This commit is contained in:
Mike 2024-07-22 20:56:35 +03:00
commit 821ef85f0a
5 changed files with 256 additions and 0 deletions

80
INSTALL.md Normal file
View file

@ -0,0 +1,80 @@
```
install crates-pijul, pijul id new, pil21
clone pijul-tests manually, run braid.sh first time, del pijul-tests
cat .profile
ulimit -s unlimited
ulimit -c unlimited
export TZ="Europe/Riga"
export EDITOR=micro
export PATH=$PATH:~/pil21:~/pijul/target/release:~/.cargo/bin
alias xup='sudo pacman -Syu'
alias mi='micro'
alias xup='sudo pacman -Syu'
alias g1='git commit -aqm . && git push -q'
alias pdb='pijul reset --force && pijul pull -a && cargo update && nice cargo build --release'
alias pi='pijul'
alias pin='pijul pull -a'
alias pir='pijul rec -am"."'
alias pis='pijul diff --short --untracked'
alias pre='pijul record -am"." && pijul push -a'
apk add bash cronie, switch
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/home/suite/pil21:/home/suite/pijul/target/release:/home/suite/.cargo/bin
0 4 * * * /home/suite/pijul-suite/start.l -main 1>/dev/null 2>&1
acme.sh --register-account -m tankf33der@disroot.org
acme.sh --issue -d pulsar.pb1n.de -w /var/www/localhost/htdocs --keylength ec-256
acme.sh --install-cert -d pulsar.pb1n.de --key-file /etc/lighttpd/pulsar.key --fullchain-file /etc/lighttpd/pulsar.pem
apk add opensmptd
rc-update add smptd
cat secrets
myrelay mpech@envs.net:qwerty123
cat smtpd.conf
table aliases file:/etc/smtpd/aliases
table secrets file:/etc/smtpd/secrets
listen on lo
action "local" maildir alias <aliases>
action "relay" relay host smtp+tls://myrelay@mail.envs.net:587 auth <secrets>
match for local action "local"
match from local for any action "relay"
server.bind = "0.0.0.0"
server.port = "80"
$SERVER["socket"] == "[::]:80" { }
server.document-root = "/var/www/localhost/htdocs"
server.username = "lighttpd"
server.groupname = "lighttpd"
server.pid-file = "/run/lighttpd.pid"
# accesslog.filename = "/var/log/lighttpd/access.log"
server.modules = (
"mod_redirect",
"mod_dirlisting",
"mod_openssl",
"mod_setenv",
# "mod_accesslog"
)
dir-listing.activate = "enable"
dir-listing.set-footer = "lighttpd"
url.redirect = ("^[^?]*/$" => "$0?C=M&O=A")
$HTTP["scheme"] == "http" {
url.redirect = ("" => "https://${url.authority}${url.path}${qsa}")
}
ssl.privkey = "/etc/lighttpd/pulsar.key"
ssl.pemfile = "/etc/lighttpd/pulsar.pem"
$SERVER["socket"] == "*:443" {ssl.engine = "enable"}
$SERVER["socket"] == "[::]:443" {ssl.engine = "enable"}
var.response_header_policy = (
"strict-transport-security" => "max-age=63072000; includeSubDomains; preload",
"x-frame-options" => "DENY",
"x-content-type-options" => "nosniff",
"x-xss-protection" => "1; mode=block",
"permissions-policy" => "interest-cohort=()"
)
setenv.set-response-header += var.response_header_policy
```

14
README.md Normal file
View file

@ -0,0 +1,14 @@
### Welcome to PulsarCI
System can run [tests](https://git.envs.net/mpech/pijul-tests) automagically and send reports:
- [web](https://pulsar.pb1n.de/suite)
- email
- [mastodon](https://mastodon.social/@pijul_status) ([RSS](https://mastodon.social/@pijul_status.rss))
##### Highlights:
- written on greate and the only [PicoLisp](https://picolisp.com) programming language
- triggered by cron under reentrance protection
- identified by [latest](https://nest.pijul.com/pijul/pijul/changes) hash and run test once
- [example](https://pulsar.pb1n.de/EXAMPLE-OK.txt) of report (Apr 2024)
- on web latest [report](https://pulsar.pb1n.de/suite) is always on top of deck (sorted by date)
Happy coding!

24
UNLICENSE Normal file
View file

@ -0,0 +1,24 @@
This is free and unencumbered software released into the public domain.
Anyone is free to copy, modify, publish, use, compile, sell, or
distribute this software, either in source code form or as a compiled
binary, for any purpose, commercial or non-commercial, and by any
means.
In jurisdictions that recognize copyright laws, the author or authors
of this software dedicate any and all copyright interest in the
software to the public domain. We make this dedication for the benefit
of the public at large and to the detriment of our heirs and
successors. We intend this dedication to be an overt act of
relinquishment in perpetuity of all present and future rights to this
software under copyright law.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY CLAIM, DAMAGES OR
OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE,
ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
OTHER DEALINGS IN THE SOFTWARE.
For more information, please refer to <http://unlicense.org/>

33
sshaudit.cfg Normal file
View file

@ -0,0 +1,33 @@
#
# Custom policy based on ssh.pijul.com (created on 2024/05/26)
#
# The name of this policy (displayed in the output during scans). Must be in quotes.
name = "Custom Policy (based on ssh.pijul.com on 2024/05/26)"
# The version of this policy (displayed in the output during scans). Not parsed, and may be any value, including strings.
version = 1
# The banner that must match exactly. Commented out to ignore banners, since minor variability in the banner is sometimes normal.
# banner = "SSH-2.0-thrussh_0.35.1"
# The compression options that must match exactly (order matters). Commented out to ignore by default.
# compressions = none, zlib, zlib@openssh.com
# Dictionary containing all host key and size information. Optionally contains the certificate authority's signature algorithm ('ca_key_type') and signature length ('ca_key_size'), if any.
host_key_sizes = {"rsa-sha2-256": {"hostkey_size": 0}, "ssh-rsa": {"hostkey_size": 0}, "rsa-sha2-512": {"hostkey_size": 0}, "ssh-ed25519": {"hostkey_size": 256}}
# The host key types that must match exactly (order matters).
host keys = ssh-ed25519, rsa-sha2-256, rsa-sha2-512
# Host key types that may optionally appear.
#optional host keys = ssh-ed25519-cert-v01@openssh.com,sk-ssh-ed25519@openssh.com,sk-ssh-ed25519-cert-v01@openssh.com,rsa-sha2-256-cert-v01@openssh.com,rsa-sha2-512-cert-v01@openssh.com
# The key exchange algorithms that must match exactly (order matters).
key exchanges = curve25519-sha256@libssh.org, kex-strict-s-v00@openssh.com
# The ciphers that must match exactly (order matters).
ciphers = chacha20-poly1305@openssh.com
# The MACs that must match exactly (order matters).
macs = none

105
start.l Executable file
View file

@ -0,0 +1,105 @@
#!/usr/bin/env pil
(de protection ()
(let C 0
(in '(pgrep -f start.l)
(while (line)
(inc 'C) ) )
(when (>= C 2) (bye)) ) )
(de ok (S)
(push '*Res (cons 0 S)) )
(de fatal (S)
(nil (push '*Res (cons 1 S))) )
(de connection ()
(if (call 'bash '-c "ssh-audit -t30 -P/home/suite/pijul-suite/sshaudit.cfg ssh.pijul.com > /dev/null")
(ok "connect")
(throw 'exit) ) )
(de pijul-tests ()
(if
(and
(cd "/home/suite")
(call 'git 'clone '-q 'https://git.envs.net/mpech/pijul-tests)
(cd "/home/suite/pijul-tests")
(call 'bash 'braid.sh) )
(ok "get tests")
(fatal "get tests") ) )
(de getstate ()
(if
(and
(cd "/home/suite/pijul")
(in '(bash -c "pijul log --hash-only | head -1")
(setq *Hash (pack (head 8 (line)))) ) )
(ok "get state")
(fatal "get state") ) )
(de clone ()
(if
(and
(cd "/home/suite")
(call '/home/suite/.cargo/bin/pijul 'clone 'tankf33der@ssh.pijul.com:pijul/pijul) )
(ok "clone")
(fatal "clone") ) )
(de recompile ()
(if
(and
(cd "/home/suite/pijul")
(call 'cargo 'update)
(call 'cargo 'build '--release)
(call '/home/suite/pijul/target/release/pijul '-V) )
(ok "recompile")
(fatal "recompile") ) )
(de suite ()
(cd "/home/suite/pijul-tests")
(for File (sort (dir "./"))
(let (C (chop File) Task (pack (car (split C '.))))
(when (match '`(chop "@.sh") C)
(if (call 'bash File)
(ok Task)
(fatal Task) ) ) ) ) )
(de fin? ()
(if (fully '((L) (=0 (car L))) *Res)
"-OK"
"-FATAL" ) )
(de found? ()
(t
(when (= *Hash (rc *RC 'last))
(throw 'exit) ) ) )
(de writelog ()
(let
(Base (pack "/var/www/localhost/htdocs/suite/" *Hash)
File (pack Base (fin?) ".txt")
Fmt (25 10) )
(call 'bash '-c (pack "rm -f " Base "*"))
(out File
(for L (reverse *Res)
(tab
Fmt
(cdr L)
(if (=0 (car L)) 'OK 'FATAL) ) ) ) ) )
(de main NIL
(protection)
(setq *RC "~/.pil/suite")
(unless (info *RC)
(rc *RC 'last NIL) )
# Global state are two vars
(let (*Res NIL *Hash "CONNECTION")
(catch 'exit
(and
(connection) # throw 'exit, protection for clone
(clone)
(getstate)
(found?) # throw 'exit, total silent stop
(recompile)
(pijul-tests)
(ok "---------")
# never fallthru
# always runs and collects all tests
(suite) )
(writelog)
(mail "localhost" 25 "mpech@envs.net" (quote "tankf33der@disroot.org") (pack "pulsarCI: " *Hash (fin?)))
(when (= "-OK" (fin?))
(rc *RC 'last *Hash) )
(call 'toot 'post (pack "pulsarCI: " *Hash (fin?))) )
(call 'rm '-rf '/home/suite/pijul)
(call 'rm '-rf '/home/suite/pijul-tests)
(call 'rm '-rf '/home/suite/pijul-tests-data) )
(bye) )