From 0778f24b18b6eb61a99efafdcbe0a3b7c04c1337 Mon Sep 17 00:00:00 2001 From: Kat Inskip Date: Sun, 12 Feb 2023 05:49:50 -0800 Subject: [PATCH] feat: many things... --- Pulumi.mew.yaml | 2 + config.yaml | 20 ++- go.mod | 4 +- go.sum | 125 +++++++++++++++++- iac/assimilate.sh | 64 +++++++++ iac/base.nix | 9 ++ iac/config.go | 3 +- iac/device.go | 228 ++++++++++++++++++++++++++++++--- iac/files.go | 29 +++-- iac/hcloud.go | 212 ++++++++++++++++++++++++++++++ iac/record.go | 122 +++++++++++++++--- iac/ssh.go | 91 ------------- iac/zone.go | 4 + kat_pubkey_ssh.pub | 30 +++++ main.go | 6 + modules/common/distributed.nix | 2 +- nixos/common/access.nix | 5 +- nixos/common/autoupgrade.nix | 6 + nixos/common/secrets.nix | 6 + nixos/common/ssh.nix | 4 + systems/koishi.nix | 20 ++- systems/sumireko.nix | 3 +- 22 files changed, 842 insertions(+), 153 deletions(-) create mode 100644 iac/assimilate.sh create mode 100644 iac/base.nix create mode 100644 iac/hcloud.go delete mode 100644 iac/ssh.go create mode 100644 kat_pubkey_ssh.pub create mode 100644 nixos/common/autoupgrade.nix create mode 100644 nixos/common/secrets.nix diff --git a/Pulumi.mew.yaml b/Pulumi.mew.yaml index 3c707a12..23828cdc 100644 --- a/Pulumi.mew.yaml +++ b/Pulumi.mew.yaml @@ -1,6 +1,8 @@ config: cloudflare:apiToken: secure: AAABAFcufTX7tZZf2gcK6hML2tgovDEfcPAJcgjfYkV3GMS4Ilwzuco5p+hCpyj3vCm7cqm3tmdwOLlOFxGqKZGRj+ESXAzv + hcloud:token: + secure: AAABANEbHM3kyyahrtxQXlYCTHVlaenipP+7yqumMluc7rLAUlEh8uXuHWJe6xwqTS8rb8I4d32pKnZEPStt1aQnZSXkAhFiHLWheFF9pEj9dVEwkBLht7cqeRhE4CIV tailscale:apiKey: secure: AAABAGc7s7XJ+voSUNcMmRuVwrUdx3kojn0fdEl6qpUy0WmhgHbk6cEz2/kGSEGhuLGwo3mzOGVTI+NVu6/Xz4PmE9FME++VfE8cz5DFjDrMJ4JdX0DR tailscale:tailnet: inskip.me diff --git a/config.yaml b/config.yaml index b769fe08..67ba345a 100644 --- a/config.yaml +++ b/config.yaml @@ -45,4 +45,22 @@ zones: - kind: txt name: google._domainkey value: v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAziwoHJbM1rmeUiIXOgg0cujTL5BFW9PQOksUhKza1XpDP2rpzTlQr21NFYMJMc08xiE3AbvScMTX0jX3gc7+XoIYLD1VigRRvkyTubVfRmatqj+Pk41Fle1jWXHv5vNIYjjcsUTrpnrXYKoYrz34TtsmYHnu0G9MgmmcQGmbRU+WY+1R/ukhavlgXasfEW6r4tjLgVxQnser1Zjr80AUcu23od/+o+m6C9rDGMMnv6NIc2DOT7Ei6o60458f2Iwcpg38te22dy46A8AeGynbpB9+jF33Se0m22eKk5qZN5mfju/wxWMsl7ifCY/eqLZXRxJaEd5bMI8px5KvZp1TWwIDAQAB - + gensokyo: + name: gensokyo.zone + records: + # TODO: Remove eventually ~ + - kind: cname + name: id + value: marisa.kittywit.ch + - kind: cname + name: home + value: marisa.kittywit.ch + - kind: cname + name: login + value: marisa.kittywit.ch + - kind: cname + name: z2m + value: marisa.kittywit.ch +machines: + ran: + provider: hcloud diff --git a/go.mod b/go.mod index 002deca3..80729e62 100644 --- a/go.mod +++ b/go.mod @@ -5,7 +5,10 @@ go 1.18 require ( github.com/creasty/defaults v1.6.0 github.com/pulumi/pulumi-cloudflare/sdk/v4 v4.15.0 + github.com/pulumi/pulumi-cloudinit/sdk v1.3.0 github.com/pulumi/pulumi-command/sdk v0.7.0 + github.com/pulumi/pulumi-github/sdk/v5 v5.3.0 + github.com/pulumi/pulumi-hcloud/sdk v1.10.2 github.com/pulumi/pulumi-tailscale/sdk v0.11.0 github.com/pulumi/pulumi-tls/sdk/v4 v4.6.1 github.com/pulumi/pulumi/sdk/v3 v3.52.1 @@ -48,7 +51,6 @@ require ( github.com/sabhiram/go-gitignore v0.0.0-20180611051255-d3107576ba94 // indirect github.com/santhosh-tekuri/jsonschema/v5 v5.0.0 // indirect github.com/sergi/go-diff v1.1.0 // indirect - github.com/spf13/cast v1.3.1 // indirect github.com/spf13/cobra v1.4.0 // indirect github.com/spf13/pflag v1.0.5 // indirect github.com/texttheater/golang-levenshtein v0.0.0-20191208221605-eb6844b05fc6 // indirect diff --git a/go.sum b/go.sum index 9b90ae91..bd8748f5 100644 --- a/go.sum +++ b/go.sum @@ -4,6 +4,7 @@ github.com/Microsoft/go-winio v0.4.14/go.mod h1:qXqCSQ3Xa7+6tgxaGTIe4Kpcdsi+P8jB github.com/Microsoft/go-winio v0.4.16/go.mod h1:XB6nPKklQyQ7GC9LdcBEcBl8PF76WugXOPRXwdLnMv0= github.com/Microsoft/go-winio v0.5.2 h1:a9IhgEQBCUEk6QCdml9CiJGhAws+YwffDHEMp1VMrpA= github.com/Microsoft/go-winio v0.5.2/go.mod h1:WpS1mjBmmwHBEWmogvA2mj8546UReBk4v8QkMxJ6pZY= +github.com/OneOfOne/xxhash v1.2.2/go.mod h1:HSdplMjZKSmBqAxg5vPj2TmRDmfkzw+cTzAElWljhcU= github.com/ProtonMail/go-crypto v0.0.0-20210428141323-04723f9f07d7 h1:YoJbenK9C67SkzkDfmQuVln04ygHj3vjZfd9FL+GmQQ= github.com/ProtonMail/go-crypto v0.0.0-20210428141323-04723f9f07d7/go.mod h1:z4/9nQmJSSwwds7ejkxaJwO37dru3geImFUdJlaLzQo= github.com/acomagu/bufpipe v1.0.3 h1:fxAGrHZTgQ9w5QqVItgzwj235/uYZYgbXitB+dLupOk= @@ -11,23 +12,41 @@ github.com/acomagu/bufpipe v1.0.3/go.mod h1:mxdxdup/WdsKVreO5GpW4+M/1CE2sMG4jeGJ github.com/aead/chacha20 v0.0.0-20180709150244-8b13a72661da h1:KjTM2ks9d14ZYCvmHS9iAKVt9AyzRSqNU1qabPih5BY= github.com/aead/chacha20 v0.0.0-20180709150244-8b13a72661da/go.mod h1:eHEWzANqSiWQsof+nXEI9bUVUyV6F53Fp89EuCh2EAA= github.com/alcortesm/tgz v0.0.0-20161220082320-9c5fe88206d7/go.mod h1:6zEj6s6u/ghQa61ZWa/C2Aw3RkjiTBOix7dkqa1VLIs= +github.com/alecthomas/template v0.0.0-20160405071501-a0175ee3bccc/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc= +github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0= +github.com/anmitsu/go-shlex v0.0.0-20161002113705-648efa622239 h1:kFOfPq6dUM1hTo4JG6LR5AXSUEsOjtdm0kw0FtQtMJA= github.com/anmitsu/go-shlex v0.0.0-20161002113705-648efa622239/go.mod h1:2FmKhYUyUczH0OGQWaF5ceTx0UBShxjsH6f8oGKYe2c= +github.com/armon/consul-api v0.0.0-20180202201655-eb2c6b5be1b6/go.mod h1:grANhF5doyWs3UAsr3K4I6qtAmlQcZDesFNEHPZAzj8= +github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5 h1:0CwZNZbxp69SHPdPJAN/hZIm0C4OItdklCFmMRWYpio= github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5/go.mod h1:wHh0iHkYZB8zMSxRWpUBQtwG5a7fFgvEO+odwuTv2gs= +github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q= +github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+CedLV8= github.com/blang/semver v3.5.1+incompatible h1:cQNTCjp13qL8KC3Nbxr/y2Bqb63oX6wdnnjpJbkM4JQ= github.com/blang/semver v3.5.1+incompatible/go.mod h1:kRBLl5iJ+tD4TcOOxsy/0fnwebNt5EWlYSAyrTnjyyk= github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU= +github.com/cespare/xxhash v1.1.0/go.mod h1:XrSqR1VqqWfGrhpAt58auRo0WTKS1nRRg3ghfAqPWnc= github.com/cheggaaa/pb v1.0.18 h1:G/DgkKaBP0V5lnBg/vx61nVxxAU+VqU5yMzSc0f2PPE= github.com/cheggaaa/pb v1.0.18/go.mod h1:pQciLPpbU0oxA0h+VJYYLxO+XeDQb5pZijXscXHm81s= github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw= github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc= +github.com/codahale/hdrhistogram v0.0.0-20161010025455-3a0bb77429bd h1:qMd81Ts1T2OTKmB4acZcyKaMtRnY5Y44NuXGX2GFJ1w= github.com/codahale/hdrhistogram v0.0.0-20161010025455-3a0bb77429bd/go.mod h1:sE/e/2PUdi/liOCUjSTXgM1o87ZssimdTWN964YiIeI= +github.com/coreos/bbolt v1.3.2/go.mod h1:iRUV2dpdMOn7Bo10OQBFzIJO9kkE559Wcmn+qkEiiKk= +github.com/coreos/etcd v3.3.10+incompatible/go.mod h1:uF7uidLiAD3TWHmW31ZFd/JWoc32PjwdhPthX9715RE= +github.com/coreos/go-semver v0.2.0/go.mod h1:nnelYz7RCh+5ahJtPPxZlU+153eP4D4r3EedlOD2RNk= +github.com/coreos/go-systemd v0.0.0-20190321100706-95778dfbb74e/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4= +github.com/coreos/pkg v0.0.0-20180928190104-399ea9e2e55f/go.mod h1:E3G3o1h8I7cfcXa63jLwjI0eiQQMgzzUDFVpN/nH/eA= +github.com/cpuguy83/go-md2man/v2 v2.0.0/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU= github.com/cpuguy83/go-md2man/v2 v2.0.1/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o= github.com/creack/pty v1.1.7/go.mod h1:lj5s0c3V2DBrqTV7llrYr5NG6My20zk30Fl46Y7DoTY= github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E= github.com/creasty/defaults v1.6.0 h1:ltuE9cfphUtlrBeomuu8PEyISTXnxqkBIoQfXgv7BSc= github.com/creasty/defaults v1.6.0/go.mod h1:iGzKe6pbEHnpMPtfDXZEr0NVxWnPTjb1bbDy08fPzYM= github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= +github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= +github.com/dgrijalva/jwt-go v3.2.0+incompatible/go.mod h1:E3ru+11k8xSBh+hMPgOLZmtrrCbhqsmaPHjLKYnJCaQ= +github.com/dgryski/go-sip13 v0.0.0-20181026042036-e10d5fee7954/go.mod h1:vAd38F8PWV+bWy6jNmig1y/TA+kYO4g3RSRF0IAv0no= github.com/djherbis/times v1.2.0 h1:xANXjsC/iBqbO00vkWlYwPWgBgEVU6m6AFYg0Pic+Mc= github.com/djherbis/times v1.2.0/go.mod h1:CGMZlo255K5r4Yw0b9RRfFQpM2y7uOmxg4jm9HsaVf8= github.com/emirpasic/gods v1.12.0 h1:QAUIPSaCu4G+POclxeqb3F+WPpdKqFGlw36+yOzGlrg= @@ -36,26 +55,41 @@ github.com/envoyproxy/go-control-plane v0.9.0/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymF github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4= github.com/envoyproxy/go-control-plane v0.9.4/go.mod h1:6rpuAdCZL397s3pYoYcLgu1mIlRU8Am5FuJP05cCM98= github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c= +github.com/fatih/color v1.9.0 h1:8xPHl4/q1VyqGIPif1F+1V3Y3lSmrq01EabUW3CoW5s= github.com/fatih/color v1.9.0/go.mod h1:eQcE1qtQxscV5RaZvpXrrb8Drkc3/DdQ+uUYCNjL+zU= github.com/flynn/go-shlex v0.0.0-20150515145356-3f9db97f8568/go.mod h1:xEzjJPgXI435gkrCt3MPfRiAkVrwSbHsst4LCFVfpJc= +github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo= github.com/fsnotify/fsnotify v1.4.9/go.mod h1:znqG4EE+3YCdAaPaxE2ZRY/06pZUdp0tY4IgpuI1SZQ= +github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04= +github.com/gliderlabs/ssh v0.2.2 h1:6zsha5zo/TWhRhwqCD3+EarCAgZ2yN28ipRnGPnwkI0= github.com/gliderlabs/ssh v0.2.2/go.mod h1:U7qILu1NlMHj9FlMhZLlkCdDnU1DBEAqr0aevW3Awn0= github.com/go-git/gcfg v1.5.0 h1:Q5ViNfGF8zFgyJWPqYwA7qGFoMTEiBmdlkcfRmpIMa4= github.com/go-git/gcfg v1.5.0/go.mod h1:5m20vg6GwYabIxaOonVkTdrILxQMpEShl1xiMF4ua+E= github.com/go-git/go-billy/v5 v5.2.0/go.mod h1:pmpqyWchKfYfrkb/UVH4otLvyi/5gJlGI4Hb3ZqZ3W0= github.com/go-git/go-billy/v5 v5.3.1 h1:CPiOUAzKtMRvolEKw+bG1PLRpT7D3LIs3/3ey4Aiu34= github.com/go-git/go-billy/v5 v5.3.1/go.mod h1:pmpqyWchKfYfrkb/UVH4otLvyi/5gJlGI4Hb3ZqZ3W0= +github.com/go-git/go-git-fixtures/v4 v4.2.1 h1:n9gGL1Ct/yIw+nfsfr8s4+sbhT+Ncu2SubfXjIWgci8= github.com/go-git/go-git-fixtures/v4 v4.2.1/go.mod h1:K8zd3kDUAykwTdDCr+I0per6Y6vMiRR/nnVTBtavnB0= github.com/go-git/go-git/v5 v5.4.2 h1:BXyZu9t0VkbiHtqrsvdq39UDhGJTl1h55VW6CSC4aY4= github.com/go-git/go-git/v5 v5.4.2/go.mod h1:gQ1kArt6d+n+BGd+/B/I74HwRTLhth2+zti4ihgckDc= +github.com/go-kit/kit v0.8.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as= +github.com/go-logfmt/logfmt v0.3.0/go.mod h1:Qt1PoO58o5twSAckw1HlFXLmHsOX5/0LbT9GBnD5lWE= +github.com/go-logfmt/logfmt v0.4.0/go.mod h1:3RMwSq7FuexP4Kalkev3ejPJsZTpXXBr9+V4qmtdjCk= +github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY= +github.com/gofrs/flock v0.7.1/go.mod h1:F1TvTiK9OcQqauNUHlbJvyl9Qa1QvF/gOUDKA14jxHU= github.com/gofrs/uuid v3.3.0+incompatible h1:8K4tyRfvU1CYPgJsveYFQMhpFd/wXNM7iK6rR7UHz84= github.com/gofrs/uuid v3.3.0+incompatible/go.mod h1:b2aQJv3Z4Fp6yNu3cdSllBxTCLRxnplIgP/c0N/04lM= +github.com/gogo/protobuf v1.1.1/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ= +github.com/gogo/protobuf v1.2.1/go.mod h1:hp+jE20tsWTFYpLwKvXlhS1hjn+gTNwPg2I6zVXpSg4= +github.com/gogo/protobuf v1.3.1/go.mod h1:SlYgWuQ5SjCEi6WLHjHCa1yvBfUnHcTbrrZtXPKa29o= github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q= github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q= github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b h1:VKtxabqXZkF25pY9ekfRL6a582T4P37/31XEstQ5p58= github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q= +github.com/golang/groupcache v0.0.0-20190129154638-5b532d6fd5ef/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= github.com/golang/mock v1.1.1/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A= github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= +github.com/golang/protobuf v1.3.1/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= github.com/golang/protobuf v1.3.2/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= github.com/golang/protobuf v1.3.3/go.mod h1:vzj43D7+SQXF/4pzW/hwtAqwc6iTitCiVSaWz5lYuqw= github.com/golang/protobuf v1.4.0-rc.1/go.mod h1:ceaxUfeHdC40wWswd/P6IGgMaK3YpKi5j83Wpe3EHw8= @@ -68,13 +102,19 @@ github.com/golang/protobuf v1.4.2/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk= github.com/golang/protobuf v1.5.2 h1:ROPKBNFfQgOUMifHyP+KYbvpjbdoFNs+aK7DXlji0Tw= github.com/golang/protobuf v1.5.2/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY= +github.com/google/btree v1.0.0/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ= github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M= github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU= github.com/google/go-cmp v0.3.1/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU= github.com/google/go-cmp v0.4.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.4.1/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= +github.com/google/go-cmp v0.5.6 h1:BKbKCqvP6I+rmFHt06ZmyQtvB8xAkWdhFyr0ZUNZcxQ= github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510/go.mod h1:pupxD2MaaD3pAXIBCelhxNneeOaAeabZDe5s4K6zSpQ= +github.com/gorilla/websocket v1.4.0/go.mod h1:E7qHFY5m1UJ88s3WnNqhKjPHQ0heANvMoAMk2YaljkQ= +github.com/grpc-ecosystem/go-grpc-middleware v1.0.0/go.mod h1:FiyG127CGDf3tlThmgyCl78X/SZQqEOJBCDaAfeWzPs= +github.com/grpc-ecosystem/go-grpc-prometheus v1.2.0/go.mod h1:8NvIoxWQoOIhqOTXgfV/d3M/q6VIi02HzZEHgUlZvzk= +github.com/grpc-ecosystem/grpc-gateway v1.9.0/go.mod h1:vNeuVxBJEsws4ogUvrchl83t/GYV9WGTSLVdBhOQFDY= github.com/grpc-ecosystem/grpc-opentracing v0.0.0-20180507213350-8e809c8a8645 h1:MJG/KsmcqMwFAkh8mTnAwhyKoB+sTAnY4CACC110tbU= github.com/grpc-ecosystem/grpc-opentracing v0.0.0-20180507213350-8e809c8a8645/go.mod h1:6iZfnjpejD4L/4DwD7NryNaJyCQdzwWwH2MWhCA90Kw= github.com/hashicorp/errwrap v1.0.0 h1:hLrqtEDnRye3+sgx6z4qVLNuviH3MR5aQ0ykNJa/UYA= @@ -82,6 +122,7 @@ github.com/hashicorp/errwrap v1.0.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brv github.com/hashicorp/go-multierror v1.0.0 h1:iVjPR7a6H0tWELX5NxNe7bYopibicUzc7uPribsnS6o= github.com/hashicorp/go-multierror v1.0.0/go.mod h1:dHtQlpGsu+cZNNAkkCN/P3hoUDHhCYQXV3UM06sGGrk= github.com/hashicorp/go-version v1.4.0/go.mod h1:fltr4n8CU8Ke44wwGCBoEymUuxUHl09ZGVZPK5anwXA= +github.com/hashicorp/hcl v1.0.0/go.mod h1:E5yfLk+7swimpb2L/Alb/PJmXilQ/rhwaUYs4T20WEQ= github.com/imdario/mergo v0.3.12 h1:b6R2BslTbIEToALKP7LxUvijTsNI9TAe80pLWN2g/HU= github.com/imdario/mergo v0.3.12/go.mod h1:jmQim1M+e3UYxmgPu/WyfjB3N3VflVyUjjjwH0dnCYA= github.com/inconshreveable/mousetrap v1.0.0 h1:Z8tu5sraLXCXIcARxBp/8cbvlwVa7Z1NHg9XEKhtSvM= @@ -90,60 +131,97 @@ github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99 h1:BQSFePA1RWJOl github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99/go.mod h1:1lJo3i6rXxKeerYnT8Nvf0QmHCRC1n8sfWVwXF2Frvo= github.com/jessevdk/go-flags v1.4.0/go.mod h1:4FA24M0QyGHXBuZZK/XkWh8h0e1EYbRYJSGM75WSRxI= github.com/jessevdk/go-flags v1.5.0/go.mod h1:Fw0T6WPc1dYxT4mKEZRfG5kJhaTDP9pj1c2EWnYs/m4= +github.com/jonboulle/clockwork v0.1.0/go.mod h1:Ii8DK3G1RaLaWxj9trq07+26W01tbo22gdxWY5EU2bo= +github.com/julienschmidt/httprouter v1.2.0/go.mod h1:SYymIcj16QtmaHHD7aYtjjsJG7VTCxuUUipMqKk8s4w= github.com/kevinburke/ssh_config v0.0.0-20190725054713-01f96b0aa0cd/go.mod h1:CT57kijsi8u/K/BOFA39wgDQJ9CxiF4nAY/ojJ6r6mM= github.com/kevinburke/ssh_config v0.0.0-20201106050909-4977a11b4351 h1:DowS9hvgyYSX4TO5NpyC606/Z4SxnNYbT+WX27or6Ck= github.com/kevinburke/ssh_config v0.0.0-20201106050909-4977a11b4351/go.mod h1:CT57kijsi8u/K/BOFA39wgDQJ9CxiF4nAY/ojJ6r6mM= +github.com/kisielk/errcheck v1.1.0/go.mod h1:EZBBE59ingxPouuu3KfxchcWSUPOHkagtvWXihfKN4Q= +github.com/kisielk/errcheck v1.2.0/go.mod h1:/BMXB+zMLi60iA8Vv6Ksmxu/1UDYcXs4uQLJ+jE2L00= github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8= github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck= github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ= +github.com/kr/logfmt v0.0.0-20140226030751-b84e30acd515/go.mod h1:+0opPa2QZZtGFBFZlji/RkVcI2GknAs/DXo4wKdlNEc= github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo= +github.com/kr/pretty v0.2.1 h1:Fmg33tUaq4/8ym9TJN1x7sLJnHVwhP33CNkpYV/7rwI= github.com/kr/pretty v0.2.1/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI= github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ= github.com/kr/pty v1.1.8/go.mod h1:O1sed60cT9XZ5uDucP5qwvh+TE3NnUj51EiZO/lmSfw= github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI= +github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY= github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE= +github.com/magiconair/properties v1.8.0/go.mod h1:PppfXfuXeibc/6YijjN8zIbojt8czPbwD3XqdrwzmxQ= +github.com/matryer/is v1.2.0 h1:92UTHpy8CDwaJ08GqLDzhhuixiBUUD1p3AU6PHddz4A= github.com/matryer/is v1.2.0/go.mod h1:2fLPjFQM9rhQ15aVEtbuwhJinnOqrmgXPNdZsdwlWXA= github.com/mattn/go-colorable v0.1.4/go.mod h1:U0ppj6V5qS13XJ6of8GYAs25YV2eR4EVcfRqFIhoBtE= +github.com/mattn/go-colorable v0.1.6 h1:6Su7aK7lXmJ/U79bYtBjLNaha4Fs1Rg9plHpcH+vvnE= github.com/mattn/go-colorable v0.1.6/go.mod h1:u6P/XSegPjTcexA+o6vUJrdnUu04hMope9wVRipJSqc= github.com/mattn/go-isatty v0.0.8/go.mod h1:Iq45c/XA43vh69/j3iqttzPXn0bhXyGjM0Hdxcsrc5s= github.com/mattn/go-isatty v0.0.11/go.mod h1:PhnuNfih5lzO57/f3n+odYbM4JtupLOxQOAqxQCu2WE= github.com/mattn/go-isatty v0.0.12/go.mod h1:cbi8OIDigv2wuxKPP5vlRcQ1OAZbq2CE4Kysco4FUpU= +github.com/mattn/go-isatty v0.0.16 h1:bq3VjFmv/sOjHtdEhmkEV4x1AJtvUvOJ2PFAZ5+peKQ= github.com/mattn/go-runewidth v0.0.8 h1:3tS41NlGYSmhhe/8fhGRzc+z3AYCw1Fe1WAyLuujKs0= github.com/mattn/go-runewidth v0.0.8/go.mod h1:H031xJmbD/WCDINGzjvQ9THkh0rPKHF+m2gUSrubnMI= +github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0= github.com/mitchellh/go-homedir v1.1.0 h1:lukF9ziXFxDFPkA1vsr5zpc1XuPDn/wFntq5mG+4E0Y= github.com/mitchellh/go-homedir v1.1.0/go.mod h1:SfyaCUpYCn1Vlf4IUYiD9fPX4A5wJrkLzIz1N1q0pr0= github.com/mitchellh/go-ps v1.0.0 h1:i6ampVEEF4wQFF+bkYfwYgY+F/uYJDktmvLPf7qIgjc= github.com/mitchellh/go-ps v1.0.0/go.mod h1:J4lOc8z8yJs6vUwklHw2XEIiT4z4C40KtWVN3nvg8Pg= +github.com/mitchellh/mapstructure v1.1.2/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh9fWfEaFds41c1Y= +github.com/mwitkow/go-conntrack v0.0.0-20161129095857-cc309e4a2223/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U= github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e/go.mod h1:zD1mROLANZcx1PVRCS0qkT7pwLkGfwJo4zjcN/Tysno= github.com/nxadm/tail v1.4.8/go.mod h1:+ncqLTQzXmGhMZNUePPaPqPvBxHAIsmXswZKocGu+AU= +github.com/oklog/ulid v1.3.1/go.mod h1:CirwcVhetQ6Lv90oh/F+FBtV6XMibvdAFo93nm5qn4U= github.com/opentracing/basictracer-go v1.0.0 h1:YyUAhaEfjoWXclZVJ9sGoNct7j4TVk7lZWlQw5UXuoo= github.com/opentracing/basictracer-go v1.0.0/go.mod h1:QfBfYuafItcjQuMwinw9GhYKwFXS9KnPs5lxoYwgW74= github.com/opentracing/opentracing-go v1.1.0 h1:pWlfV3Bxv7k65HYwkikxat0+s3pV4bsqf19k25Ur8rU= github.com/opentracing/opentracing-go v1.1.0/go.mod h1:UkNAQd3GIcIGf0SeVgPpRdFStlNbqXla1AfSYxPUl2o= github.com/pelletier/go-buffruneio v0.2.0/go.mod h1:JkE26KsDizTr40EUHkXVtNPvgGtbSNq5BcowyYOWdKo= +github.com/pelletier/go-toml v1.2.0/go.mod h1:5z9KED0ma1S8pY6P1sdut58dfprrGBbd/94hg7ilaic= github.com/pkg/diff v0.0.0-20210226163009-20ebb0f2a09e/go.mod h1:pJLUxLENpZxwdsKMEsNbx1VGcRFpLqf3715MtcvvzbA= +github.com/pkg/errors v0.8.0/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4= github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= github.com/pkg/term v1.1.0 h1:xIAAdCMh3QIAy+5FrE8Ad8XoDhEU4ufwbaSozViP9kk= github.com/pkg/term v1.1.0/go.mod h1:E25nymQcrSllhX42Ok8MRm1+hyBdHY0dCeiKZ9jpNGw= +github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= +github.com/prometheus/client_golang v0.9.1/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXPKyh/dDVn+NZz0KFw= +github.com/prometheus/client_golang v0.9.3/go.mod h1:/TN21ttK/J9q6uSwhBd54HahCDft0ttaMvbicHlPoso= +github.com/prometheus/client_model v0.0.0-20180712105110-5c3871d89910/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo= +github.com/prometheus/client_model v0.0.0-20190129233127-fd36f4220a90/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= +github.com/prometheus/common v0.0.0-20181113130724-41aa239b4cce/go.mod h1:daVV7qP5qjZbuso7PdcryaAu0sAZbrN9i7WWcTMWvro= +github.com/prometheus/common v0.4.0/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4= +github.com/prometheus/procfs v0.0.0-20181005140218-185b4288413d/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk= +github.com/prometheus/procfs v0.0.0-20190507164030-5867b95ac084/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA= +github.com/prometheus/tsdb v0.7.1/go.mod h1:qhTCs0VvXwvX/y3TZrWD7rabWM+ijKTux40TwIPHuXU= github.com/pulumi/pulumi-cloudflare/sdk/v4 v4.15.0 h1:qfebMdTdCfeaSAW/gGeLlSkHI+K7v44AcIj5FEwzwMU= github.com/pulumi/pulumi-cloudflare/sdk/v4 v4.15.0/go.mod h1:V1v0FFcbK5rzT62Qgg6eMHBgHeo3mBkSuAjtHTCFWyA= +github.com/pulumi/pulumi-cloudinit/sdk v1.3.0 h1:Y39otoJYrKUMXIuYWMWsKMQkc0hlcBFBq1RmcU/jwZs= +github.com/pulumi/pulumi-cloudinit/sdk v1.3.0/go.mod h1:bY5zkbdl6FMBZM+gjwoWqR9G/GPuE5SubYfsIjl27Fc= github.com/pulumi/pulumi-command/sdk v0.7.0 h1:gBxTtg6lY29wbu/XZHsLo6Syoc2yieDmTrSAuxLBRb4= github.com/pulumi/pulumi-command/sdk v0.7.0/go.mod h1:YX0Ri1ezMr4mk8j4S/S1gjJpidt63mMG2C+VXDoTlpU= +github.com/pulumi/pulumi-github/sdk/v5 v5.3.0 h1:0BdTSPM3BACuyzfX4m3BuE/541+cCDkgiUx+ZixIpjM= +github.com/pulumi/pulumi-github/sdk/v5 v5.3.0/go.mod h1:QEHTwjPdBMpk4t8vX0/dTQxcpIuV7DzOMEuqCzVe7Sg= +github.com/pulumi/pulumi-hcloud/sdk v1.10.2 h1:fKqtrO+TCxBhZoLP6auPZ2Mnr2h1Frl7FFb2l5Wi0+U= +github.com/pulumi/pulumi-hcloud/sdk v1.10.2/go.mod h1:X/PmtNVGuGwtD1ANKc1BIExDEQAfOzS2UjXTLanVxqE= github.com/pulumi/pulumi-tailscale/sdk v0.11.0 h1:OmWHFLlSaMOc31jkWGvyaDa+HuW7biJ6R4L+/l/gwTQ= github.com/pulumi/pulumi-tailscale/sdk v0.11.0/go.mod h1:H1FaTimvK+hdaHa0rcfw2+DPYQnewBnI5eCcw9DEDXU= github.com/pulumi/pulumi-tls/sdk/v4 v4.6.1 h1:/6DaTsUlz9fuNuJYVMRDwgdTSlp5U2wZ5IXD83iBx8c= github.com/pulumi/pulumi-tls/sdk/v4 v4.6.1/go.mod h1:fG7bnaoul00zCW3rrpS/dwWfko4sZxFVhP+3ml1Jqj0= +github.com/pulumi/pulumi/sdk/v3 v3.14.0/go.mod h1:aT7YmFdR6/T7tp2tMIZ68WRD1Xyv5a6Y4BhsuaCNpW0= +github.com/pulumi/pulumi/sdk/v3 v3.27.0/go.mod h1:VsxW+TGv2VBLe/MeqsAr9r0zKzK/gbAhFT9QxYr24cY= github.com/pulumi/pulumi/sdk/v3 v3.30.0/go.mod h1:hGo/+AL1L4sPL9Ukd/i5bNFM3WHs3dHcA+GKEW7M3RA= github.com/pulumi/pulumi/sdk/v3 v3.52.1 h1:Q61zRZvph+RLgWlPagsyuWXtOcF1IcNlqWNvV1LE+vQ= github.com/pulumi/pulumi/sdk/v3 v3.52.1/go.mod h1:IYcBrkAwKEGRVq7R1ne3XJKB5bcux5eL3M/zqco7d6Y= github.com/rivo/uniseg v0.2.0 h1:S1pD9weZBuJdFmowNwbpi7BJ8TNftyUImj/0WQi72jY= github.com/rivo/uniseg v0.2.0/go.mod h1:J6wj4VEh+S6ZtnVlnTBMWIodfgj8LQOQFoIToxlJtxc= +github.com/rogpeppe/fastuuid v0.0.0-20150106093220-6724a57986af/go.mod h1:XWv6SoW27p1b0cqNHllgS5HIMJraePCO15w5zCzIWYg= github.com/rogpeppe/go-internal v1.8.1 h1:geMPLpDpQOgVyCg5z5GoRwLHepNdb71NXb67XFkP+Eg= github.com/rogpeppe/go-internal v1.8.1/go.mod h1:JeRgkft04UBgHMgCIwADu4Pn6Mtm5d4nPKWu0nJ5d+o= +github.com/russross/blackfriday/v2 v2.0.1/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM= github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM= github.com/sabhiram/go-gitignore v0.0.0-20180611051255-d3107576ba94 h1:G04eS0JkAIVZfaJLjla9dNxkJCPiKIGZlw9AfOhzOD0= github.com/sabhiram/go-gitignore v0.0.0-20180611051255-d3107576ba94/go.mod h1:b18R55ulyQ/h3RaWyloPyER7fWQVZvimKKhnI5OfrJQ= @@ -152,14 +230,23 @@ github.com/santhosh-tekuri/jsonschema/v5 v5.0.0/go.mod h1:FKdcjfQW6rpZSnxxUvEA5H github.com/sergi/go-diff v1.0.0/go.mod h1:0CfEIISq7TuYL3j771MWULgwwjU+GofnZX9QAmXWZgo= github.com/sergi/go-diff v1.1.0 h1:we8PVUC3FE2uYfodKH/nBHMSetSfHDR6scGdBi+erh0= github.com/sergi/go-diff v1.1.0/go.mod h1:STckp+ISIX8hZLjrqAeVduY0gWCT9IjLuqbuNXdaHfM= +github.com/shurcooL/sanitized_anchor_name v1.0.0/go.mod h1:1NzhyTcUVG4SuEtjjoZeVRXNmyL/1OwPU0+IJeTBvfc= +github.com/sirupsen/logrus v1.2.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPxbbu5VWo= github.com/sirupsen/logrus v1.4.1/go.mod h1:ni0Sbl8bgC9z8RoU9G6nDWqqs/fq4eDPysMBDgk/93Q= github.com/sirupsen/logrus v1.7.0/go.mod h1:yWOB1SBYBC5VeMP7gHvWumXLIWorT60ONWic61uBYv0= -github.com/spf13/cast v1.3.1 h1:nFm6S0SMdyzrzcmThSipiEubIDy8WEXKNZ0UOgiRpng= +github.com/soheilhy/cmux v0.1.4/go.mod h1:IM3LyeVVIOuxMH7sFAkER9+bJ4dT7Ms6E4xg4kGIyLM= +github.com/spaolacci/murmur3 v0.0.0-20180118202830-f09979ecbc72/go.mod h1:JwIasOWyU6f++ZhiEuf87xNszmSA2myDM2Kzu9HwQUA= +github.com/spf13/afero v1.1.2/go.mod h1:j4pytiNVoe2o6bmDsKpLACNPDBIoEAkihy7loJ1B0CQ= +github.com/spf13/cast v1.3.0/go.mod h1:Qx5cxh0v+4UWYiBimWS+eyWzqEqokIECu5etghLkUJE= github.com/spf13/cast v1.3.1/go.mod h1:Qx5cxh0v+4UWYiBimWS+eyWzqEqokIECu5etghLkUJE= +github.com/spf13/cobra v1.0.0/go.mod h1:/6GTrnGXV9HjY+aR4k0oJ5tcvakLuG6EuKReYlHNrgE= github.com/spf13/cobra v1.4.0 h1:y+wJpx64xcgO1V+RcnwW0LEHxTKRi2ZDPSBjWnrg88Q= github.com/spf13/cobra v1.4.0/go.mod h1:Wo4iy3BUC+X2Fybo0PDqwJIv3dNRiZLHQymsfxlB84g= +github.com/spf13/jwalterweatherman v1.0.0/go.mod h1:cQK4TGJAtQXfYWX+Ddv3mKDzgVb68N+wFjFa4jdeBTo= +github.com/spf13/pflag v1.0.3/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4= github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA= github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg= +github.com/spf13/viper v1.4.0/go.mod h1:PTJ7Z/lr49W6bUbkmS1V3by4uWynFiR9p7+dSq/yZzE= github.com/src-d/gcfg v1.4.0/go.mod h1:p/UMsR43ujA89BJY9duynAwIpvqEujIH/jFlfL7jWoI= github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= @@ -168,27 +255,38 @@ github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXf github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI= github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4= github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= +github.com/stretchr/testify v1.7.0 h1:nwc3DEeHmmLAfoZucVR881uASk0Mfjw8xYJ99tb5CcY= github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= github.com/texttheater/golang-levenshtein v0.0.0-20191208221605-eb6844b05fc6 h1:9VTskZOIRf2vKF3UL8TuWElry5pgUpV1tFSe/e/0m/E= github.com/texttheater/golang-levenshtein v0.0.0-20191208221605-eb6844b05fc6/go.mod h1:XDKHRm5ThF8YJjx001LtgelzsoaEcvnA7lVWz9EeX3g= +github.com/tmc/grpc-websocket-proxy v0.0.0-20190109142713-0ad062ec5ee5/go.mod h1:ncp9v5uamzpCO7NfCPTXjqaC+bZgJeR0sMTm6dMHP7U= github.com/tweekmonster/luser v0.0.0-20161003172636-3fa38070dbd7 h1:X9dsIWPuuEJlPX//UmRKophhOKCGXc46RVIGuttks68= github.com/tweekmonster/luser v0.0.0-20161003172636-3fa38070dbd7/go.mod h1:UxoP3EypF8JfGEjAII8jx1q8rQyDnX8qdTCs/UQBVIE= github.com/uber/jaeger-client-go v2.22.1+incompatible h1:NHcubEkVbahf9t3p75TOCR83gdUHXjRJvjoBh1yACsM= github.com/uber/jaeger-client-go v2.22.1+incompatible/go.mod h1:WVhlPFC8FDjOFMMWRy2pZqQJSXxYSwNYOkTr/Z6d3Kk= github.com/uber/jaeger-lib v2.2.0+incompatible h1:MxZXOiR2JuoANZ3J6DE/U0kSFv/eJ/GfSYVCjK7dyaw= github.com/uber/jaeger-lib v2.2.0+incompatible/go.mod h1:ComeNDZlWwrWnDv8aPp0Ba6+uUTzImX/AauajbLI56U= +github.com/ugorji/go v1.1.4/go.mod h1:uQMGLiO92mf5W77hV/PUCpI3pbzQx3CRekS0kk+RGrc= github.com/xanzy/ssh-agent v0.2.1/go.mod h1:mLlQY/MoOhWBj+gOGMQkOeiEvkx+8pJSI+0Bx9h2kr4= github.com/xanzy/ssh-agent v0.3.0/go.mod h1:3s9xbODqPuuhK9JV1R321M/FlMZSBvE5aY6eAcqrDh0= github.com/xanzy/ssh-agent v0.3.2 h1:eKj4SX2Fe7mui28ZgnFW5fmTz1EIr7ugo5s6wDxdHBM= github.com/xanzy/ssh-agent v0.3.2/go.mod h1:6dzNDKs0J9rVPHPhaGCukekBHKqfl+L3KghI1Bc68Uw= +github.com/xiang90/probing v0.0.0-20190116061207-43a291ad63a2/go.mod h1:UETIi67q53MR2AWcXfiuqkDkRtnGDLqkBTpCHuJHxtU= +github.com/xordataexchange/crypt v0.0.3-0.20170626215501-b2862e3d0a77/go.mod h1:aYKd//L2LvnjZzWKhF00oedf4jCCReLcmhLdhm1A27Q= github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= +go.etcd.io/bbolt v1.3.2/go.mod h1:IbVyRI1SCnLcuJnV2u8VeU0CEYM7e686BmAb1XKL+uU= +go.uber.org/atomic v1.4.0/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE= go.uber.org/atomic v1.6.0 h1:Ezj3JGmsOnG1MoRWQkPBsKLe9DwWD9QeXzTRzzldNVk= go.uber.org/atomic v1.6.0/go.mod h1:sABNBOSYdrvTF6hTgEIbc7YasKWGhgEQZyfxyTvoXHQ= +go.uber.org/multierr v1.1.0/go.mod h1:wR5kodmAFQ0UK8QlbwjlSNy0Z68gJhDJUG5sjR94q/0= +go.uber.org/zap v1.10.0/go.mod h1:vwi/ZaCAaUcBkycHslxD9B2zi4UTXhF60s6SWpuDF0Q= +golang.org/x/crypto v0.0.0-20180904163835-0709b304e793/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= golang.org/x/crypto v0.0.0-20190219172222-a4c6cb3142f2/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= golang.org/x/crypto v0.0.0-20190701094942-4def268fd1a4/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= +golang.org/x/crypto v0.0.0-20200317142112-1b76d66859c6/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20210322153248-0c34fe9e7dc2/go.mod h1:T9bdIzuCu7OtxOm1hfPfRQxPLYneinmdGuTeoZ9dtd4= golang.org/x/crypto v0.0.0-20210421170649-83a5a9bb288b/go.mod h1:T9bdIzuCu7OtxOm1hfPfRQxPLYneinmdGuTeoZ9dtd4= @@ -200,18 +298,23 @@ golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTk golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU= golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc= golang.org/x/lint v0.0.0-20190930215403-16217165b5de/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc= +golang.org/x/lint v0.0.0-20200302205851-738671d3881b h1:Wh+f8QHJXR411sJR8/vRBTZ7YapZaRvUcLFFJhusH0k= golang.org/x/lint v0.0.0-20200302205851-738671d3881b/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY= golang.org/x/mod v0.1.1-0.20191105210325-c90efee705ee/go.mod h1:QqPTAvyqsEbceGzBzNggFXnrqF1CaUcvgkdR5Ot7KZg= golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= +golang.org/x/net v0.0.0-20181114220301-adae6a3d119a/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= +golang.org/x/net v0.0.0-20181220203305-927f97764cc3/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20190213061140-3a22650c66bd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= +golang.org/x/net v0.0.0-20190522155817-f3200d17e092/go.mod h1:HSz+uSET+XFnRR8LxR5pz3Of3rY3CfYBVs4xY44aLks= golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20190724013045-ca1201d0de80/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= +golang.org/x/net v0.0.0-20200602114024-627f9648deb9/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= golang.org/x/net v0.0.0-20210326060303-6b1517762897/go.mod h1:uSPa2vr4CLtc/ILN5odXGNXS6mhrKVzTaCXzk9m6W3k= @@ -221,11 +324,14 @@ golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= +golang.org/x/sys v0.0.0-20181107165924-66b7b1311ac8/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= +golang.org/x/sys v0.0.0-20181116152217-5ac8a444bdc5/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190221075227-b4e8571b14e0/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190222072716-a9d3bda3a223/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= @@ -239,6 +345,7 @@ golang.org/x/sys v0.0.0-20191026070338-33540a1f6037/go.mod h1:h1NjWce9XRLGQEsW7w golang.org/x/sys v0.0.0-20200116001909-b77594299b42/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200223170610-d5e6a3e2c0ae/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200302150141-5c8b2ff67527/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20200323222414-85ca7c5b95cd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200909081042-eff7692f9009/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= @@ -261,7 +368,10 @@ golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.4.0 h1:BrVqGRd7+k1DiOgtnFvAkoQEWQvBc25ouMJM6429SFg= golang.org/x/text v0.4.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= +golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= +golang.org/x/tools v0.0.0-20180221164845-07fd8470d635/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= +golang.org/x/tools v0.0.0-20181030221726-6c7e314b6563/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3HoIrodX9oNMXvdceNzlUR8zjMvY= golang.org/x/tools v0.0.0-20190311212946-11955173bddd/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= @@ -270,11 +380,14 @@ golang.org/x/tools v0.0.0-20190729092621-ff9f1409240a/go.mod h1:jcCCGcm9btYwXyDq golang.org/x/tools v0.0.0-20191029041327-9cc4af7d6b2c/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20200130002326-2f3ba24bd6e7/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= +golang.org/x/tools v0.0.0-20200608174601-1b747fd94509/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= +golang.org/x/tools v0.1.12 h1:VveCTK38A2rkS8ZqFY25HIDFscX5X9OoEhJd3quQmXU= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= +golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1 h1:go1bK/D/BFZV2I8cIQd1NKEZ+0owSTG1fDTci4IqFcE= golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM= google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= @@ -284,6 +397,7 @@ google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013/go.mod h1:NbSheEEY google.golang.org/genproto v0.0.0-20200608115520-7c474a2e3482 h1:i+Aiej6cta/Frzp13/swvwz5O00kYcSe0A/C5Wd7zX8= google.golang.org/genproto v0.0.0-20200608115520-7c474a2e3482/go.mod h1:jDfRM7FcilCzHH/e9qn6dsT145K34l5v+OpcnNgKAAA= google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= +google.golang.org/grpc v1.21.0/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM= google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg= google.golang.org/grpc v1.25.1/go.mod h1:c3i+UQWmh7LiEpx4sFZnkU36qjEYZ0imhYfXVyQciAY= google.golang.org/grpc v1.27.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk= @@ -303,22 +417,30 @@ google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp0 google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc= google.golang.org/protobuf v1.27.1 h1:SnqbnDw1V7RiZcXPx5MEeqPv2s79L9i7BJUlG/+RurQ= google.golang.org/protobuf v1.27.1/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc= +gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20200227125254-8fa46927fb4f/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= +gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk= gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q= +gopkg.in/cheggaaa/pb.v1 v1.0.28 h1:n1tBJnnK2r7g9OW2btFH91V92STTUevLXYFb8gy9EMk= gopkg.in/cheggaaa/pb.v1 v1.0.28/go.mod h1:V/YB90LKu/1FcN3WVnfiiE5oMCibMjukxqG/qStrOgw= gopkg.in/errgo.v2 v2.1.0/go.mod h1:hNsd1EY+bozCKY1Ytp96fpM3vjJbqLJn88ws8XvfDNI= +gopkg.in/resty.v1 v1.12.0/go.mod h1:mDo4pnntr5jdWRML875a/NmxYqAlA73dVijT2AXvQQo= gopkg.in/src-d/go-billy.v4 v4.3.2/go.mod h1:nDjArDMp+XMs1aFAESLRjfGSgfvoYN0hDfzEk0GjC98= gopkg.in/src-d/go-git-fixtures.v3 v3.5.0/go.mod h1:dLBcvytrw/TYZsNTWCnkNF2DSIlzWYqTe3rJR56Ac7g= gopkg.in/src-d/go-git.v4 v4.13.1/go.mod h1:nx5NYcxdKxq5fpltdHnPa2Exj4Sx0EclMWZQbYDu2z8= gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7/go.mod h1:dt/ZhP58zS4L8KSrWDmTeBkI65Dw0HsyUHuEVlX15mw= gopkg.in/warnings.v0 v0.1.2 h1:wFXVbFY8DY5/xOe1ECiWdKCzZlxgshcYVNkBHstARME= gopkg.in/warnings.v0 v0.1.2/go.mod h1:jksf8JmL6Qr/oQM2OXTHunEvvTAsrWBLb6OOjuVWRNI= +gopkg.in/yaml.v2 v2.0.0-20170812160011-eb3733d160e7/go.mod h1:JAlM8MvJe8wmxCU4Bli9HhUf9+ttbYbLASfIpnQbh74= +gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= +gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.3.0/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= +gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY= gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ= gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= @@ -327,6 +449,7 @@ honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWh honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= lukechampine.com/frand v1.4.2 h1:RzFIpOvkMXuPMBb9maa4ND4wjBn71E1Jpf8BzJHMaVw= lukechampine.com/frand v1.4.2/go.mod h1:4S/TM2ZgrKejMcKMbeLjISpJMO+/eZ1zu3vYX9dtj3s= +pgregory.net/rapid v0.4.7 h1:MTNRktPuv5FNqOO151TM9mDTa+XHcX6ypYeISDVD14g= pgregory.net/rapid v0.4.7/go.mod h1:UYpPVyjFHzYBGHIxLFoupi8vwk6rXNzRY9OMvVxFIOU= sourcegraph.com/sourcegraph/appdash v0.0.0-20190731080439-ebfcffb1b5c0 h1:ucqkfpjg9WzSUubAO62csmucvxl4/JeW3F4I4909XkM= sourcegraph.com/sourcegraph/appdash v0.0.0-20190731080439-ebfcffb1b5c0/go.mod h1:hI742Nqp5OhwiqlzhgfbWU4mW4yO10fP+LoT9WOswdU= diff --git a/iac/assimilate.sh b/iac/assimilate.sh new file mode 100644 index 00000000..75b96938 --- /dev/null +++ b/iac/assimilate.sh @@ -0,0 +1,64 @@ +#!/usr/bin/env bash + +set -e +[ ! -z "$DEBUG" ] && set -x + +USAGE(){ + echo "Usage: `basename $0` " + exit 2 +} + +if [ -z "$1" ]; then + USAGE +fi + +server_name="$1" +public_ip="$2" + +ssh_ignore(){ + ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no $* +} + +ssh_victim(){ + ssh_ignore root@"${public_ip}" $* +} + +mkdir -p "./hosts/${server_name}" +echo "${public_ip}" >> ./hosts/"${server_name}"/public-ip + +until ssh_ignore "root@${server_name}" uname -av +do + sleep 30 +done + +scp -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no "root@${server_name}:/etc/nixos/hardware-configuration.nix" "../systems/${server_name}.nix" ||: + + +rm -f ./hosts/"${server_name}"/default.nix +cat <<-EOC >> ./hosts/"${server_name}"/default.nix +{ ... }: { + imports = [ ./hardware-configuration.nix ]; + + boot.cleanTmpDir = true; + zramSwap.enable = true; + networking.hostName = "${server_name}"; + services.openssh.enable = true; + services.tailscale.enable = true; + networking.firewall.checkReversePath = "loose"; + users.users.root.openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIM6NPbPIcCTzeEsjyx0goWyj6fr2qzcfKCCdOUqg0N/v" # alrest + ]; + system.stateVersion = "23.05"; +} +EOC + +git add . +git commit -sm "add machine ${server_name}: ${public_ip}" +nix build .#nixosConfigurations."${server_name}".config.system.build.toplevel + +export NIX_SSHOPTS='-o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no' +nix-copy-closure -s root@"${public_ip}" $(readlink ./result) +ssh_victim nix-env --profile /nix/var/nix/profiles/system --set $(readlink ./result) +ssh_victim $(readlink ./result)/bin/switch-to-configuration switch + +git push \ No newline at end of file diff --git a/iac/base.nix b/iac/base.nix new file mode 100644 index 00000000..721d759f --- /dev/null +++ b/iac/base.nix @@ -0,0 +1,9 @@ +_: let + hostConfig = {HOSTCONFIG}; +in { + arch = "{ARCHITECTURE}"; + type = "NixOS"; + modules = [ + hostConfig + ]; +} diff --git a/iac/config.go b/iac/config.go index 0cd46194..4d69883b 100644 --- a/iac/config.go +++ b/iac/config.go @@ -1,5 +1,6 @@ package iac type KatConfig struct { - Zones map[string]Zone `yaml:"zones"` + Zones map[string]Zone `yaml:"zones"` + Machines map[string]Machine `yaml:"machines"` } diff --git a/iac/device.go b/iac/device.go index 47f30402..6cb609db 100644 --- a/iac/device.go +++ b/iac/device.go @@ -1,7 +1,9 @@ package iac import ( + "crypto/ed25519" "crypto/rand" + "crypto/rsa" "fmt" "github.com/pulumi/pulumi-command/sdk/go/command/remote" "github.com/pulumi/pulumi-tailscale/sdk/go/tailscale" @@ -42,20 +44,27 @@ func (t *Tailnet) handle(ctx *pulumi.Context, zone *Zone, CAKey *tls.PrivateKey, } type Device struct { - Addresses []string - Id string - Name string - Hostname string - Tailskip string - Tags []string - User string - Files []*remote.Command - Context *pulumi.Context - Records []DNSRecord - PrivateKey *tls.PrivateKey - TLSCertRequest *tls.CertRequest - TLSCert *tls.LocallySignedCert - OSHCertificate pulumi.StringOutput + Addresses []string + Id string + Name string + Hostname string + Tailskip string + Tags []string + User string + Files []*remote.Command + Context *pulumi.Context + Records []DNSRecord + PrivateKey *tls.PrivateKey + PrivateKeyED25519 *tls.PrivateKey + PrivateKeyUser *tls.PrivateKey + PrivateKeyED25519User *tls.PrivateKey + TLSCertRequest *tls.CertRequest + TLSCert *tls.LocallySignedCert + OSHCertificate pulumi.StringOutput + OSHCertificateED25519 pulumi.StringOutput + OSHCertificateUser pulumi.StringOutput + OSHCertificateED25519User pulumi.StringOutput + OSHCACert pulumi.StringOutput } func (d *Device) handle(ctx *pulumi.Context, zone *Zone, CAKey *tls.PrivateKey, CACert *tls.SelfSignedCert) (err error) { @@ -71,9 +80,9 @@ func (d *Device) handle(ctx *pulumi.Context, zone *Zone, CAKey *tls.PrivateKey, if err != nil { return err } - if d.Hostname != "koishi" && d.Hostname != "tewi" { - return err - } + if d.Hostname != "koishi" && d.Hostname != "tewi" { + return err + } err = d.handleTLS(CAKey, CACert) if err != nil { return err @@ -85,7 +94,30 @@ func (d *Device) handle(ctx *pulumi.Context, zone *Zone, CAKey *tls.PrivateKey, return err } +func PrivateKeyOpenSSHToRSAPrivateKey(keyPEM string) (key *rsa.PrivateKey, err error) { + key_int, err := ssh.ParseRawPrivateKey([]byte(keyPEM)) + key_raw := key_int.(*rsa.PrivateKey) + if err != nil { + return nil, err + } + return key_raw, err +} + +func PrivateKeyOpenSSHToED25519PrivateKey(keyPEM string) (key *ed25519.PrivateKey, err error) { + key_int, err := ssh.ParseRawPrivateKey([]byte(keyPEM)) + key_raw := key_int.(*ed25519.PrivateKey) + if err != nil { + return nil, err + } + return key_raw, err +} + +/* + */ func (d *Device) handleOSH(CAKey *tls.PrivateKey) (err error) { + d.OSHCACert = CAKey.PublicKeyOpenssh + file, err := CreatePulumiFile(d.Context, fmt.Sprintf("%s-osh-ca-cert", d.Hostname), d.Tailskip, pulumi.Sprintf("@certificate-authority * %s", d.OSHCACert), []pulumi.Resource{CAKey}) + d.Files = append(d.Files, file) d.OSHCertificate = CAKey.PrivateKeyOpenssh.ApplyT(func(CAPriv string) pulumi.StringOutput { OSHCertificate_ := d.PrivateKey.PrivateKeyOpenssh.ApplyT(func(UserPriv string) pulumi.String { CARSAPriv, err := PrivateKeyOpenSSHToRSAPrivateKey(CAPriv) @@ -122,7 +154,121 @@ func (d *Device) handleOSH(CAKey *tls.PrivateKey) (err error) { }).(pulumi.StringOutput) return OSHCertificate_ }).(pulumi.StringOutput) - file, err := CreatePulumiFile(d.Context, fmt.Sprintf("%s-osh-cert", d.Hostname), d.Tailskip, d.OSHCertificate, []pulumi.Resource{d.PrivateKey, CAKey}) + d.OSHCertificateED25519 = CAKey.PrivateKeyOpenssh.ApplyT(func(CAPriv string) pulumi.StringOutput { + OSHCertificate_ := d.PrivateKeyED25519.PrivateKeyOpenssh.ApplyT(func(UserPriv string) pulumi.String { + CARSAPriv, err := PrivateKeyOpenSSHToRSAPrivateKey(CAPriv) + if err != nil { + panic(err) + } + signer, err := ssh.NewSignerFromKey(CARSAPriv) + if err != nil { + panic(err) + } + var cert ssh.Certificate + cert.Nonce = make([]byte, 32) + cert.CertType = 2 + UserED25519Priv, err := PrivateKeyOpenSSHToED25519PrivateKey(UserPriv) + if err != nil { + panic(err) + } + cert.Key, err = ssh.NewPublicKey(UserED25519Priv.Public()) + if err != nil { + panic(err) + } + cert.Serial = 0 + cert.KeyId = d.Tailskip + cert.ValidPrincipals = []string{d.Tailskip} + cert.ValidAfter = 60 + threeMonths, err := time.ParseDuration("730h") + if err != nil { + panic(err) + } + threeMonthsInSeconds := uint64(threeMonths.Seconds()) + cert.ValidBefore = threeMonthsInSeconds + err = cert.SignCert(rand.Reader, signer) + return pulumi.String(string(ssh.MarshalAuthorizedKey(&cert))) + }).(pulumi.StringOutput) + return OSHCertificate_ + }).(pulumi.StringOutput) + file, err = CreatePulumiFile(d.Context, fmt.Sprintf("%s-osh-cert", d.Hostname), d.Tailskip, d.OSHCertificate, []pulumi.Resource{d.PrivateKey, CAKey}) + d.Files = append(d.Files, file) + file, err = CreatePulumiFile(d.Context, fmt.Sprintf("%s-osh-ed25519-cert", d.Hostname), d.Tailskip, d.OSHCertificateED25519, []pulumi.Resource{d.PrivateKeyED25519, CAKey}) + d.Files = append(d.Files, file) + d.OSHCertificateUser = CAKey.PrivateKeyOpenssh.ApplyT(func(CAPriv string) pulumi.StringOutput { + OSHCertificate_ := d.PrivateKeyUser.PrivateKeyOpenssh.ApplyT(func(UserPriv string) pulumi.String { + CARSAPriv, err := PrivateKeyOpenSSHToRSAPrivateKey(CAPriv) + if err != nil { + panic(err) + } + signer, err := ssh.NewSignerFromKey(CARSAPriv) + if err != nil { + panic(err) + } + var cert ssh.Certificate + cert.Nonce = make([]byte, 32) + cert.CertType = 1 + UserRSAPriv, err := PrivateKeyOpenSSHToRSAPrivateKey(UserPriv) + if err != nil { + panic(err) + } + cert.Key, err = ssh.NewPublicKey(UserRSAPriv.Public()) + if err != nil { + panic(err) + } + cert.Serial = 0 + cert.KeyId = d.Tailskip + cert.ValidPrincipals = []string{d.Tailskip} + cert.ValidAfter = 60 + threeMonths, err := time.ParseDuration("730h") + if err != nil { + panic(err) + } + threeMonthsInSeconds := uint64(threeMonths.Seconds()) + cert.ValidBefore = threeMonthsInSeconds + err = cert.SignCert(rand.Reader, signer) + return pulumi.String(string(ssh.MarshalAuthorizedKey(&cert))) + }).(pulumi.StringOutput) + return OSHCertificate_ + }).(pulumi.StringOutput) + d.OSHCertificateED25519User = CAKey.PrivateKeyOpenssh.ApplyT(func(CAPriv string) pulumi.StringOutput { + OSHCertificate_ := d.PrivateKeyED25519User.PrivateKeyOpenssh.ApplyT(func(UserPriv string) pulumi.String { + CARSAPriv, err := PrivateKeyOpenSSHToRSAPrivateKey(CAPriv) + if err != nil { + panic(err) + } + signer, err := ssh.NewSignerFromKey(CARSAPriv) + if err != nil { + panic(err) + } + var cert ssh.Certificate + cert.Nonce = make([]byte, 32) + cert.CertType = 2 + UserED25519Priv, err := PrivateKeyOpenSSHToED25519PrivateKey(UserPriv) + if err != nil { + panic(err) + } + cert.Key, err = ssh.NewPublicKey(UserED25519Priv.Public()) + if err != nil { + panic(err) + } + cert.Serial = 0 + cert.KeyId = d.Tailskip + cert.ValidPrincipals = []string{d.Tailskip} + cert.ValidAfter = 60 + threeMonths, err := time.ParseDuration("730h") + if err != nil { + panic(err) + } + threeMonthsInSeconds := uint64(threeMonths.Seconds()) + cert.ValidBefore = threeMonthsInSeconds + err = cert.SignCert(rand.Reader, signer) + return pulumi.String(string(ssh.MarshalAuthorizedKey(&cert))) + }).(pulumi.StringOutput) + return OSHCertificate_ + }).(pulumi.StringOutput) + file, err = CreatePulumiFile(d.Context, fmt.Sprintf("%s-osh-user-cert", d.Hostname), d.Tailskip, d.OSHCertificateUser, []pulumi.Resource{d.PrivateKey, CAKey}) + d.Files = append(d.Files, file) + file, err = CreatePulumiFile(d.Context, fmt.Sprintf("%s-osh-ed25519-user-cert", d.Hostname), d.Tailskip, d.OSHCertificateED25519User, []pulumi.Resource{d.PrivateKeyED25519, CAKey}) d.Files = append(d.Files, file) return err } @@ -155,10 +301,41 @@ func (d *Device) handleTLS(CAKey *tls.PrivateKey, CACert *tls.SelfSignedCert) (e Algorithm: pulumi.String("RSA"), RsaBits: pulumi.Int(4096), }, pulumi.DependsOn(PrivateKeyDepends)) + if err != nil { return err } + + d.PrivateKeyUser, err = tls.NewPrivateKey(d.Context, fmt.Sprintf("%s-user-key", d.Hostname), &tls.PrivateKeyArgs{ + Algorithm: pulumi.String("RSA"), + RsaBits: pulumi.Int(4096), + }, pulumi.DependsOn(PrivateKeyDepends)) + + if err != nil { + return err + } + + d.PrivateKeyED25519, err = tls.NewPrivateKey(d.Context, fmt.Sprintf("%s-ed25519-key", d.Hostname), &tls.PrivateKeyArgs{ + Algorithm: pulumi.String("ED25519"), + RsaBits: pulumi.Int(4096), + }, pulumi.DependsOn(PrivateKeyDepends)) + + if err != nil { + return err + } + d.PrivateKeyED25519User, err = tls.NewPrivateKey(d.Context, fmt.Sprintf("%s-ed25519-user-key", d.Hostname), &tls.PrivateKeyArgs{ + Algorithm: pulumi.String("ED25519"), + RsaBits: pulumi.Int(4096), + }, pulumi.DependsOn(PrivateKeyDepends)) + + if err != nil { + return err + } + PrivateKeyED25519Depends := append(PrivateKeyDepends, d.PrivateKeyED25519) PrivateKeyDepends = append(PrivateKeyDepends, d.PrivateKey) + PrivateKeyED25519UserDepends := append(PrivateKeyDepends, d.PrivateKeyED25519User) + PrivateKeyUserDepends := append(PrivateKeyDepends, d.PrivateKeyUser) + file, err := CreatePulumiFile(d.Context, fmt.Sprintf("%s-pem-pk", d.Hostname), d.Tailskip, d.PrivateKey.PrivateKeyPem, PrivateKeyDepends) if err != nil { return err @@ -169,6 +346,21 @@ func (d *Device) handleTLS(CAKey *tls.PrivateKey, CACert *tls.SelfSignedCert) (e return err } d.Files = append(d.Files, file) + file, err = CreatePulumiFile(d.Context, fmt.Sprintf("%s-osh-user-pk", d.Hostname), d.Tailskip, d.PrivateKeyUser.PrivateKeyOpenssh, PrivateKeyUserDepends) + if err != nil { + return err + } + d.Files = append(d.Files, file) + file, err = CreatePulumiFile(d.Context, fmt.Sprintf("%s-ed25519-osh-pk", d.Hostname), d.Tailskip, d.PrivateKeyED25519.PrivateKeyOpenssh, PrivateKeyED25519Depends) + if err != nil { + return err + } + d.Files = append(d.Files, file) + file, err = CreatePulumiFile(d.Context, fmt.Sprintf("%s-ed25519-osh-user-pk", d.Hostname), d.Tailskip, d.PrivateKeyED25519User.PrivateKeyOpenssh, PrivateKeyED25519UserDepends) + if err != nil { + return err + } + d.Files = append(d.Files, file) TLSCertRequestDepends := []pulumi.Resource{CAKey, CACert, d.PrivateKey} d.TLSCertRequest, err = tls.NewCertRequest(d.Context, fmt.Sprintf("%s-tls-cr", d.Hostname), &tls.CertRequestArgs{ PrivateKeyPem: d.PrivateKey.PrivateKeyPem, diff --git a/iac/files.go b/iac/files.go index cda98bd9..cf61050c 100644 --- a/iac/files.go +++ b/iac/files.go @@ -6,24 +6,25 @@ import ( ) func CreatePulumiFile(ctx *pulumi.Context, name string, fqdn string, value pulumi.StringOutput, resources []pulumi.Resource) (*remote.Command, error) { - environment := goMapToPulumiMap(map[string]string{ - "PULUMI_SKIP_UPDATE_CHECK": "true", - }) - port := 22 - user := "deploy" - if fqdn == "tewi.inskip.me" { - port = 62954 - user = "root" - } - return remote.NewCommand(ctx, name, &remote.CommandArgs{ + port := 22 + user := "deploy" + if fqdn == "tewi.inskip.me" { + port = 62954 + user = "root" + } + ctx.Export(name, value) + return remote.NewCommand(ctx, name, &remote.CommandArgs{ Connection: &remote.ConnectionArgs{ Host: pulumi.String(fqdn), Port: pulumi.Float64Ptr(float64(port)), User: pulumi.String(user), AgentSocketPath: pulumi.String("/Users/kat/.gnupg/S.gpg-agent.ssh"), }, - Create: pulumi.Sprintf("sudo mkdir -p /var/lib/secrets && cd /var/lib/secrets && echo \"%s\" | sudo tee \"%s\"", value, name), - Delete: pulumi.Sprintf("cd /var/lib/secrets && rm %s", name), - Environment: environment, - }, pulumi.DependsOn(resources)) + Triggers: pulumi.All(resources), + Create: pulumi.Sprintf("sudo mkdir -p /var/lib/secrets && echo \"%s\" | sudo tee \"/var/lib/secrets/%s\"", value, name), + Delete: pulumi.Sprintf("cd /var/lib/secrets && rm %s", name), + Environment: pulumi.StringMap{ + "PULUMI_SKIP_UPDATE_CHECK": pulumi.String("true"), + }, + }, pulumi.DependsOn(resources), pulumi.IgnoreChanges([]string{"create"})) } diff --git a/iac/hcloud.go b/iac/hcloud.go new file mode 100644 index 00000000..0668e6e8 --- /dev/null +++ b/iac/hcloud.go @@ -0,0 +1,212 @@ +package iac + +import ( + "fmt" + "github.com/pulumi/pulumi-cloudflare/sdk/v4/go/cloudflare" + "github.com/pulumi/pulumi-cloudinit/sdk/go/cloudinit" + "github.com/pulumi/pulumi-hcloud/sdk/go/hcloud" + "github.com/pulumi/pulumi-tailscale/sdk/go/tailscale" + "github.com/pulumi/pulumi/sdk/v3/go/pulumi" + "strconv" +) + +type Machine struct { + Hostname string + Network *hcloud.Network + NetworkSubnet *hcloud.NetworkSubnet + NetworkID pulumi.IntOutput + TailnetKey *tailscale.TailnetKey + CloudInit *cloudinit.Config + IPv4 *hcloud.PrimaryIp + IPv6 *hcloud.PrimaryIp + RDNSv4 *hcloud.Rdns + RDNSv6 *hcloud.Rdns + Server *hcloud.Server + Recordv4 DNSRecord + Recordv6 DNSRecord +} + +func (m *Machine) Handle(ctx *pulumi.Context, name string) (err error) { + m.Hostname = name + + m.Network, err = hcloud.NewNetwork(ctx, "network", &hcloud.NetworkArgs{ + IpRange: pulumi.String("10.0.0.0/16"), + }) + if err != nil { + return err + } + + m.NetworkID = m.Network.ID().ApplyT(func(content pulumi.ID) (content_ int, err error) { + return strconv.Atoi(string(content)) + }).(pulumi.IntOutput) + + m.NetworkSubnet, err = hcloud.NewNetworkSubnet(ctx, "network-subnet", &hcloud.NetworkSubnetArgs{ + NetworkId: m.NetworkID, + Type: pulumi.String("cloud"), + NetworkZone: pulumi.String("us-west"), + IpRange: pulumi.String("10.0.1.0/24"), + }) + if err != nil { + return err + } + m.TailnetKey, err = tailscale.NewTailnetKey(ctx, "tailscaleKey", &tailscale.TailnetKeyArgs{ + Ephemeral: pulumi.Bool(false), + Preauthorized: pulumi.Bool(true), + Reusable: pulumi.Bool(true), + }) + if err != nil { + return err + } + + m.CloudInit, err = cloudinit.NewConfig(ctx, "ran", &cloudinit.ConfigArgs{ + Gzip: pulumi.Bool(false), + Base64Encode: pulumi.Bool(false), + Parts: cloudinit.ConfigPartArray{ + &cloudinit.ConfigPartArgs{ + Content: pulumi.Sprintf(`#cloud-config +write_files: +- path: /etc/tailscale/authkey + permissions: '0600' + content: "%s" +- path: /etc/nixos/katdefaults.nix + permissions: '0644' + content: | + { pkgs, ... }: + { + services.tailscale.enable = true; + + systemd.services.tailscale-autoconnect = { + description = "Automatic connection to Tailscale"; + after = [ "network-pre.target" "tailscale.service" ]; + wants = [ "network-pre.target" "tailscale.service" ]; + wantedBy = [ "multi-user.target" ]; + serviceConfig.Type = "oneshot"; + path = with pkgs; [ jq tailscale ]; + script = '' + sleep 2 + status="$(tailscale status -json | jq -r .BackendState)" + if [ $status = "Running" ]; then # if so, then do nothing + exit 0 + fi + tailscale up --authkey $(cat /etc/tailscale/authkey) --ssh + ''; + }; + } +runcmd: +- sed -i 's:#.*$::g' /root/.ssh/authorized_keys +- curl https://raw.githubusercontent.com/elitak/nixos-infect/master/nixos-infect | NIXOS_IMPORT=./katdefaults.nix NIX_CHANNEL=nixos-unstable bash 2>&1 | tee /tmp/infect.log +- nixos-generate-config --dir ./ +`, m.TailnetKey.Key), + ContentType: pulumi.String("text/x-shellscript"), + Filename: pulumi.String("nixos-infect"), + }, + }, + }) + if err != nil { + return err + } + + m.IPv4, err = hcloud.NewPrimaryIp(ctx, "ran-v4", &hcloud.PrimaryIpArgs{ + Datacenter: pulumi.String("hil-dc1"), + Type: pulumi.String("ipv4"), + AssigneeType: pulumi.String("server"), + AutoDelete: pulumi.Bool(true), + Labels: pulumi.Map{ + "host": pulumi.Any("ran"), + }, + }) + if err != nil { + return err + } + + m.IPv6, err = hcloud.NewPrimaryIp(ctx, "ran-v6", &hcloud.PrimaryIpArgs{ + Datacenter: pulumi.String("hil-dc1"), + Type: pulumi.String("ipv6"), + AssigneeType: pulumi.String("server"), + AutoDelete: pulumi.Bool(true), + Labels: pulumi.Map{ + "host": pulumi.Any("ran"), + }, + }) + if err != nil { + return err + } + + m.Server, err = hcloud.NewServer(ctx, m.Hostname, &hcloud.ServerArgs{ + Name: pulumi.String(m.Hostname), + ServerType: pulumi.String("cpx21"), + Image: pulumi.String("ubuntu-22.04"), + Datacenter: pulumi.String("hil-dc1"), + UserData: m.CloudInit.Rendered, + PublicNets: hcloud.ServerPublicNetArray{ + &hcloud.ServerPublicNetArgs{ + Ipv4Enabled: pulumi.Bool(true), + Ipv4: m.IPv4.ID().ApplyT(func(content pulumi.ID) (content_ int, err error) { + return strconv.Atoi(string(content)) + }).(pulumi.IntOutput), + Ipv6Enabled: pulumi.Bool(true), + Ipv6: m.IPv6.ID().ApplyT(func(content pulumi.ID) (content_ int, err error) { + return strconv.Atoi(string(content)) + }).(pulumi.IntOutput), + }, + }, + Networks: hcloud.ServerNetworkTypeArray{ + &hcloud.ServerNetworkTypeArgs{ + NetworkId: m.NetworkID, + Ip: pulumi.String("10.0.1.5"), + AliasIps: pulumi.StringArray{ + pulumi.String("10.0.1.6"), + pulumi.String("10.0.1.7"), + }, + }, + }, + }, pulumi.DependsOn([]pulumi.Resource{ + m.NetworkSubnet, + })) + if err != nil { + return err + } + m.RDNSv4, err = hcloud.NewRdns(ctx, fmt.Sprintf("%s-v4", m.Hostname), &hcloud.RdnsArgs{ + ServerId: m.Server.ID().ApplyT(func(content pulumi.ID) (content_ int, err error) { + return strconv.Atoi(string(content)) + }).(pulumi.IntOutput), + IpAddress: m.Server.Ipv4Address, + DnsPtr: pulumi.String("ran.gensokyo.zone"), + }) + m.RDNSv6, err = hcloud.NewRdns(ctx, fmt.Sprintf("%s-v6", m.Hostname), &hcloud.RdnsArgs{ + ServerId: m.Server.ID().ApplyT(func(content pulumi.ID) (content_ int, err error) { + return strconv.Atoi(string(content)) + }).(pulumi.IntOutput), + IpAddress: m.Server.Ipv6Address, + DnsPtr: pulumi.String("ran.gensokyo.zone"), + }) + + zoneName := "gensokyo.zone" + + gensokyo, err := cloudflare.LookupZone(ctx, &cloudflare.LookupZoneArgs{ + Name: &zoneName, + }) + if err != nil { + return err + } + + m.Recordv4 = DNSRecord{ + Higher: String, + Name: m.Hostname, + Kind: A, + RawValue: m.Server.Ipv4Address, + Ttl: 3600, + } + m.Recordv4.handleValue(ctx, gensokyo) + + m.Recordv6 = DNSRecord{ + Higher: String, + Name: m.Hostname, + Kind: AAAA, + RawValue: m.Server.Ipv6Address, + Ttl: 3600, + } + m.Recordv6.handleValue(ctx, gensokyo) + + return err +} diff --git a/iac/record.go b/iac/record.go index 70695230..d201ea5e 100644 --- a/iac/record.go +++ b/iac/record.go @@ -12,25 +12,32 @@ import ( type DNSRecordType string +type HigherType uint16 + const ( - A DNSRecordType = "a" - AAAA = "aaaa" - MX = "mx" - TXT = "txt" - CAA = "caa" - CNAME = "cname" + A DNSRecordType = "a" + AAAA = "aaaa" + MX = "mx" + TXT = "txt" + CAA = "caa" + CNAME = "cname" + IDOutput HigherType = 0 + RawValue = 1 + String = 2 ) type DNSRecord struct { CFRecord *cloudflare.Record Zone *Zone + Higher HigherType `default:"0""` Name string `default:"@" yaml:"name"` Kind DNSRecordType `yaml:"kind"` - Value string `yaml:"value,omitempty"` - Priority int `yaml:"priority,omitempty"` - Flags string `yaml:"flags,omitempty"` - Tag string `yaml:"tag,omitempty"` - Ttl int `default:"3600" yaml:"ttl,omitempty"` + RawValue pulumi.StringOutput + Value string `yaml:"value,omitempty"` + Priority int `yaml:"priority,omitempty"` + Flags string `yaml:"flags,omitempty"` + Tag string `yaml:"tag,omitempty"` + Ttl int `default:"3600" yaml:"ttl,omitempty"` } func (r *DNSRecord) UnmarshalYAML(unmarshal func(interface{}) error) (err error) { @@ -48,14 +55,21 @@ func (r *DNSRecord) UnmarshalYAML(unmarshal func(interface{}) error) (err error) return err } -func (r *DNSRecord) getZone() pulumi.StringOutput { - return r.Zone.CFZone.ID().ToStringOutput() +func (r *DNSRecord) getZone() pulumi.IDOutput { + return r.Zone.CFZone.ID() } func (r *DNSRecord) getName() string { - base := fmt.Sprintf("%s-%s-%s", r.Zone.Alias, r.Kind, r.Name) + var base string + var hash [16]byte + if r.Higher == 0 { + base = fmt.Sprintf("%s-%s-%s", r.Zone.Alias, r.Kind, r.Name) + hash = md5.Sum([]byte(r.Value)) + } else { + base = fmt.Sprintf("%s-%s", r.Kind, r.Name) + hash = md5.Sum([]byte(r.Name)) + } - hash := md5.Sum([]byte(r.Value)) hashString := hex.EncodeToString(hash[:])[:5] suffix := "" switch r.Kind { @@ -71,13 +85,83 @@ func (r *DNSRecord) getName() string { return built } -func (r *DNSRecord) handle(ctx *pulumi.Context, zone *Zone) (err error) { +func (r *DNSRecord) handleOutput(ctx *pulumi.Context, zone *Zone) (err error) { r.Zone = zone var recordArgs *cloudflare.RecordArgs switch r.Kind { case CAA: recordArgs = &cloudflare.RecordArgs{ - ZoneId: r.getZone(), + ZoneId: r.Zone.CFZone.ID(), + Name: pulumi.String(r.Name), + Type: pulumi.String(strings.ToUpper(string(r.Kind))), + Ttl: pulumi.Int(r.Ttl), + Data: &cloudflare.RecordDataArgs{ + Flags: pulumi.String(r.Flags), + Tag: pulumi.String(r.Tag), + Value: r.RawValue, + }, + } + default: + recordArgs = &cloudflare.RecordArgs{ + ZoneId: r.Zone.CFZone.ID(), + Name: pulumi.String(r.Name), + Type: pulumi.String(strings.ToUpper(string(r.Kind))), + Ttl: pulumi.Int(r.Ttl), + Priority: pulumi.Int(r.Priority), + Value: r.RawValue, + } + } + r.CFRecord, err = cloudflare.NewRecord(ctx, r.getName(), recordArgs, pulumi.DependsOn([]pulumi.Resource{r.Zone.CFZone})) + return err +} + +func (r *DNSRecord) handle(ctx *pulumi.Context, zone *Zone) (err error) { + r.Zone = zone + cfzone := zone.CFZone + return r.handleCF(ctx, cfzone) +} + +func (r *DNSRecord) handleCF(ctx *pulumi.Context, zone *cloudflare.Zone) (err error) { + zoneID := zone.ID() + depends := pulumi.DependsOn([]pulumi.Resource{zone}) + return r.handleID(ctx, zoneID, depends) +} + +func (r *DNSRecord) handleValue(ctx *pulumi.Context, zone *cloudflare.LookupZoneResult) (err error) { + var recordArgs *cloudflare.RecordArgs + switch r.Kind { + case CAA: + recordArgs = &cloudflare.RecordArgs{ + ZoneId: pulumi.String(zone.ZoneId), + Name: pulumi.String(r.Name), + Type: pulumi.String(strings.ToUpper(string(r.Kind))), + Ttl: pulumi.Int(r.Ttl), + Data: &cloudflare.RecordDataArgs{ + Flags: pulumi.String(r.Flags), + Tag: pulumi.String(r.Tag), + Value: r.RawValue, + }, + } + default: + recordArgs = &cloudflare.RecordArgs{ + ZoneId: pulumi.String(zone.ZoneId), + Name: pulumi.String(r.Name), + Type: pulumi.String(strings.ToUpper(string(r.Kind))), + Ttl: pulumi.Int(r.Ttl), + Priority: pulumi.Int(r.Priority), + Value: r.RawValue, + } + } + r.CFRecord, err = cloudflare.NewRecord(ctx, r.getName(), recordArgs) + return err +} + +func (r *DNSRecord) handleID(ctx *pulumi.Context, zoneID pulumi.IDOutput, depends pulumi.ResourceOption) (err error) { + var recordArgs *cloudflare.RecordArgs + switch r.Kind { + case CAA: + recordArgs = &cloudflare.RecordArgs{ + ZoneId: zoneID, Name: pulumi.String(r.Name), Type: pulumi.String(strings.ToUpper(string(r.Kind))), Ttl: pulumi.Int(r.Ttl), @@ -89,7 +173,7 @@ func (r *DNSRecord) handle(ctx *pulumi.Context, zone *Zone) (err error) { } default: recordArgs = &cloudflare.RecordArgs{ - ZoneId: r.getZone(), + ZoneId: zoneID, Name: pulumi.String(r.Name), Type: pulumi.String(strings.ToUpper(string(r.Kind))), Ttl: pulumi.Int(r.Ttl), @@ -97,6 +181,6 @@ func (r *DNSRecord) handle(ctx *pulumi.Context, zone *Zone) (err error) { Value: pulumi.String(r.Value), } } - r.CFRecord, err = cloudflare.NewRecord(ctx, r.getName(), recordArgs, pulumi.DependsOn([]pulumi.Resource{r.Zone.CFZone})) + r.CFRecord, err = cloudflare.NewRecord(ctx, r.getName(), recordArgs, depends) return err } diff --git a/iac/ssh.go b/iac/ssh.go deleted file mode 100644 index 5831d87a..00000000 --- a/iac/ssh.go +++ /dev/null @@ -1,91 +0,0 @@ -package iac - -import ( - "crypto/rand" - "crypto/rsa" - "fmt" - tls "github.com/pulumi/pulumi-tls/sdk/v4/go/tls" - "github.com/pulumi/pulumi/sdk/v3/go/pulumi" - "golang.org/x/crypto/ssh" - "time" -) - -// ca_key *tls.PrivateKey, -// ca_cert *tls.SelfSignedCert) (key *tls.PrivateKey, -// ca_key, ca_cert, err := iac.GenerateTLSCA(ctx) - -// parseprivatekey -// newsignerfromkey - -func MakeCertificate() ssh.Certificate { - var newCert ssh.Certificate - // The sign() method fills in Nonce for us - newCert.Nonce = make([]byte, 32) - return newCert -} - -func PrivateKeyOpenSSHToRSAPrivateKey(keyPEM string) (key *rsa.PrivateKey, err error) { - key_int, err := ssh.ParseRawPrivateKey([]byte(keyPEM)) - key_raw := key_int.(*rsa.PrivateKey) - if err != nil { - return nil, err - } - return key_raw, err -} - -func GenerateOpenSSHHost(caKey *tls.PrivateKey, userKey *tls.PrivateKey, keyID string, name string) (certificate pulumi.StringOutput, err error) { - return GenerateOpenSSH(caKey, userKey, keyID, ssh.HostCert, name) -} - -func GenerateOpenSSHUser(caKey *tls.PrivateKey, userKey *tls.PrivateKey, keyID string, name string) (certificate pulumi.StringOutput, err error) { - return GenerateOpenSSH(caKey, userKey, keyID, ssh.UserCert, name) -} - -func GenerateOpenSSH(caKey *tls.PrivateKey, userKey *tls.PrivateKey, keyID string, certType uint32, name string) (certificate pulumi.StringOutput, err error) { - var caKeyPem *rsa.PrivateKey - var signer ssh.Signer - - newCert := caKey.PrivateKeyOpenssh.ApplyT(func(capriv string) (cert pulumi.StringOutput) { - newCertS := userKey.PrivateKeyOpenssh.ApplyT(func(content string) (cert pulumi.String) { - caKeyPem, err = PrivateKeyOpenSSHToRSAPrivateKey(capriv) - if err != nil { - panic(err) - } - signer, err = ssh.NewSignerFromKey(caKeyPem) - if err != nil { - panic(err) - } - newCert := MakeCertificate() - newCert.CertType = certType - key, err := PrivateKeyOpenSSHToRSAPrivateKey(content) - if err != nil { - panic(err) - } - newCert.Key, err = ssh.NewPublicKey(key.Public()) - if err != nil { - panic(err) - } - newCert.Serial = 0 - newCert.KeyId = keyID - newCert.ValidPrincipals = []string{fmt.Sprintf("%s.inskip.me", name)} - newCert.ValidAfter = 60 - threemo, err := time.ParseDuration("730h") - if err != nil { - panic(err) - } - threemosecs := uint64(threemo.Seconds()) - newCert.ValidBefore = threemosecs - err = newCert.SignCert(rand.Reader, signer) - return pulumi.String(string(ssh.MarshalAuthorizedKey(&newCert))) - }).(pulumi.StringOutput) - if err != nil { - panic(err) - } - return newCertS - }).(pulumi.StringOutput) - - if err != nil { - return pulumi.StringOutput{}, err - } - return newCert, err -} diff --git a/iac/zone.go b/iac/zone.go index 4927a8a5..0b2a27e5 100644 --- a/iac/zone.go +++ b/iac/zone.go @@ -25,6 +25,9 @@ func (z *Zone) Handle(ctx *pulumi.Context) (err error) { Zone: pulumi.String(z.Zone), Plan: pulumi.String("free"), }) + if err != nil { + return err + } if z.Alias == "inskip-me" { z.CertAuth = CertificateAuthority{} err = z.CertAuth.handle(ctx) @@ -39,6 +42,7 @@ func (z *Zone) Handle(ctx *pulumi.Context) (err error) { for _, record := range z.ExtraRecords { err = record.handle(ctx, z) } + err = z.dnssec() return err } diff --git a/kat_pubkey_ssh.pub b/kat_pubkey_ssh.pub new file mode 100644 index 00000000..1023b953 --- /dev/null +++ b/kat_pubkey_ssh.pub @@ -0,0 +1,30 @@ +-----BEGIN CERTIFICATE----- +MIIFIDCCAwigAwIBAgIQG9WOE1qLWgtuL6Q2y3y2MDANBgkqhkiG9w0BAQsFADAp +MRMwEQYDVQQKEwpLYXQgSW5za2lwMRIwEAYDVQQDEwlpbnNraXAubWUwIBcNMjMw +MjAzMjI0NzIzWhgPMjMxNTA1MTYyMTQ3MjNaMCkxEzARBgNVBAoTCkthdCBJbnNr +aXAxEjAQBgNVBAMTCWluc2tpcC5tZTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCC +AgoCggIBAM7I9jWXlaK9li4mhDcQfuAk8R6mfJvFj5X/Lih+Icq/+9dHEsbTy06G +1KkksRRs2dYbp2/WKtaWJpeLlTgN1J3xkwtqMkXdiXsEEF6DXvowlnS5RLIh5+TW +WFjBqVJQ6F0CR0UtMGMRhS31s7LV95HHA2QetdL1BoMIxDNPh3idfiJfRItooRHG +xa+4z/WQv37xFolUQ3032pbrBWEbYBbZxc3Bd/nW0VKof0QVbf392h3HiGx0kegr +I3VfNW8OPy+FeYpqYpzjOQrBxC+viPm2To5BHqySzx/X7kp0auAFSnEQ0etruGeQ +aAr59HE/m0kdWr2MuQIRMj+E1ZkZT9oZ7w2pyO7KTmA3oNS3sFiw0v+zlB21zqqu +R8J3r9utxfSAlfRh8kx+X2qcOZKvpxsha3DYtaDUWGAftoB8rM3Mqnh+3Yx8hlW/ +omhgCbsiVD8QmX0ylz0d9a2KrpFTcCNtrjizUXM4YTZf7PlZNHiznhg9s1OsoyeL +JgoK1DWb8wNmSlQmM521Y8U/mOGRMCkkgzpkjSz1BVwLSSt5eWW8G0gYShWI/muV +IyUxynQ4hjQDdAkp8RXuPdngfURJv9mak2+A5twYkYYJsjs+ybGK+nW11oSQHRZZ +rgTtNuuAvsRNH4LMEckTnl4EXDdBW45qviSlRbS6uUYMXBhYULObAgMBAAGjQjBA +MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBStOuqq +aSal/ZDjfDd/5woNkfZbWDANBgkqhkiG9w0BAQsFAAOCAgEAXfjvG57cmZI9H9uS +CymF5uyoDM80D9fTf1jzNpCMf+K0YcS4VztKVn752CRCMAQzhzt/pl8zg1UC7fbN +VgXEe2V7bXAf/Jimy+39eBEZBBXXcUjZMWpYqHceHXkL+qpasOvYZUPTTzAXnEo+ +wafSUr07G7P68vO4xIM1JQ+GOvsn85/VvLU8FnKges5PaINOPEcSGfaf9r0fzHs+ +JXbXu+PgYBnJus85Q6yDpgJe63xkvUaDGmZDQ1OgEqH8a20xTj1JF6QnDo6h6ZI7 +7PZGta6WroxBzmaV5+WqBgQeU/X4CqmdaItYN8V9toTpn4P15ixZD7Wf9B+wwjkb +ISGWIALq0G/+UNO7tz1YYVV4vMc2ihwOly8PALIjtEkXcwKwDW4hcvEdUwoEpR2x +9+VQjtkLAFYc22UixurMRtTqqIEGbr3vDzK9g6T0ybqkihVY+2V46fV1hkOV7x4c +BKfjMQu0KOT+i3DGUzwGlGftTQZra7EXVeregwKCQ1+ir7oOjOj/3a5dyRvueEBV +OXBmCdbQqNxEb9AufzetdDEQ7P7jcxCD0hEk0IMZ+jG/I5etZAP67LeuGkSI6Mtd +M3zZ1XVewnSYMBojKdM8bAN/r8qs6vlk4s+/WhOhH8/BgP1GsxSml0vk466SqufA +14acmvYZwS3osOl7wz0Y6XANkD8= +-----END CERTIFICATE----- \ No newline at end of file diff --git a/main.go b/main.go index 52d45ac6..498e1f88 100644 --- a/main.go +++ b/main.go @@ -26,6 +26,12 @@ func main() { if err != nil { return err } + if err != nil { + return err + } + } + for name, machine := range store.Machines { + err = machine.Handle(ctx, name) } err = iac.InskipPage(ctx) diff --git a/modules/common/distributed.nix b/modules/common/distributed.nix index 1ed3cf02..87f45f32 100644 --- a/modules/common/distributed.nix +++ b/modules/common/distributed.nix @@ -13,7 +13,7 @@ maxJobs = 100; speedFactor = config.distributed.outputs.${name}; supportedFeatures = [ "nixos-test" "benchmark" "big-parallel" "kvm" ]; - } ) (filterAttrs (n: _: n != config.networking.hostName) (inputs.self.nixosConfigurations // inputs.self.darwinConfigurations)); + } ) (filterAttrs (n: _: n != config.networking.hostName && n == "koishi") (inputs.self.nixosConfigurations // inputs.self.darwinConfigurations)); daiyousei = { hostName = "daiyousei.inskip.me"; sshUser = "root"; diff --git a/nixos/common/access.nix b/nixos/common/access.nix index c49ffc5c..cd5296f7 100644 --- a/nixos/common/access.nix +++ b/nixos/common/access.nix @@ -23,10 +23,7 @@ in { } ]; }]; users.users = { - root = commonUser // { - hashedPassword = - "$6$i28yOXoo$/WokLdKds5ZHtJHcuyGrH2WaDQQk/2Pj0xRGLgS8UcmY2oMv3fw2j/85PRpsJJwCB2GBRYRK5LlvdTleHd3mB."; - }; + root = commonUser; deploy = commonUser // { isNormalUser = true; }; diff --git a/nixos/common/autoupgrade.nix b/nixos/common/autoupgrade.nix new file mode 100644 index 00000000..0e39b3bb --- /dev/null +++ b/nixos/common/autoupgrade.nix @@ -0,0 +1,6 @@ +{ config, ... }: { + system.autoUpgrade = { + enable = true; + flake = "github:kittywitch/kittywitch#${config.networking.hostName}"; + }; +} \ No newline at end of file diff --git a/nixos/common/secrets.nix b/nixos/common/secrets.nix new file mode 100644 index 00000000..7479e87f --- /dev/null +++ b/nixos/common/secrets.nix @@ -0,0 +1,6 @@ +_: { + users.groups.secrets = {}; + systemd.tmpfiles.rules = [ + "v /var/lib/secrets 700 deploy secrets" + ]; +} \ No newline at end of file diff --git a/nixos/common/ssh.nix b/nixos/common/ssh.nix index a6059e4f..f4403fd4 100644 --- a/nixos/common/ssh.nix +++ b/nixos/common/ssh.nix @@ -9,6 +9,10 @@ in { services.openssh = { enable = true; + knownHosts.katca = { + certAuthority = true; + publicKey = builtins.readFile ../../kat_pubkey_ssh.pub; + }; kexAlgorithms = [ "curve25519-sha256@libssh.org" ]; settings = { PasswordAuthentication = false; diff --git a/systems/koishi.nix b/systems/koishi.nix index af11f7d1..bcde4b31 100644 --- a/systems/koishi.nix +++ b/systems/koishi.nix @@ -1,5 +1,5 @@ _: let - hostConfig = {tree, pkgs, ...}: { + hostConfig = {config, tree, pkgs, ...}: { imports = with tree; [ nixos.gui nixos.bootable @@ -17,6 +17,24 @@ _: let }; }; + services.openssh = { + hostKeys = [ + { + bits = 4096; + path = "/var/lib/secrets/${config.networking.hostName}-osh-pk"; + type = "rsa"; + } + { + path = "/var/lib/secrets/${config.networking.hostName}-ed25519-osh-pk"; + type = "ed25519"; + } + ]; + extraConfig = '' + HostCertificate /var/lib/secrets/${config.networking.hostName}-osh-cert + HostCertificate /var/lib/secrets/${config.networking.hostName}-ed25519-osh-cert + ''; + }; + swapDevices = [ {device = "/dev/disk/by-uuid/0d846453-95b4-46e1-8eaf-b910b4321ef0";} ]; diff --git a/systems/sumireko.nix b/systems/sumireko.nix index 77cc4b1f..cf1decf6 100644 --- a/systems/sumireko.nix +++ b/systems/sumireko.nix @@ -30,6 +30,7 @@ _: let casks = [ "utm" "discord" + "barrier" "mullvadvpn" "bitwarden" "deluge" @@ -44,7 +45,7 @@ _: let "cyberduck" "docker" "pycharm-ce" - "vscode" + "vscodium" "slack" "boop" "obsidian"