests)
|
||||
(ok "---------")
|
||||
# never fallthru
|
||||
# always runs and collects all tests
|
||||
(suite) )
|
||||
(writelog)
|
||||
(mail "localhost" 25 "mpech@envs.net" (quote "tankf33der@disroot.org") (pack "pulsarCI: " *Hash (fin?)))
|
||||
(when (= "-OK" (fin?))
|
||||
(rc *RC 'last *Hash) )
|
||||
(call 'toot 'post (pack "pulsarCI: " *Hash (fin?))) )
|
||||
|
||||
(call 'rm '-rf '/home/suite/pijul)
|
||||
(call 'rm '-rf '/home/suite/pijul-tests)
|
||||
(call 'rm '-rf '/home/suite/pijul-tests-data) )
|
||||
(bye) )
|
Loading…
Reference in a new issue