From fe040d1aa9a01e14c882ead7cb09303aef588804 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Hugo=20H=C3=B6rnquist?= <hugo@lysator.liu.se>
Date: Thu, 13 Jan 2022 12:59:43 +0100
Subject: Rewrote mots of nspawn.

---
 manifests/init.pp                    |  5 +++
 manifests/machine.pp                 | 64 +++++++++++++++++++++++++-----------
 manifests/os/debian.pp               | 42 +++++++++++++++++------
 manifests/setup.pp                   |  3 ++
 manifests/util/disable_networking.pp |  3 +-
 manifests/util/enable_networkd.pp    |  5 ++-
 templates/unit_file.epp              |  1 +
 7 files changed, 89 insertions(+), 34 deletions(-)
 create mode 100644 manifests/init.pp
 create mode 120000 templates/unit_file.epp

diff --git a/manifests/init.pp b/manifests/init.pp
new file mode 100644
index 0000000..fcda29e
--- /dev/null
+++ b/manifests/init.pp
@@ -0,0 +1,5 @@
+class nspawn (
+  Hash[String,Hash] $machines,
+) {
+  create_resources(nspawn::machine, $machines)
+}
diff --git a/manifests/machine.pp b/manifests/machine.pp
index 8ba9bf3..8cc1947 100644
--- a/manifests/machine.pp
+++ b/manifests/machine.pp
@@ -7,32 +7,56 @@ define nspawn::machine (
 
   require ::nspawn::setup
 
-  file { "/var/lib/machines/${machine}/puppet":
-    ensure => directory,
+  $domain = $facts['domain']
+
+  # Sets up image
+  # create_resources("nspawn::os::${os}", { $machine => $os_opts })
+  nspawn::os::debian { 'debian-bullseye.base':
+    * => $os_opts,
   }
 
-  file { "/etc/systemd/nspawn/${machine}.nspawn":
-    content => @("EOF")
-    [Exec]
-    Hostname=${machine}.adrift.space
-    Boot=true
-    # /usr/lib/systemd/resolv.conf
-    ResolvConf=copy-static
-
-    [Files]
-    # TODO This should only be mounted on puppet servers, in case it
-    # contains secrets
-    BindReadOnly=/usr/local/puppet:/puppet
-
-    [Network]
-    Bridge=br0
-    | EOF
+  # Copies image to us
+  exec { "Create ${machine} from template":
+    command => [ 'systemd-nspawn',
+      '--template=/var/lib/machines/debian-bullseye.base',
+      '-D', $machine,
+    ],
+    path    => ['/bin','/usr/bin'],
+    cwd     => '/var/lib/machines',
+    creates => "/var/lib/machines/${machine}",
+    require => Nspawn::Os::Debian['debian-bullseye.base'],
+  }
+
+  file { "/var/lib/machines/${machine}/etc/hostname":
+    ensure  => file,
+    content => "${machine}.${domain}\n",
+    require => Exec["Create ${machine} from template"],
   }
 
-  create_resources("nspawn::os::${os}", { $machine => $os_opts })
+  # systemd-nspawn --quiet -M debby systemctl enable puppet
+
+  $nspawn_data = {
+    'Exec'         => {
+      # 'Hostname'   => "${machine}.${domain}",
+      'Boot'       => 'true',
+      'ResolvConf' => 'copy-static', # /usr/lib/systemd/resolv.conf
+    },
+    'Network'  => {
+      'Bridge' => 'br0',
+    }
+  }
+
+  file { "/etc/systemd/nspawn/${machine}.nspawn":
+    ensure  => file,
+    content => epp('nspawn/unit_file.epp', {
+      data  => $nspawn_data,
+    }),
+    notify => Service["systemd-nspawn@${machine}.service"],
+  }
 
   service { "systemd-nspawn@${machine}.service":
-    enable => $enable,
+    enable  => $enable,
+    require => File["/etc/systemd/nspawn/${machine}.nspawn"],
   }
 
 }
diff --git a/manifests/os/debian.pp b/manifests/os/debian.pp
index fbab9ac..ff687dd 100644
--- a/manifests/os/debian.pp
+++ b/manifests/os/debian.pp
@@ -1,21 +1,26 @@
+# TODO rename this to image-setup
 define nspawn::os::debian (
   String $os_version,
   String $machine = $name,
 ) {
 
+  $root = "/var/lib/machines/debian-${os_version}.base"
+
   ensure_packages(['debootstrap'])
 
-  exec { "/usr/bin/deboostrap ${os_version} /var/lib/machines/${machine}":
-    creates => "/var/lib/machines/${machine}/etc/os-release",
+  exec { "/usr/bin/deboostrap ${os_version} '${root}'":
+    creates => "${root}/etc/os-release",
   }
 
-  $puppet_deb = "/var/lib/machines/${machine}/tmp/puppet7-release-${os_version}.deb"
-  file { $puppet_deb:
+  $puppet_deb = "puppet7-release-${os_version}.deb"
+  $puppet_deb_path = "${root}/opt/${puppet_deb}"
+
+  file { $puppet_deb_path:
     ensure => file,
-    source => "https://apt.puppet.com/puppet7-release-${os_version}.deb"
+    source => "https://apt.puppet.com/${puppet_deb}"
   }
 
-  $running = $facts['machined-info'][$machine] != Undef or $facts['machined-info'][$machine]['State'] == 'running' 
+  $running = $facts['machined-info'][$machine] != undef and $facts['machined-info'][$machine]['State'] == 'running' 
 
   if $running {
     # TODO
@@ -24,12 +29,12 @@ define nspawn::os::debian (
     }
   } else {
     exec { "Set up puppet repo for ${machine}":
-      subscribe => File[$puppet_deb],
+      subscribe => File[$puppet_deb_path],
       command   => [ '/usr/bin/systemd-nspawn',
       '-M', $machine,
       '--quiet',
       '/bin/sh', '-c',
-      "dpkg -i '/tmp/puppet7-release-${os_version}.deb' && apt update"
+      "dpkg -i '/opt/puppet7-release-${os_version}.deb' && apt update"
       ],
     }
 
@@ -39,11 +44,28 @@ define nspawn::os::debian (
       '--quiet',
       'apt', 'install', 'puppet-agent',
       ],
-      creates => "/var/lib/machines/${machine}/opt/puppetlabs/bin/puppet",
+      creates => "${root}/opt/puppetlabs/bin/puppet",
     }
   }
 
+
+  exec { "Enable puppet on ${machine}":
+    command => [ '/usr/bin/systemd-nspawn',
+    '-M', $machine,
+    '--quiet',
+    'systemctl', 'enable', 'puppet',
+    ],
+    creates => "${root}/etc/systemd/system/multi-user.target.wants/puppet.service",
+  }
+
+  file { "${root}/etc/puppetlabs/puppet/puppet.conf":
+    ensure  => file,
+    content => @(EOF)
+      [main]
+        server = busting.adrift.space
+      | EOF
+  }
+
   nspawn::util::disable_networking { $machine: }
   nspawn::util::enable_networkd { $machine: }
-
 }
diff --git a/manifests/setup.pp b/manifests/setup.pp
index 9f742fd..ab42446 100644
--- a/manifests/setup.pp
+++ b/manifests/setup.pp
@@ -12,5 +12,8 @@ class nspawn::setup {
       | EOF
   }
 
+  service { 'machines.target':
+    enable => true,
+  }
 
 }
diff --git a/manifests/util/disable_networking.pp b/manifests/util/disable_networking.pp
index 4a9b31b..ac55951 100644
--- a/manifests/util/disable_networking.pp
+++ b/manifests/util/disable_networking.pp
@@ -3,8 +3,9 @@ define nspawn::util::disable_networking (
   String $machine_path = "/var/lib/machines/${machine}",
 ) {
 
+  $running = $facts['machined-info'][$machine] != undef and $facts['machined-info'][$machine]['State'] == 'running' 
 
-  $cmd = if $facts['machined-info'][$machine]['State'] == 'running' {
+  $cmd = if $running {
     [ 'systemctl', '-M', $machine, 'disable', 'networking' ]
   } else {
     [ 'systemd-nspawn', '-M', $machine, '--quiet',
diff --git a/manifests/util/enable_networkd.pp b/manifests/util/enable_networkd.pp
index 8e447b9..f9b4d2e 100644
--- a/manifests/util/enable_networkd.pp
+++ b/manifests/util/enable_networkd.pp
@@ -3,9 +3,8 @@ define nspawn::util::enable_networkd (
   String $machine_path = "/var/lib/machines/${machine}",
 ) {
 
-  # TODO only do this if the directory is empty
   networking::networkd_instance { "Initial networking on ${machine}":
-    priority => 50,
+    priority => 99,
     filename => 'puppet-initial',
     path     => "${machine_path}/${networking::networkd::path}",
     content  => {
@@ -19,7 +18,7 @@ define nspawn::util::enable_networkd (
     },
   }
 
-  $running = $facts['machined-info'][$machine] != Undef or $facts['machined-info'][$machine]['State'] == 'running'
+  $running = $facts['machined-info'][$machine] != undef and $facts['machined-info'][$machine]['State'] == 'running' 
 
   $cmd = if $running {
     [ 'systemctl', '-M', $machine, 'enable', 'systemd-networkd' ]
diff --git a/templates/unit_file.epp b/templates/unit_file.epp
new file mode 120000
index 0000000..ca099ec
--- /dev/null
+++ b/templates/unit_file.epp
@@ -0,0 +1 @@
+../../networking/templates/unit_file.epp
\ No newline at end of file
-- 
cgit v1.2.3