host templates in localconfig

bootstrapconfig/config.go

@@ -0,0 +1,78 @@
+package bootstrapconfig
+
+type Config struct {
+	AntiPhishingCode string `yaml:"anti_phishing_code"`
+
+	Keymap  string
+	Modules string
+
+	Auths []Auth
+
+	Networks []struct {
+		Name       string
+		Interfaces []struct {
+			Var     string
+			N       int
+			Regexps []string
+		}
+		Script string
+	}
+
+	SSH struct {
+		Listen string
+		Keys   struct {
+			DSA     string
+			RSA     string
+			ECDSA   string
+			ED25519 string
+		}
+	}
+
+	PreLVMCrypt []CryptDev `yaml:"pre_lvm_crypt"`
+	LVM         []LvmVG
+	Crypt       []CryptDev
+	Bootstrap   Bootstrap
+}
+
+type Auth struct {
+	Name     string
+	SSHKey   string `yaml:"sshKey"`
+	Password string `yaml:"password"`
+}
+
+type LvmVG struct {
+	VG  string
+	PVs struct {
+		N       int
+		Regexps []string
+	}
+
+	Defaults struct {
+		FS   string
+		Raid *RaidConfig
+	}
+
+	LVs []struct {
+		Name    string
+		FS      string
+		Raid    *RaidConfig
+		Size    string
+		Extents string
+	}
+}
+
+type CryptDev struct {
+	Dev    string
+	Prefix string
+	Name   string
+}
+
+type RaidConfig struct {
+	Mirrors int
+	Stripes int
+}
+
+type Bootstrap struct {
+	Dev  string
+	Seed string
+}

bootstrapconfig/password.go

@@ -0,0 +1,46 @@
+package bootstrapconfig
+
+import (
+	"crypto/rand"
+	"crypto/sha512"
+	"encoding/base64"
+	"strings"
+
+	"golang.org/x/crypto/pbkdf2"
+)
+
+var (
+	encoding = base64.RawStdEncoding
+)
+
+func PasswordHashFromSeed(seed, pass []byte) string {
+	h := pbkdf2.Key(pass, seed, 2048, 32, sha512.New)
+	return encoding.EncodeToString(h)
+}
+
+func PasswordHash(pass []byte) (hashedPassWithSeed string) {
+	seed := make([]byte, 10) // 8 bytes min by the RFC recommendation
+	_, err := rand.Read(seed)
+	if err != nil {
+		panic(err) // we do not expect this to fail...
+	}
+	return JoinSeedAndHash(seed, PasswordHashFromSeed(seed, pass))
+}
+
+func JoinSeedAndHash(seed []byte, hash string) string {
+	return encoding.EncodeToString(seed) + ":" + hash
+}
+
+func CheckPassword(hashedPassWithSeed string, pass []byte) (ok bool) {
+	parts := strings.SplitN(hashedPassWithSeed, ":", 2)
+
+	encodedSeed := parts[0]
+	encodedHash := parts[1]
+
+	seed, err := encoding.DecodeString(encodedSeed)
+	if err != nil {
+		return false
+	}
+
+	return encodedHash == PasswordHashFromSeed(seed, pass)
+}

bootstrapconfig/password_test.go

@@ -0,0 +1,12 @@
+package bootstrapconfig
+
+import "fmt"
+
+func ExamplePasswordHash() {
+	seed := []byte("myseed")
+	hash := PasswordHashFromSeed(seed, []byte("mypass"))
+	fmt.Println(JoinSeedAndHash(seed, hash))
+
+	// Output:
+	// bXlzZWVk:HMSxrg1cYphaPuUYUbtbl/htep/tVYYIQAuvkNMVpw0
+}

config/apply/files.go

@@ -0,0 +1,96 @@
+package apply
+
+import (
+	"fmt"
+	"os"
+	"path/filepath"
+
+	"github.com/rs/zerolog"
+	"github.com/rs/zerolog/log"
+
+	"novit.tech/direktil/pkg/config"
+)
+
+// Files writes the files from the given config
+func Files(cfgFiles []config.FileDef, prefix string, filters ...string) error {
+	accept := func(n string) bool { return true }
+
+	if len(filters) > 0 {
+		accept = func(n string) bool {
+			for _, filter := range filters {
+				if matched, err := filepath.Match(filter, n); err != nil {
+					log.Error().Err(err).Str("filter", filter).Msg("bad filter, ignored")
+				} else if matched {
+					return true
+				}
+			}
+			return false
+		}
+	}
+
+	failed := 0
+
+	for _, file := range cfgFiles {
+		if !accept(file.Path) {
+			continue
+		}
+
+		filePath := filepath.Join(prefix, file.Path)
+
+		mode := file.Mode
+		if mode == 0 {
+			mode = 0644
+		}
+
+		log := log.With().Str("file", filePath).Str("mode", fmt.Sprintf("%04o", mode)).Logger()
+
+		if err := os.MkdirAll(filepath.Dir(filePath), 0755); err != nil {
+			log.Error().Err(err).Msg("failed to create parent dir")
+			failed++
+			continue
+		}
+
+		switch {
+		case file.Symlink != "":
+			log := log.With().Str("target", file.Symlink).Logger()
+			if err := os.Symlink(file.Symlink, filePath); err == nil {
+				log.Info().Msg("created symlink")
+			} else {
+				log.Error().Err(err).Msg("failed to create symlink")
+				failed++
+			}
+
+		case file.Dir:
+			if err := os.Mkdir(filePath, mode); err == nil {
+				log.Info().Msg("created dir")
+			} else if os.IsExist(err) {
+				log.Warn().Msg("dir exist, ignoring error")
+			} else {
+				log.Error().Err(err).Msg("failed to create dir")
+				failed++
+			}
+
+		default:
+			content := []byte(file.Content)
+
+			if err := os.WriteFile(filePath, content, mode); err == nil {
+				log.Info().Msgf("wrote %d bytes", len(content))
+			} else {
+				log.Error().Err(err).Msg("write failed")
+				failed++
+			}
+		}
+	}
+
+	if failed != 0 {
+		err := fmt.Errorf("%d writes failed", failed)
+		log.Error().Err(err).Send()
+		return err
+	}
+	return nil
+}
+
+func writeFile(log zerolog.Logger, path string, content []byte, fileMode, dirMode os.FileMode) (err error) {
+
+	return
+}

config/config.go

@@ -3,7 +3,9 @@ package config
 import (
 	"fmt"
 	"io"
+	"net"
 	"os"
+	"time"
 
 	yaml "gopkg.in/yaml.v2"
 )
@@ -65,6 +67,7 @@ type Config struct {
 	Storage StorageConfig
 
 	Mounts []MountDef
+	VPNs   []VPNDef
 
 	Groups []GroupDef
 	Users  []UserDef
@@ -97,11 +100,27 @@ type VolumeDef struct {
 }
 
 type MountDef struct {
+	Type    string
 	Dev     string
 	Path    string
 	Options string
 }
 
+type VPNDef struct {
+	Name       string `yaml:"name"`
+	ListenPort *int   `yaml:"port"`
+	IPs        []string
+	Peers      []VPNPeer
+}
+
+type VPNPeer struct {
+	PublicKey        string `yaml:"public_key"`
+	WithPreSharedKey bool   `yaml:"with_preshared_key"`
+	Endpoint         *net.UDPAddr
+	KeepAlive        time.Duration `yaml:"keepalive"`
+	AllowedIPs       []string      `yaml:"allowed_ips"`
+}
+
 type GroupDef struct {
 	Name string
 	Gid  int
@@ -117,6 +136,8 @@ type FileDef struct {
 	Path    string
 	Mode    os.FileMode
 	Content string
+	Symlink string
+	Dir     bool
 }
 
 type NetworkDef struct {
@@ -133,3 +154,12 @@ type NetworkDef struct {
 	Optional bool
 	Script   string
 }
+
+func (c *Config) FileContent(filePath string) []byte {
+	for _, f := range c.Files {
+		if f.Path == filePath {
+			return []byte(f.Content)
+		}
+	}
+	return nil
+}

cpiocat/cpiocat.go

@@ -0,0 +1,181 @@
+package cpiocat
+
+import (
+	"io"
+	"os"
+
+	"github.com/cavaliergopher/cpio"
+)
+
+// Append: legacy append call.
+func Append(out io.Writer, in io.Reader, filesToAppend []string) (err error) {
+	cat := New(out)
+
+	cat.AppendArch(in)
+
+	for _, file := range filesToAppend {
+		cat.AppendFile(file, file)
+	}
+
+	return cat.Close()
+}
+
+type Cat struct {
+	out  io.Writer
+	cout *cpio.Writer
+	err  error
+}
+
+func New(out io.Writer) *Cat {
+	cout := cpio.NewWriter(out)
+	return &Cat{out: out, cout: cout}
+}
+
+func (c *Cat) Err() error {
+	return c.err
+}
+
+func (c *Cat) Close() error {
+	err := c.cout.Close()
+
+	if c.err != nil {
+		return c.err
+	}
+
+	return err
+}
+
+func (c *Cat) AppendArchFile(srcPath string) (r *Cat) {
+	r = c
+	if c.err != nil {
+		return
+	}
+
+	f, err := os.Open(srcPath)
+	if err != nil {
+		c.err = err
+		return
+	}
+
+	defer f.Close()
+
+	return c.AppendArch(f)
+}
+
+func (c *Cat) AppendArch(in io.Reader) (r *Cat) {
+	r = c
+	if c.err != nil {
+		return
+	}
+
+	cin := cpio.NewReader(in)
+
+	for {
+		hdr, err := cin.Next()
+		if err != nil {
+			if err == io.EOF {
+				break
+			}
+			c.err = err
+			return
+		}
+
+		mode := hdr.FileInfo().Mode()
+
+		if mode&os.ModeSymlink != 0 {
+			// symlink target must be written after
+			hdr.Size = int64(len(hdr.Linkname))
+		}
+
+		err = c.cout.WriteHeader(hdr)
+		if err != nil {
+			c.err = err
+			return
+		}
+
+		if mode.IsRegular() {
+			_, err = io.Copy(c.cout, cin)
+
+		} else if mode&os.ModeSymlink != 0 {
+			_, err = c.cout.Write([]byte(hdr.Linkname))
+		}
+
+		if err != nil {
+			c.err = err
+			return
+		}
+	}
+
+	return
+}
+
+func (c *Cat) AppendFile(srcPath, archPath string) (r *Cat) {
+	r = c
+	if c.err != nil {
+		return
+	}
+
+	var err error
+	defer func() { c.err = err }()
+
+	stat, err := os.Lstat(srcPath)
+	if err != nil {
+		return
+	}
+
+	link := ""
+	if stat.Mode()&os.ModeSymlink != 0 {
+		link, err = os.Readlink(srcPath)
+		if err != nil {
+			return
+		}
+	}
+
+	hdr, err := cpio.FileInfoHeader(stat, link)
+	if err != nil {
+		return
+	}
+
+	hdr.Name = archPath
+
+	c.cout.WriteHeader(hdr)
+
+	if stat.Mode().IsRegular() {
+		var f *os.File
+		f, err = os.Open(srcPath)
+		if err != nil {
+			return
+		}
+		defer f.Close()
+
+		_, err = io.Copy(c.cout, f)
+
+	} else if stat.Mode()&os.ModeSymlink != 0 {
+		_, err = c.cout.Write([]byte(link))
+	}
+
+	return
+}
+
+func (c *Cat) AppendBytes(content []byte, archPath string, mode cpio.FileMode) (r *Cat) {
+	r = c
+	if c.err != nil {
+		return
+	}
+
+	var err error
+	defer func() { c.err = err }()
+
+	err = c.cout.WriteHeader(&cpio.Header{
+		Name: archPath,
+		Mode: mode,
+		Size: int64(len(content)),
+	})
+	if err != nil {
+		return
+	}
+
+	_, err = c.cout.Write(content)
+
+	return
+}

go.mod

@@ -1,10 +1,12 @@
-module novit.nc/direktil/pkg
+module novit.tech/direktil/pkg
 
 require (
-	github.com/kr/pretty v0.1.0 // indirect
-	github.com/ulikunitz/xz v0.5.6
-	gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127 // indirect
-	gopkg.in/yaml.v2 v2.2.4
+	github.com/cavaliergopher/cpio v1.0.1
+	github.com/mattn/go-isatty v0.0.20 // indirect
+	github.com/rs/zerolog v1.31.0
+	github.com/ulikunitz/xz v0.5.11
+	golang.org/x/crypto v0.18.0
+	gopkg.in/yaml.v2 v2.4.0
 )
 
 go 1.13

go.sum

@@ -1,12 +1,63 @@
-github.com/kr/pretty v0.1.0 h1:L/CwN0zerZDmRFUapSPitk6f+Q3+0za1rQkzVuMiMFI=
-github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo=
-github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
-github.com/kr/text v0.1.0 h1:45sCR5RtlFHMR4UwH9sdQ5TC8v0qDQCHnXt+kaKSTVE=
-github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=
-github.com/ulikunitz/xz v0.5.6 h1:jGHAfXawEGZQ3blwU5wnWKQJvAraT7Ftq9EXjnXYgt8=
-github.com/ulikunitz/xz v0.5.6/go.mod h1:2bypXElzHzzJZwzH67Y6wb67pO62Rzfn7BSiF4ABRW8=
+github.com/cavaliergopher/cpio v1.0.1 h1:KQFSeKmZhv0cr+kawA3a0xTQCU4QxXF1vhU7P7av2KM=
+github.com/cavaliergopher/cpio v1.0.1/go.mod h1:pBdaqQjnvXxdS/6CvNDwIANIFSP0xRKI16PX4xejRQc=
+github.com/coreos/go-systemd/v22 v22.5.0/go.mod h1:Y58oyj3AT4RCenI/lSvhwexgC+NSVTIJ3seZv2GcEnc=
+github.com/godbus/dbus/v5 v5.0.4/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA=
+github.com/mattn/go-colorable v0.1.13 h1:fFA4WZxdEF4tXPZVKMLwD8oUnCTTo08duU7wxecdEvA=
+github.com/mattn/go-colorable v0.1.13/go.mod h1:7S9/ev0klgBDR4GtXTXX8a3vIGJpMovkB8vQcUbaXHg=
+github.com/mattn/go-isatty v0.0.16/go.mod h1:kYGgaQfpe5nmfYZH+SKPsOc2e4SrIfOl2e/yFXSvRLM=
+github.com/mattn/go-isatty v0.0.19/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y=
+github.com/mattn/go-isatty v0.0.20 h1:xfD0iDuEKnDkl03q4limB+vH+GxLEtL/jb4xVJSWWEY=
+github.com/mattn/go-isatty v0.0.20/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y=
+github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
+github.com/rs/xid v1.5.0/go.mod h1:trrq9SKmegXys3aeAKXMUTdJsYXVwGY3RLcfgqegfbg=
+github.com/rs/zerolog v1.31.0 h1:FcTR3NnLWW+NnTwwhFWiJSZr4ECLpqCm6QsEnyvbV4A=
+github.com/rs/zerolog v1.31.0/go.mod h1:/7mN4D5sKwJLZQ2b/znpjC3/GQWY/xaDXUM0kKWRHss=
+github.com/ulikunitz/xz v0.5.11 h1:kpFauv27b6ynzBNT/Xy+1k+fK4WswhN/6PN5WhFAGw8=
+github.com/ulikunitz/xz v0.5.11/go.mod h1:nbz6k7qbPmH4IRqmfOplQw/tblSgqTqBwxkY0oWt/14=
+github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY=
+golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
+golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
+golang.org/x/crypto v0.18.0 h1:PGVlW0xEltQnzFZ55hkuX5+KLyrMYhHld1YHO4AKcdc=
+golang.org/x/crypto v0.18.0/go.mod h1:R0j02AL6hcrfOiy9T4ZYp/rcWeMxM3L6QYxlOuEG1mg=
+golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4=
+golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
+golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
+golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
+golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c=
+golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs=
+golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg=
+golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
+golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.12.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.16.0 h1:xWw16ngr6ZMtmxDyKyIgsE93KNKz5HKmMa3b8ALHidU=
+golang.org/x/sys v0.16.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
+golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
+golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
+golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k=
+golang.org/x/term v0.8.0/go.mod h1:xPskH00ivmX89bAKVGSKKtLOWNx2+17Eiy94tnKShWo=
+golang.org/x/term v0.16.0/go.mod h1:yn7UURbUtPyrVJPGPq404EukNFxcm/foM+bV/bfcDsY=
+golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
+golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
+golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=
+golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
+golang.org/x/text v0.9.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8=
+golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU=
+golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
+golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
+golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc=
+golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU=
+golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
+gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405 h1:yhCVgyC4o1eVCa2tZl7eS0r+SDo693bJlVdllGtEeKM=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
-gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127 h1:qIbj1fsPNlZgppZ+VLlY7N33q108Sa+fhmuc+sWQYwY=
-gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
-gopkg.in/yaml.v2 v2.2.4 h1:/eiJrUcujPVeJ3xlSWaiNi3uSVmDGBK1pDHUHAnao1I=
-gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
+gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY=
+gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ=

localconfig/localconfig.go

@@ -2,7 +2,7 @@ package localconfig
 
 import (
 	"io"
-	"io/ioutil"
+	"os"
 	"strings"
 
 	yaml "gopkg.in/yaml.v2"
@@ -11,6 +11,7 @@ import (
 type Config struct {
 	Clusters      []*Cluster
 	Hosts         []*Host
+	HostTemplates []*Host
 	SSLConfig     string
 }
 
@@ -29,7 +30,7 @@ func FromBytes(data []byte) (*Config, error) {
 }
 
 func FromFile(path string) (*Config, error) {
-	ba, err := ioutil.ReadFile(path)
+	ba, err := os.ReadFile(path)
 	if err != nil {
 		return nil, err
 	}
@@ -68,6 +69,15 @@ func (c *Config) Host(name string) *Host {
 	return nil
 }
 
+func (c *Config) HostTemplate(name string) *Host {
+	for _, host := range c.HostTemplates {
+		if host.Name == name {
+			return host
+		}
+	}
+	return nil
+}
+
 func (c *Config) HostByIP(ip string) *Host {
 	for _, host := range c.Hosts {
 		for _, hostIP := range host.IPs {

log/log.go

@@ -10,7 +10,7 @@ import (
 	"sync"
 	"time"
 
-	"novit.nc/direktil/pkg/color"
+	"novit.tech/direktil/pkg/color"
 )
 
 const (

log/taint.go

@@ -1,7 +1,7 @@
 package log
 
 import (
-	"novit.nc/direktil/pkg/color"
+	"novit.tech/direktil/pkg/color"
 )
 
 const (

tools/passwd.go

@@ -0,0 +1,30 @@
+package main
+
+import (
+	"bufio"
+	"fmt"
+	"log"
+	"os"
+	"strings"
+
+	"novit.tech/direktil/pkg/bootstrapconfig"
+)
+
+func main() {
+	in := bufio.NewReader(os.Stdin)
+
+	read := func() string {
+		s, err := in.ReadString('\n')
+		if err != nil {
+			log.Fatal(err)
+		}
+		return strings.TrimSpace(s)
+	}
+
+	seed := read()
+	pass := read()
+
+	hash := bootstrapconfig.PasswordHashFromSeed([]byte(seed), []byte(pass))
+
+	fmt.Println(bootstrapconfig.JoinSeedAndHash([]byte(seed), hash))
+}