From a21f868ef0041ddecb8e15a56e66046b808953fa Mon Sep 17 00:00:00 2001
From: Tony Garnock-Jones <tonyg@leastfixedpoint.com>
Date: Sun, 14 Nov 2021 13:40:10 +0100
Subject: [PATCH] synit-config packaging

---
 packaging/Makefile.internal                   |  1 +
 packaging/packages/synit-config/APKBUILD      | 68 +++++++++++++++++++
 packaging/packages/synit-config/configdirs.pr |  2 +
 packaging/packages/synit-config/docker.pr     |  7 ++
 packaging/packages/synit-config/eudev.pr      |  9 +++
 packaging/packages/synit-config/hostname.pr   |  3 +
 packaging/packages/synit-config/network.pr    | 28 ++++++++
 packaging/packages/synit-config/sshd.pr       | 10 +++
 .../synit-config/synit-config.post-deinstall  |  2 +
 packaging/packages/synit-config/synit-init.sh | 22 ++++++
 packaging/packages/synit-pid1/APKBUILD        | 11 ++-
 packaging/push-to.sh                          |  2 +-
 12 files changed, 157 insertions(+), 8 deletions(-)
 create mode 100644 packaging/packages/synit-config/APKBUILD
 create mode 100644 packaging/packages/synit-config/configdirs.pr
 create mode 100644 packaging/packages/synit-config/docker.pr
 create mode 100644 packaging/packages/synit-config/eudev.pr
 create mode 100644 packaging/packages/synit-config/hostname.pr
 create mode 100644 packaging/packages/synit-config/network.pr
 create mode 100644 packaging/packages/synit-config/sshd.pr
 create mode 100755 packaging/packages/synit-config/synit-config.post-deinstall
 create mode 100755 packaging/packages/synit-config/synit-init.sh

diff --git a/packaging/Makefile.internal b/packaging/Makefile.internal
index 5fe9059..58aabfa 100644
--- a/packaging/Makefile.internal
+++ b/packaging/Makefile.internal
@@ -11,6 +11,7 @@ PACKAGES = \
 	squeak-vm.apk \
 	syndicate-server.apk \
 	synit-pid1.apk \
+	synit-config.apk \
 
 build: $(PACKAGES) sign
 
diff --git a/packaging/packages/synit-config/APKBUILD b/packaging/packages/synit-config/APKBUILD
new file mode 100644
index 0000000..041f750
--- /dev/null
+++ b/packaging/packages/synit-config/APKBUILD
@@ -0,0 +1,68 @@
+# Contributor: Tony Garnock-Jones <tonyg@leastfixedpoint.com>
+# Maintainer: Tony Garnock-Jones <tonyg@leastfixedpoint.com>
+pkgname=synit-config
+pkgver=0.0.1
+pkgrel=0
+pkgdesc="synit system layer configuration"
+url="https://synit.org/"
+arch="noarch"
+license="GPLv3"
+depends="
+        synit-pid1
+        syndicate-server
+
+        eudev
+        nftables
+        openssh
+        rsync
+        wpa_supplicant
+"
+subpackages="
+        $pkgname-docker:docker
+"
+makedepends=""
+source="
+        $(ls *.pr)
+        synit-init.sh
+"
+builddir="$srcdir/"
+options="!check"
+install="$pkgname.post-deinstall"
+
+# This allows us to stomple on /sbin/init, which is owned by the busybox package
+replaces="busybox"
+
+build() {
+    :
+}
+
+package() {
+    mkdir -p "$pkgdir/sbin"
+    cp -p synit-init.sh "$pkgdir/sbin/."
+    ln -sf /sbin/synit-init.sh "$pkgdir/sbin/init"
+
+    mkdir -p "$pkgdir/etc/syndicate"
+    cp *.pr "$pkgdir/etc/syndicate/."
+
+    mkdir -p "$pkgdir/run/etc/syndicate"
+
+    mkdir -p "$pkgdir/var/lock/synit"
+}
+
+docker() {
+    depends="$pkgname"
+    description="Synit startup for Docker"
+    install_if="$pkgname docker"
+
+    amove etc/syndicate/docker.pr
+}
+
+sha512sums="
+eabf4830fbb28980f2b3fe15f423e45f5b2f05f8ce65be7afe87b976edc433e94a7506366dfce6d5c207b4086e8dc4ce4bde6a4b248873692bcc8c904e073f67  configdirs.pr
+e78bac08ec856aa695928e3121198fe1eaeb055a06f8b744cdcc7fec45af79142db83ed05a4d01e424bd3a4f1d493257231df98236d8a3dbf93a29b9fc951002  docker.pr
+acdaa844079c5b32943503797ba5c7dda555a844533fe37a20f1ac3524e76a4126a587557f81adca69085c80af673392f458e7e66d6bc315bbd44ff0c1f7060f  eudev.pr
+a1224e97cfecf98566b215724b0a4e5da7141900cbed62b066528f2b99b5cd9715bdb33f67aa77f0f4d97ef21fb6ac2eacdfbf90accdf0ebeec8d0bc30455de3  hostname.pr
+eb59d70953e9be0d77747ae29685596a89a744125b0e20935f3771e02d24c53f58aafc14168deadf8430be7a566c30b394bab5b8bfc76a2b944f56d3b77e8d69  network.pr
+de12efb8ac776ee02cd75bd8da69b537ca8b9ab66016fa7c311a0714697c0b5df78f3b641c5b8b85cf69d00c348571ab971c41906aa5aa0ded01bdcf854b16a4  sshd.pr
+9d49a437e6c5bc1931209f4f2008c227bca2a91f061da561371e6f180976052af9d409b56e0950ec6df14db57b5a6d4c7d776d2299af547c7ac3fa08af65ffa1  synit-init.sh
+"
diff --git a/packaging/packages/synit-config/configdirs.pr b/packaging/packages/synit-config/configdirs.pr
new file mode 100644
index 0000000..6a385fa
--- /dev/null
+++ b/packaging/packages/synit-config/configdirs.pr
@@ -0,0 +1,2 @@
+<require-service <config-watcher "/run/etc/syndicate" $.>>
+<require-service <config-watcher "/usr/local/etc/syndicate" $.>>
diff --git a/packaging/packages/synit-config/docker.pr b/packaging/packages/synit-config/docker.pr
new file mode 100644
index 0000000..10e38a4
--- /dev/null
+++ b/packaging/packages/synit-config/docker.pr
@@ -0,0 +1,7 @@
+<require-service <daemon docker>>
+<depends-on <daemon docker> <service-state <milestone network> ready>>
+
+<daemon docker {
+  argv: "/usr/bin/dockerd --experimental"
+  restart: always
+}>
diff --git a/packaging/packages/synit-config/eudev.pr b/packaging/packages/synit-config/eudev.pr
new file mode 100644
index 0000000..c1123d1
--- /dev/null
+++ b/packaging/packages/synit-config/eudev.pr
@@ -0,0 +1,9 @@
+<depends-on <milestone core> <service-state <daemon eudev> ready>>
+<depends-on <milestone core> <service-state <daemon eudev-initial-scan> complete>>
+
+<core-service <daemon eudev>>
+<daemon eudev ["/sbin/udevd", "--children-max=5"]>
+
+<core-service <daemon eudev-initial-scan>>
+<depends-on <daemon eudev-initial-scan> <service-state <daemon eudev> ready>>
+<daemon eudev-initial-scan "echo '' > /proc/sys/kernel/hotplug && udevadm trigger --type=subsystems --action=add && udevadm trigger --type=devices --action=add && udevadm settle --timeout=30">
diff --git a/packaging/packages/synit-config/hostname.pr b/packaging/packages/synit-config/hostname.pr
new file mode 100644
index 0000000..5ca5a54
--- /dev/null
+++ b/packaging/packages/synit-config/hostname.pr
@@ -0,0 +1,3 @@
+<depends-on <milestone core> <service-state <daemon hostname> complete>>
+<core-service <daemon hostname>>
+<daemon hostname "hostname $(cat /etc/hostname)">
diff --git a/packaging/packages/synit-config/network.pr b/packaging/packages/synit-config/network.pr
new file mode 100644
index 0000000..2faebdc
--- /dev/null
+++ b/packaging/packages/synit-config/network.pr
@@ -0,0 +1,28 @@
+<require-service <milestone network>>
+
+<network-interface "lo" <static "127.0.0.1">>
+<network-interface "eth0" <dhcp>>
+
+<depends-on <milestone network> <service-state <daemon interfaces> complete>>
+
+? <network-interface ?ifname <static ?ipaddr>> [
+  <daemon interfaces {
+    argv: ["ifconfig" $ifname $ipaddr "up"]
+    restart: on-error
+  }>
+]
+
+? <network-interface ?ifname <dhcp>> [
+  <daemon interfaces {
+    argv: ["ifconfig" $ifname "up"]
+    restart: on-error
+  }>
+  <require-service <daemon <udhcpc $ifname>>>
+]
+
+? <run-service <daemon <udhcpc ?ifname>>> [
+  <daemon <udhcpc $ifname> {
+    argv: ["udhcpc" "-i" $ifname "-fR"],
+    restart: always
+  }>
+]
diff --git a/packaging/packages/synit-config/sshd.pr b/packaging/packages/synit-config/sshd.pr
new file mode 100644
index 0000000..0505a68
--- /dev/null
+++ b/packaging/packages/synit-config/sshd.pr
@@ -0,0 +1,10 @@
+<require-service <daemon sshd>>
+<depends-on <daemon sshd> <service-state <milestone network> ready>>
+<depends-on <daemon sshd> <service-state <daemon ssh-host-keys> complete>>
+
+<daemon sshd {
+  argv: "/usr/sbin/sshd -D"
+  restart: always
+}>
+
+<daemon ssh-host-keys "ssh-keygen -A">
diff --git a/packaging/packages/synit-config/synit-config.post-deinstall b/packaging/packages/synit-config/synit-config.post-deinstall
new file mode 100755
index 0000000..c59247a
--- /dev/null
+++ b/packaging/packages/synit-config/synit-config.post-deinstall
@@ -0,0 +1,2 @@
+#!/bin/sh
+busybox --install -s
diff --git a/packaging/packages/synit-config/synit-init.sh b/packaging/packages/synit-config/synit-init.sh
new file mode 100755
index 0000000..9bdd73d
--- /dev/null
+++ b/packaging/packages/synit-config/synit-init.sh
@@ -0,0 +1,22 @@
+#!/bin/sh
+
+mount -t devtmpfs none /dev
+
+mkdir /dev/pts
+mount -t devpts none /dev/pts
+
+mkdir /dev/shm
+mount -t tmpfs -o nodev,nosuid,noexec none /dev/shm
+
+mount -t proc none /proc
+
+mount -t sysfs none /sys
+
+mount -t tmpfs none /run
+
+# Docker wants this
+mount -t cgroup2 none /sys/fs/cgroup
+
+mount -o rw,remount /
+
+exec /sbin/synit-pid1
diff --git a/packaging/packages/synit-pid1/APKBUILD b/packaging/packages/synit-pid1/APKBUILD
index 6642922..56c1bed 100644
--- a/packaging/packages/synit-pid1/APKBUILD
+++ b/packaging/packages/synit-pid1/APKBUILD
@@ -17,20 +17,17 @@ synit-pid1.x86_64
 builddir="$srcdir/"
 options="!check"
 
-# This allows us to stomple on /sbin/init, which is owned by the busybox package
-replaces="busybox"
-
 build() {
     :
 }
 
 package() {
     mkdir -p "$pkgdir/sbin"
-    cp -p synit-pid1.${CARCH} "$pkgdir/sbin/init"
+    cp -p synit-pid1.${CARCH} "$pkgdir/sbin/synit-pid1"
 }
 
 sha512sums="
-d2c1632f8d25d3250a039ceb0516677f3c314b6f0e8557df8858f4a7a372b0db58d897d393f1466003ab4fb067e37a7aba6a32e2f6c0e97abfb9a4cba29e657c  synit-pid1.aarch64
-30fb6de065a8db25e228decba469652be59ed3271603e17b53282b9e3836ad9f7dbbe6542d736c1f8cfb40ce0594d3d56e66a47f9d827ce38d49abed35f67380  synit-pid1.armv7
-b532836e29ee601dc6f675bbcceaf83bbe37051bc690cf05989dc234eca4ef098d8a3714befd9d735dbef9ff496f06c54325bdb05c50d65fe1e1b31d9e5f5a19  synit-pid1.x86_64
+91921f440b16f4c5e703543f23ba41fdaad5b7e7dfc2a6958f80a4321a91c219a4919c327c06805cf54c644410fdb81e21d3b6b7041de12afbd093605f2f01a2  synit-pid1.aarch64
+8eb1c40b60170065818be51fb33c772d8803cf7123bf60060c0312a6c448dfdfbec08fd23be36977aa234e20cdb4e6d7cf0c0413f1a9a1eb3c43f0322471d433  synit-pid1.armv7
+0750b4c69c0a05afca8f6def4e2ee6734cc4a407b96691e3264e8922ee83a74fd6a7aceea2ddd7c678985d9a68eff9c3efeaa3a258a7314d886248e77279a779  synit-pid1.x86_64
 "
diff --git a/packaging/push-to.sh b/packaging/push-to.sh
index be49296..c4bc050 100755
--- a/packaging/push-to.sh
+++ b/packaging/push-to.sh
@@ -4,4 +4,4 @@ then
     echo 'Usage: push-to.sh <HOSTNAME>' >&2
     exit 1
 fi
-exec rsync -av target/packages $1:.
+exec rsync -av --delete target/packages $1:.