From facb0483b52cd9e171d48a078ca2d78d36abaf54 Mon Sep 17 00:00:00 2001
From: Paul Buetow <paul@buetow.org>
Date: Fri, 15 Apr 2022 16:05:51 +0100
Subject: rexification of more

---
 openbsd/frontends/Rexfile                  | 51 ++++++++++++++++++++++++++++++
 openbsd/frontends/etc/relayd.conf.tpl      | 20 ++++++++++++
 openbsd/frontends/etc/relayd.conf:blowfish | 20 ------------
 openbsd/frontends/etc/relayd.conf:twofish  | 20 ------------
 4 files changed, 71 insertions(+), 40 deletions(-)
 create mode 100644 openbsd/frontends/etc/relayd.conf.tpl
 delete mode 100644 openbsd/frontends/etc/relayd.conf:blowfish
 delete mode 100644 openbsd/frontends/etc/relayd.conf:twofish

diff --git a/openbsd/frontends/Rexfile b/openbsd/frontends/Rexfile
index 756b326..0d16905 100644
--- a/openbsd/frontends/Rexfile
+++ b/openbsd/frontends/Rexfile
@@ -13,17 +13,65 @@ parallelism 5;
 task 'id', group => 'frontends', sub { say run 'id' };
 task 'dump_info', group => 'frontends', sub { dump_system_information };
 
+our $ipv6address = sub {
+  my $hostname = shift;
+  return '2a01:4f8:c17:20f1::42' if $hostname eq 'blowfish';
+  return '2401:c080:1000:45af:5400:3ff:fec6:ca1d' if $hostname eq 'twofish';
+  return '::1';
+};
+
+desc 'Install various packages';
+task 'packages', group => 'frontends',
+  sub {
+    pkg 'rsync', ensure => present;
+    pkg 'sudo', ensure => present;
+    pkg 'tig', ensure => present;
+    pkg 'vger', ensure => present;
+    pkg 'zsh', ensure => present;
+  };
+
+desc 'Setup httpd';
+task 'httpd', group => 'frontends',
+  sub {
+    file '/etc/httpd.conf',
+      source => './etc/httpd.conf',
+      owner => 'www',
+      group => 'wheel',
+      mode => '644',
+      on_change => sub {
+        service 'httpd' => 'restart';
+      };
+    service 'httpd', ensure => 'started';
+  };
+
 desc 'Setup inetd';
 task 'inetd', group => 'frontends',
   sub {
     file '/etc/inetd.conf',
       source => './etc/inetd.conf',
+      owner => 'www',
+      group => 'wheel',
+      mode => '644',
       on_change => sub {
         service 'inetd' => 'restart';
       };
     service 'inetd', ensure => 'started';
   };
 
+desc 'Setup relayd';
+task 'relayd', group => 'frontends',
+  sub {
+    file '/etc/relayd.conf',
+      content => template('./etc/relayd.conf.tpl', ipv6address => $ipv6address),
+      owner => 'root',
+      group => 'wheel',
+      mode => '600',
+      on_change => sub {
+        service 'relayd' => 'restart';
+      };
+    service 'relayd', ensure => 'started';
+  };
+
 desc 'Setup HA';
 task 'ha', group => 'frontends',
   sub {
@@ -44,7 +92,10 @@ task 'ha', group => 'frontends',
 desc 'frontend';
 task 'frontend', group => 'frontends',
   sub {
+    packages();
+    httpd();
     inetd();
+    relayd();
     ha();
   };
 
diff --git a/openbsd/frontends/etc/relayd.conf.tpl b/openbsd/frontends/etc/relayd.conf.tpl
new file mode 100644
index 0000000..d8553b2
--- /dev/null
+++ b/openbsd/frontends/etc/relayd.conf.tpl
@@ -0,0 +1,20 @@
+log connection
+
+tcp protocol "gemini" {
+    tls keypair buetow.org
+    tls keypair snonux.de
+    tls keypair foo.zone
+    tls keypair irregular.ninja
+}
+
+relay "gemini4" {
+    listen on <%= $vio0_ip %> port 1965 tls
+    protocol "gemini"
+    forward to 127.0.0.1 port 11965
+}
+
+relay "gemini6" {
+    listen on <%= $ipv6address->($hostname) %> port 1965 tls
+    protocol "gemini"
+    forward to 127.0.0.1 port 11965
+}
diff --git a/openbsd/frontends/etc/relayd.conf:blowfish b/openbsd/frontends/etc/relayd.conf:blowfish
deleted file mode 100644
index a46877f..0000000
--- a/openbsd/frontends/etc/relayd.conf:blowfish
+++ /dev/null
@@ -1,20 +0,0 @@
-log connection
-
-tcp protocol "gemini" {
-    tls keypair buetow.org
-    tls keypair snonux.de
-    tls keypair foo.zone
-    tls keypair irregular.ninja
-}
-
-relay "gemini4" {
-    listen on 23.88.35.144 port 1965 tls
-    protocol "gemini"
-    forward to 127.0.0.1 port 11965
-}
-
-relay "gemini6" {
-    listen on 2a01:4f8:c17:20f1::42 port 1965 tls
-    protocol "gemini"
-    forward to 127.0.0.1 port 11965
-}
diff --git a/openbsd/frontends/etc/relayd.conf:twofish b/openbsd/frontends/etc/relayd.conf:twofish
deleted file mode 100644
index de65edf..0000000
--- a/openbsd/frontends/etc/relayd.conf:twofish
+++ /dev/null
@@ -1,20 +0,0 @@
-log connection
-
-tcp protocol "gemini" {
-    tls keypair buetow.org
-    tls keypair snonux.de
-    tls keypair foo.zone
-    tls keypair irregular.ninja
-}
-
-relay "gemini4" {
-    listen on 108.160.134.135 port 1965 tls
-    protocol "gemini"
-    forward to 127.0.0.1 port 11965
-}
-
-relay "gemini6" {
-    listen on 2401:c080:1000:45af:5400:3ff:fec6:ca1d port 1965 tls
-    protocol "gemini"
-    forward to 127.0.0.1 port 11965
-}
-- 
cgit v1.2.3