add firmware related stuff

build environment and webserver

build/gitconfig.build

@@ -0,0 +1,7 @@
+[user]
+	name = Freifunk Hochstift
+	email = kontakt@hochstift.freifunk.net
+[push]
+	default = simple
+[core]
+	editor = vim

build/init.sls

@@ -0,0 +1,148 @@
+#
+# build
+#
+
+build:
+  pkg.installed:
+    - pkgs:
+      - git
+      - python
+      - subversion
+      - build-essential
+      - gawk
+      - unzip
+      - libncurses-dev
+      - libz-dev
+      - libssl-dev
+      - lua5.1
+  user.present:
+    - name: build
+    - shell: /bin/bash
+    - home: /home/build
+    - createhome: True
+    - gid_from_name: True
+    - require:
+      - group: build
+  group.present:
+    - name: build
+    - system: False
+
+/home/build/.vimrc:
+  file.managed:
+    - source: salt://vim/vimrc
+    - require:
+      - user: build
+
+/home/build/.bashrc:
+  file.managed:
+      - source: salt://bash/bashrc.user
+      - template: jinja
+      - require:
+        - user: build
+
+git-config:
+  file.managed:
+    - name: /home/build/.gitconfig
+    - source: salt://build/gitconfig.build
+    - user: build
+    - group: build
+    - require:
+      - user: build
+
+build-git:
+  file.directory:
+    - name: /srv/build
+    - user: build
+    - group: build
+    - mode: 755
+    - require:
+      - user: build
+  git.latest:
+    - name: git@git.c3pb.de:freifunk-pb/firmware.git
+    - target: /srv/build
+    - user: build
+    - update_head: False
+    - require:
+      - pkg: build
+      - user: build
+      - ssh_known_hosts: git.c3pb.de
+      - file: /home/build/.ssh/id_rsa
+      - file: build-git
+
+firmware-git:
+  file.directory:
+    - name: /srv/build/output
+    - user: build
+    - mode: 755
+    - require:
+      - git: build-git
+  git.latest:
+    - name: git@git.c3pb.de:freifunk-pb/firmware-website.git
+    - target: /srv/build/output
+    - branch: signing
+    - user: build
+    - update_head: False
+    - require:
+      - file: firmware-git
+
+/srv/build/opkg-keys:
+  file.directory:
+    - user: build
+    - group: build
+    - mode: 700
+    - require:
+      - git: build-git
+
+/srv/build/opkg-keys/gluon-opkg-key:
+  file.managed:
+    - contents_pillar: nodes:{{ grains['id'] }}:opkg:build:opkg_privkey
+    - user: build
+    - group: build
+    - mode: 400
+    - require:
+      - file: /srv/build/opkg-keys
+
+git.c3pb.de:
+  ssh_known_hosts.present:
+    - user: build
+    - enc: ecdsa
+    - fingerprint: 60:97:30:24:0b:85:21:e4:c3:49:c2:f5:12:de:1c:da
+    - require:
+      - user: build
+
+firmware.in.ffho.net:
+  ssh_known_hosts.present:
+    - user: build
+    - enc: ecdsa
+    - fingerprint: {{salt['pillar.get']('nodes:firmware.in.ffho.net:ssh:fingerprint',[])}}
+    - require:
+      - user: build
+
+/home/build/.ssh:
+  file.directory:
+    - user: build
+    - group: build
+    - mode: 700
+    - require:
+      - user: build
+
+# Create authorized_keys for build
+/home/build/.ssh/authorized_keys:
+  file.managed:
+    - source: salt://ssh/authorized_keys.tmpl
+    - template: jinja
+      username: build
+    - user: build
+    - group: build
+    - mode: 644
+    - require:
+      - file: /home/build/.ssh
+
+/home/build/.ssh/id_rsa:
+  file.managed:
+    - contents_pillar: nodes:{{ grains['id'] }}:ssh:build:ssh_privkey
+    - user: build
+    - group: build
+    - mode: 400
+    - require:
+      - file: /home/build/.ssh

firmware/init.sls

@@ -0,0 +1,97 @@
+#
+# firmware
+#
+
+firmware-pkgs:
+  pkg.installed:
+    - pkgs:
+      - git
+      - pandoc
+  user.present:
+    - name: firmware
+    - shell: /bin/bash
+    - home: /home/firmware
+    - createhome: True
+    - gid_from_name: True
+
+firmware-git:
+  file.directory:
+    - name: {{salt['pillar.get']('nodes:' ~ grains['id'] ~ ':path:firmware', [])}}
+    - user: firmware
+    - group: firmware
+    - mode: 755
+    - require:
+      - user: firmware
+  git.latest:
+    - name: git@git.c3pb.de:freifunk-pb/firmware-website.git
+    - target: {{salt['pillar.get']('nodes:' ~ grains['id'] ~ ':path:firmware', [])}}
+    - user: firmware
+    - update_head: False
+    - require:
+      - pkg: firmware-pkgs
+      - user: firmware
+      - file: firmware-git
+      - file: /home/firmware/.ssh/id_rsa
+      - ssh_known_hosts: git.c3pb.de
+
+firmware-changelog:
+  cmd.run:
+    - name: FORCE=1 /usr/local/sbin/update-firmware
+    - creates: {{salt['pillar.get']('nodes:' ~ grains['id'] ~ ':path:firmware', [])}}/stable/Changelog.html
+    - user: firmware
+    - group: firmware
+    - watch:
+      - git: firmware-git
+    - require:
+      - user: firmware
+      - file: /usr/local/sbin/update-firmware
+
+# SSH fingerprint of gitlab
+git.c3pb.de:
+  ssh_known_hosts.present:
+    - user: firmware
+    - enc: ecdsa
+    - fingerprint: 60:97:30:24:0b:85:21:e4:c3:49:c2:f5:12:de:1c:da
+
+/home/firmware/.ssh:
+  file.directory:
+    - user: firmware
+    - group: firmware
+    - mode: 700
+    - require:
+      - user: firmware
+
+/home/firmware/.ssh/authorized_keys:
+  file.managed:
+    - contents_pillar: nodes:masterbuilder.in.ffho.net:ssh:build:ssh_pubkey
+    - user: firmware
+    - group: firmware
+    - mode: 644
+    - require:
+      - file: /home/firmware/.ssh
+
+/home/firmware/.ssh/id_rsa:
+  file.managed:
+    - contents_pillar: nodes:{{ grains['id'] }}:ssh:firmware:ssh_privkey
+    - user: firmware
+    - group: firmware
+    - mode: 400
+    - require:
+      - file: /home/firmware/.ssh
+
+firmware-cron:
+  cron.present:
+    - name: /usr/local/sbin/update-firmware
+    - identifier: firmware-cron
+    - user: firmware
+    - minute: 42
+    - require:
+      - user: firmware
+      - file: /usr/local/sbin/update-firmware
+
+
+/usr/local/sbin/update-firmware:
+  file.managed:
+    - source: salt://firmware/update-firmware
+    - template: jinja
+    - mode: 755

firmware/update-firmware

@@ -0,0 +1,80 @@
+#!/bin/bash
+# (c) 2016 Freifunk Hochstift <kontakt@hochstift.freifunk.net>
+#
+
+DEFAULT_DIR="{{salt['pillar.get']('nodes:' ~ grains['id'] ~ ':path:firmware', [])}}"
+DEFAULT_BRANCHES="stable testing experimental"
+
+getCurrentVersion() {
+	# Get hash from latest revision
+	git log --format=format:%H -1 | tr -d '\n'
+}
+
+
+function createChangelog {
+	VERSION=$1
+	VERSION_DIR=${FIRMWARE_DIR}/${VERSION}
+
+	if [ ! -d "${VERSION_DIR}" ]; then
+		echo "${VERSION} directory not found (${VERSION_DIR})."
+		return 1
+	fi
+
+	rm -f ${VERSION_DIR}/Changelog.html
+	if [ -r "${VERSION_DIR}/Changelog.md" ]; then
+		[ "${VERBOSE}" -eq "1" ] && echo "create ${VERSION}/Changelog.html"
+		pandoc -f markdown -t html5 -o ${VERSION_DIR}/Changelog.html -s -V pagetitle="FFHO Changelog (${VERSION})" ${VERSION_DIR}/Changelog.md > /dev/null
+		[ "$?" -eq "0" ] || echo "failed to create ${VERSION}/Changelog.html"
+	fi
+
+	return 0
+}
+
+[ -n "${FIRMWARE_DIR}" ] || FIRMWARE_DIR=${DEFAULT_DIR}
+[ -n "${BRANCHES}" ] || BRANCHES=${DEFAULT_BRANCHES}
+[ -n "${VERBOSE}" ] || VERBOSE=0
+
+if [ ! -d "${FIRMWARE_DIR}" ]; then
+	echo "Firmware directory not found (${FIRMWARE_DIR}). Cannot update."
+	exit 1
+fi
+if [ ! -d "${FIRMWARE_DIR}/.git" ]; then
+	echo "Firmware directory does not seem to be a git repository. Cannot update."
+	exit 1
+fi
+
+pushd ${FIRMWARE_DIR} > /dev/null
+
+# Get current version hash
+LAST_REVISION="$(getCurrentVersion)"
+
+if [ "$(git status --porcelain --untracked-files=no)" ]; then
+	echo "Local changes to firmware directory. Cowardly refusing to update firmware-website.git!" >&2
+	exit 1
+fi
+
+[ "${VERBOSE}" -eq "1" ] && echo "pull changes from remote repository"
+if ! git pull --quiet --rebase > /dev/null; then
+	echo " => Update of firmware-website.git failed... :-(" >&2
+	exit 2
+fi
+
+# Get new version hash
+NEW_REVISION="$(getCurrentVersion)"
+
+if [ "${LAST_REVISION}" != "${NEW_REVISION}" ] || [ "${FORCE}" -eq "1" ]; then
+	for folder in *; do
+		if [ -d "${folder}" -a ! -L "${folder}" ]; then
+			createChangelog ${folder}
+		fi
+	done
+	[ "${VERBOSE}" -eq "1" ] && echo ""
+
+	# Get list of commits since last local version
+	num_commits="$(git log --abbrev-commit --pretty=oneline ${LAST_REVISION}..${NEW_REVISION} | wc -l)"
+	last_msg="$(git log --abbrev-commit --pretty=oneline ${LAST_REVISION}..${NEW_REVISION} | head -n1)"
+
+	echo "Firmware-Website updated: ${num_commits} commit(s) (last: ${last_msg})"
+fi
+[ "${VERBOSE}" -eq "1" ] && echo "Finish"
+popd > /dev/null #${FIRMWARE_DIR}

nginx/firmware.in.ffho.net

@@ -0,0 +1,55 @@
+#
+# /etc/nginx/sites-enabled/firmware.in.ffho.net (Salt managed)
+#
+
+server {
+	listen 80;
+	listen [::]:80;
+
+	root {{salt['pillar.get']('nodes:' ~ grains['id'] ~ ':path:firmware', [])}};
+
+	server_name ~^firmware\.(srv\.)?in\.ffho\.net$;
+	fancyindex on;
+	fancyindex_exact_size off;
+	fancyindex_name_length 70;
+	fancyindex_header /header.html;
+	fancyindex_localtime on;
+	fancyindex_default_sort name;
+
+	location / {
+		try_files $uri $uri/ /index.html =404;
+		fancyindex_ignore header.html favicon.ico models-short.txt models.txt robots.txt scripts;
+	}
+
+	location ~ /\. {
+		deny all;
+	}
+
+	location /scripts {
+		deny all;
+	}
+
+	location ~ ^/(?<site_code>(ffho(_(\w\w\w))?(_(cty|uml))?))/(stable|testing|experimental)/sysupgrade/((?<branch>(stable|testing|experimental))\.manifest)$ {
+		try_files $uri /$branch/sysupgrade/$branch.$site_code.manifest /$branch/sysupgrade/$branch.manifest;
+	}
+
+	location ~ ^/(?<site_code>(ffho(_(\w\w\w))?(_(cty|uml))?))/(?<branch>(stable|testing|experimental))/sysupgrade/(?<file>.*) {
+		try_files $uri /$branch/sysupgrade/$file /stable/sysupgrade/$file /testing/sysupgrade/$file /experimental/sysupgrade/$file;
+	}
+
+	# opkg mirror
+	location ~^/openwrt/(?<file>.+)$ {
+		return 302 http://ftp.stw-bonn.de/pub/openwrt/$file;
+	}
+
+	# autoupdater legacy glue
+	location ~ ^/(?<site_code>(ffho(_(\w\w\w))?(_(cty|uml))?))/(?<branch>(stable|testing|experimental))/($branch\.manifest)$ {
+		try_files $uri /$branch/sysupgrade/$branch.$site_code.manifest /$branch/sysupgrade/$branch.manifest =404;
+	}
+	location ~ ^/(?<site_code>(ffho(_(\w\w\w))?(_(cty|uml))?))/(?<branch>(stable|testing|experimental))/(?<file>.*) {
+		try_files $uri /$branch/sysupgrade/$file =404;
+	}
+	location ~ ^/(?<branch>(stable|testing|experimental))/(?<file>.*)$ {
+		try_files $uri $uri/ /$branch/sysupgrade/$file =404;
+	}
+}