# How to use:
#
# rex commons nsd_master nsd_slaves
#
# Why use Rex to automate my servers? Because Rex is KISS, Puppet, SALT and Chef
# are not. So, why not use Ansible then? To use Ansible correctly you should also
# install Python on the target machines (not mandatory, though. But better).
# Rex is programmed in Perl and there is already Perl in the base system of OpenBSD.
# Also, I find Perl > Python (my personal opinion).

use Rex -feature => ['1.4'];
use Rex::Logger;
use File::Slurp;

# REX CONFIG SECTION

group frontends => 'blowfish.buetow.org', 'twofish.buetow.org';
group dnsmaster => 'blowfish.buetow.org';
group dnsslaves => 'twofish.buetow.org';

user 'rex';
sudo TRUE;

parallelism 5;

# CUSTOM (PERL-ish) CONFIG SECTION (what Rex can't do by itself)

# Gather IPv6 addresses based on hostname.
our $ipv6address = sub {
  my $hostname = shift;
  return '2a01:4f8:c17:20f1::42' if $hostname eq 'blowfish';
  return '2401:c080:1000:45af:5400:3ff:fec6:ca1d' if $hostname eq 'twofish';
  Rex::Logger::info("Unable to determine IPv6 address for $hostname", 'error');
  return '::1';
};

# Bootstrapping the FQDN based on the server IP as the hostname and domain
# facts aren't set yet due to the myname file in the first place.
our $fqdns = sub {
  my $ipv4 = shift;
  return 'blowfish.buetow.org' if $ipv4 eq '23.88.35.144'; 
  return 'twofish.buetow.org' if $ipv4 eq '108.160.134.135';
  Rex::Logger::info("Unable to determine hostname for $ipv4", 'error');
  return 'HOSTNAME-UNKNOWN.buetow.org';
};

our @dns_zones = qw/buetow.org dtail.dev foo.surf foo.zone irregular.ninja sidewalk.ninja snonux.de snonux.me/;

sub secret {
  my $secret = shift;
  read_file($ENV{HOME} . '/.rexsecrets/' . $secret);
}

# UTILITY TASKS

task 'id', group => 'frontends', sub { say run 'id' };
task 'dump_info', group => 'frontends', sub { dump_system_information };

# OPENBSD TASKS SECTION

desc 'Install base stuff';
task 'base', group => 'frontends',
  sub {
    pkg 'rsync', ensure => present;
    pkg 'sudo', ensure => present;
    pkg 'tig', ensure => present;
    pkg 'vger', ensure => present;
    pkg 'zsh', ensure => present;

    append_if_no_such_line '/etc/rc.conf.local', 'pkg_scripts="uptimed httpd"';

    file '/etc/myname',
      content => template('./etc/myname.tpl', fqdns => $fqdns),
      owner => 'root',
      group => 'wheel',
      mode => '644';
  };

desc 'Setup uptimed';
task 'uptimed', group => 'frontends',
  sub {
    Rex::Logger::info('Setting up uptimed');
    pkg 'uptimed', ensure => present;
    service 'uptimed', ensure => 'started';
  };

desc 'Setup httpd';
task 'httpd', group => 'frontends',
  sub {
    append_if_no_such_line '/etc/rc.conf.local', 'httpd_flags=';
    #delete_lines_according_to qr{httpd_flags}, '/etc/rc.conf.local';

    file '/etc/httpd.conf',
      source => './etc/httpd.conf',
      owner => 'root',
      group => 'wheel',
      mode => '644',
      on_change => sub {
        service 'httpd' => 'restart';
      };
    service 'httpd', ensure => 'started';
  };

desc 'Setup inetd';
task 'inetd', group => 'frontends',
  sub {
    append_if_no_such_line '/etc/rc.conf.local', 'inetd_flags=';

    file '/etc/inetd.conf',
      source => './etc/inetd.conf',
      owner => 'root',
      group => 'wheel',
      mode => '644',
      on_change => sub {
        service 'inetd' => 'restart';
      };
    service 'inetd', ensure => 'started';
  };

desc 'Setup relayd';
task 'relayd', group => 'frontends',
  sub {
    append_if_no_such_line '/etc/rc.conf.local', 'relayd_flags=';

    file '/etc/relayd.conf',
      content => template('./etc/relayd.conf.tpl', ipv6address => $ipv6address),
      owner => 'root',
      group => 'wheel',
      mode => '600',
      on_change => sub {
        service 'relayd' => 'restart';
      };
    service 'relayd', ensure => 'started';
  };

desc 'Setup OpenSMTPD';
task 'smtpd', group => 'frontends',
  sub {
    file '/etc/mail/aliases',
      source => './etc/mail/aliases',
      owner => 'root',
      group => 'wheel',
      mode => '644',
      on_change => sub {
        say run 'newaliases';
      };

    file '/etc/mail/virtualdomains',
      source => './etc/mail/virtualdomains',
      owner => 'root',
      group => 'wheel',
      mode => '644',
      on_change => sub {
        service 'smtpd' => 'restart';
      };

    file '/etc/mail/virtualusers',
      source => './etc/mail/virtualusers',
      owner => 'root',
      group => 'wheel',
      mode => '644',
      on_change => sub {
        service 'smtpd' => 'restart';
      };

    file '/etc/mail/smtpd.conf',
      content => template('./etc/mail/smtpd.conf.tpl', mail_hostname => sub {
          my $hostname = shift;
          return 'buetow.org' if $hostname eq 'blowfish';
          return 'www.buetow.org' if $hostname eq 'twofish';
          return 'buetow.org';
        }),
      owner => 'root',
      group => 'wheel',
      mode => '644',
      on_change => sub {
        service 'smtpd' => 'restart';
      };

    service 'smtpd', ensure => 'started';
  };

desc 'Setup DNS server';
task 'nsd_master', group => 'dnsmaster',
  sub {
    my $restart = FALSE;
    append_if_no_such_line '/etc/rc.conf.local', 'nsd_flags=';

    file '/var/nsd/etc/key.conf',
      content => template('./var/nsd/etc/key.conf.tpl',
          nsd_secret => secret('nsd_secret')),
      owner => 'root',
      group => '_nsd',
      mode => '640',
      on_change => sub {
        $restart = TRUE;
      };

    file '/var/nsd/etc/nsd.conf',
      content => template('./var/nsd/etc/nsd.conf.master.tpl',
          dns_zones => \@dns_zones),
      owner => 'root',
      group => '_nsd',
      mode => '640',
      on_change => sub {
        $restart = TRUE;
      };

    for my $zone (@dns_zones) {
      file "/var/nsd/zones/master/$zone.zone",
        content => template("./var/nsd/zones/master/$zone.zone.tpl"),
        owner => 'root',
        group => 'wheel',
        mode => '644',
        on_change => sub {
          $restart = TRUE;
        };
     }

    service 'nsd' => 'restart' if $restart;
    service 'nsd', ensure => 'started';
  };

desc 'Setup DNS slaves';
task 'nsd_slaves', group => 'dnsslaves',
  sub {
    my $restart = FALSE;

    file '/var/nsd/etc/key.conf',
      content => template('./var/nsd/etc/key.conf.tpl',
          nsd_secret => secret('nsd_secret')),
      owner => 'root',
      group => '_nsd',
      mode => '640',
      on_change => sub {
        $restart = TRUE;
      };

    file '/var/nsd/etc/nsd.conf',
      content => template('./var/nsd/etc/nsd.conf.slave.tpl',
          dns_zones => \@dns_zones),
      owner => 'root',
      group => '_nsd',
      mode => '640',
      on_change => sub {
        $restart = TRUE;
      };

    service 'nsd' => 'restart' if $restart;
    service 'nsd', ensure => 'started';
  };

desc 'Setup HA';
task 'ha', group => 'frontends',
  sub {
    file '/usr/local/bin/ha.pl',
      source => './usr/local/bin/ha.pl',
      owner => 'root',
      group => 'wheel',
      mode => '755';

    file '/var/run/ha.status',
      content => '# Initial HA status file',
      owner => 'www',
      group => 'wheel',
      mode => '644',
      no_overwrite => TRUE;
  };

# COMBINED TASKS SECTION

desc 'Common configs of all hosts';
task 'commons', group => 'frontends',
  sub {
    base();
    uptimed();
    httpd();
    inetd();
    relayd();
    smtpd();
    ha();
  };

1;

# vim: syntax=perl