feat: improvements for V3.21

Dockerfile

@@ -1,5 +1,5 @@
-FROM    alpine:3.20
-ARG     ALPINE="v3.20"
+FROM    alpine:3.21
+ARG     ALPINE="v3.21"
 ARG     BUILDUSER=alpine
 
 RUN     echo "http://dl-cdn.alpinelinux.org/alpine/${ALPINE}/main" > /etc/apk/repositories && \

Makefile

@@ -46,7 +46,7 @@ apk: packages distfiles
 		-v ${HOME}/.gitconfig/:/home/alpine/.gitconfig:ro \
 		-v ${HOME}/.abuild/:/home/alpine/.abuild:ro \
 		--env DEBUG=$(DEBUG) \
-		$(REGISTRY)/$(IMAGE):$(ALPINE_RELEASE) $(PKG)
+		$(REGISTRY)/$(IMAGE):v$(ALPINE_MAJOR) $(PKG)
 
 download:
 	aws s3 sync s3://zero-downtime-web-cdn/alpine/v$(ALPINE_MAJOR)/kubezero/x86_64/ packages/kubezero/x86_64/ --exclude APKINDEX.tar.gz
@@ -62,4 +62,4 @@ upload: invalidate_cdn
 	#aws s3 cp packages/kubezero/aarch64/APKINDEX.tar.gz s3://zero-downtime-web-cdn/alpine/v$(ALPINE_MAJOR)/kubezero/aarch64/ --cache-control max-age=1
 
 init_apk_repo:
-	aws s3 cp s3://zero-downtime-web-cdn/alpine/v3.19/kubezero/x86_64/APKINDEX.tar.gz s3://zero-downtime-web-cdn/alpine/v$(ALPINE_MAJOR)/kubezero/x86_64/APKINDEX.tar.gz
+	aws s3 cp s3://zero-downtime-web-cdn/alpine/v3.20/kubezero/x86_64/APKINDEX.tar.gz s3://zero-downtime-web-cdn/alpine/v$(ALPINE_MAJOR)/kubezero/x86_64/APKINDEX.tar.gz

abuilder

@@ -3,7 +3,7 @@ set -e
 
 [ -n "$DEBUG" ] && set -x
 
-doas apk update && doas apk upgrade
+doas apk -U upgrade
 
 if [ "$1" = 'aarch64-toolchain' ]; then
   aarch64-toolchain.sh

kubezero/containerd/APKBUILD

@@ -127,7 +127,7 @@ stress() {
 
 sha512sums="
 4cb003a6ef2f9fe856665c3b7099e13b23cf07c77ed9a9ed50988d74de1933e3fe9463ae123635230f25cde38cd8a487133b11e20d829a79517c4d7fbe2ce012  containerd-1.7.23.tar.gz
-5fb37b88554422738cc75b944b75836c123d87d418a16c6a25b9d49da023bd0e654d1aa694e60026de42c055ccf7469f5b4778a4876e94720ec2f40d618db580  containerd.confd
+75a882a95167578bb4f289822256e770ecf2f74d7a50181e622c15e847383120d3622100e5e5629b94b58e2082f990de1cc3daa2f69b0ee48827072c1e9dde0e  containerd.confd
 8315a8d58b4ba7e19ebed2cd82c7b5eaab45da630f9818a9e6cc8f3c8e88f159432474299798f79e6e465e843c91c0f50df04030083c8913c385ea1d73e81e6a  containerd.initd
 dfb92fffeac35310956da6c6ad5f8c43eba3a5355ecbfabeec0f9c7445a08e309312b56b6855a17a471fd6012cc099d6abb39dc8bd26279112d0fe936624023d  config.toml
 "

kubezero/containerd/containerd.confd

@@ -26,7 +26,7 @@
 #log_owner=root:root
 
 # to override the default supervise_daemon_args
-#supervise_daemon_args=""
+supervise_daemon_args="-N 1"
 
 # log directory (defaults to current directory)
 #LOGPROXY_LOG_DIRECTORY=/var/log

kubezero/edk2/APKBUILD

@@ -6,14 +6,14 @@ pkgver=0.0.202308
 _realver=edk2-stable${pkgver##*.}
 _sslver=3.0.9
 _sfver=3e
-pkgrel=0
+pkgrel=2
 pkgdesc="EFI Development Kit II"
 url="https://github.com/tianocore/tianocore.github.io/wiki/EDK-II/"
 arch="x86_64 aarch64"
 license="BSD-2-Clause-Patent"
 makedepends="bash python3 iasl nasm util-linux-dev util-linux-misc"
 options="!archcheck !check" # has no checks
-subpackages="$pkgname-pyc"
+subpackages="$pkgname-pyc $pkgname-shell:_shell"
 _mipisyst_commit=370b5944c046bab043dd8b133727b2135af7747a
 source="$pkgname-$pkgver.tar.gz::https://github.com/tianocore/edk2/archive/$_realver.tar.gz
 	mipisyst-$_mipisyst_commit.tar.gz::https://github.com/MIPI-Alliance/public-mipi-sys-t/archive/$_mipisyst_commit.tar.gz
@@ -25,19 +25,20 @@ source="$pkgname-$pkgver.tar.gz::https://github.com/tianocore/edk2/archive/$_rea
 	"
 builddir="$srcdir/$pkgname-$_realver"
 
+PLATFORM="ShellPkg/ShellPkg.dsc"
 case "$CARCH" in
 	x86)
 		TARGET_ARCH=IA32
-		PLATFORM=OvmfPkg/OvmfPkgIa32X64.dsc
+		PLATFORM="$PLATFORM OvmfPkg/OvmfPkgIa32X64.dsc"
 		;;
 	x86_64)
 		TARGET_ARCH=X64
-		PLATFORM="OvmfPkg/OvmfPkgX64.dsc OvmfPkg/OvmfXen.dsc OvmfPkg/CloudHv/CloudHvX64.dsc"
-		subpackages="$subpackages ovmf:_ovmf:noarch ovmf-xen:_xen:noarch cloudhv:_cloudhv:noarch"
+		PLATFORM="$PLATFORM OvmfPkg/OvmfPkgX64.dsc OvmfPkg/OvmfXen.dsc"
+		subpackages="$subpackages ovmf:_ovmf:noarch ovmf-xen:_xen:noarch"
 		;;
 	aarch64)
 		TARGET_ARCH=AARCH64
-		PLATFORM=ArmVirtPkg/ArmVirtQemu.dsc
+		PLATFORM="$PLATFORM ArmVirtPkg/ArmVirtQemu.dsc"
 		subpackages="$subpackages aavmf::noarch"
 		;;
 esac
@@ -110,12 +111,28 @@ package() {
 	done
 }
 
+_shell() {
+	pkgdesc="EDK2 UEFI Shell"
+
+	# taken from arch
+	# minimal UEFI shell, as defined in ShellPkg/Application/Shell/Shell.inf
+	local _min='7C04A583-9E3E-4f1c-AD65-E05268D0B4D1'
+	# full UEFI shell, as defined in ShellPkg/ShellPkg.dsc
+	local _full='EA4BB293-2D7F-4456-A681-1F22F42CD0BC'
+
+	install -Dm644 "$builddir"/Build/Shell/"$RELEASE"_"$TOOLCHAIN"/$TARGET_ARCH/Shell_$_min.efi \
+		"$subpkgdir"/usr/share/edk2-shell/Shell.efi
+
+	install -Dm644 "$builddir"/Build/Shell/"$RELEASE"_"$TOOLCHAIN"/$TARGET_ARCH/Shell_$_full.efi \
+		"$subpkgdir"/usr/share/edk2-shell/ShellFull.efi
+}
+
 _ovmf() {
 	pkgdesc="Open Virtual Machine Firmware (OVMF) BIOS"
 	license="BSD MIT"
 
 	for fw in "$builddir"/Build/OvmfX64/"$RELEASE"_"$TOOLCHAIN"/FV/*.fd; do
-		install -D $fw "$subpkgdir"/usr/share/OVMF/${fw##*/}
+		install -Dm644 $fw "$subpkgdir"/usr/share/OVMF/${fw##*/}
 	done
 
 	# dont ship memfd for now to save space
@@ -129,16 +146,16 @@ _xen() {
 	pkgdesc="Open Virtual Machine Firmware (OVMF) - Xen build"
 	license="BSD MIT"
 
-	install -D "$builddir"/Build/OvmfXen/"$RELEASE"_"$TOOLCHAIN"/FV/OVMF.fd \
+	install -Dm644 "$builddir"/Build/OvmfXen/"$RELEASE"_"$TOOLCHAIN"/FV/OVMF.fd \
 		"$subpkgdir"/usr/lib/xen/boot/ovmf.bin
 }
 
 _cloudhv() {
-	pkgdesc="EDK2 EFI Firmware - Cloud-Hypervisor build"
-	license="BSD MIT"
+        pkgdesc="EDK2 EFI Firmware - Cloud-Hypervisor build"
+        license="BSD MIT"
 
-	install -D "$builddir"/Build/CloudHvX64/"$RELEASE"_"$TOOLCHAIN"/FV/CLOUDHV.fd \
-		"$subpkgdir"/usr/share/cloudhv/CLOUDHV.fd
+        install -Dm644 "$builddir"/Build/CloudHvX64/"$RELEASE"_"$TOOLCHAIN"/FV/CLOUDHV.fd \
+                "$subpkgdir"/usr/share/cloudhv/CLOUDHV.fd
 }
 
 aavmf() {
@@ -156,7 +173,7 @@ aavmf() {
 		bs=1M seek=64 count=0
 
 	for fw in "$builddir"/Build/*/"$RELEASE"_"$TOOLCHAIN"/FV/*.fd; do
-		install -D $fw "$subpkgdir"/usr/share/AAVMF/${fw##*/}
+		install -Dm644 $fw "$subpkgdir"/usr/share/AAVMF/${fw##*/}
 	done
 }
 

kubezero/falco/APKBUILD

@@ -1,7 +1,7 @@
 # Contributor: Stefan Reimer <stefan@zero-downtime.net>
 # Maintainer: Stefan Reimer <stefan@zero-downtime.net>
 pkgname=falco
-pkgver=0.39.1
+pkgver=0.39.2
 pkgrel=0
 pkgdesc="Falco is the open source solution for runtime security for hosts, containers, Kubernetes and the cloud"
 url="https://github.com/falcosecurity/falco"
@@ -48,6 +48,7 @@ build() {
     -DCMAKE_INSTALL_PREFIX=/usr \
     -DFALCO_ETC_DIR=/etc/falco \
     -DUSE_BUNDLED_DEPS=On \
+    -DUSE_JEMALLOC=On \
     -DMINIMAL_BUILD=On \
     -DUSE_DYNAMIC_LIBELF=Off \
     -DMUSL_OPTIMIZED_BUILD=On \
@@ -79,7 +80,7 @@ package() {
 }
 
 sha512sums="
-bb547691640fed21cc4976f469cf3813f888d9cc55e1a4631133c8cd9e6b1adce1d279dddfdf6b191442eeacd0e635a48d4ffa10913059f6117b5710e284899e  falco-0.39.1.tar.gz
+198405e9383625ca4d78822de7674c62863d15b3108ba5b06d4cf6ff20850f7eec9123fe7d98d049acc2931b98e4b09d7ef0d66136a31363ce59a64ad9e8eda0  falco-0.39.2.tar.gz
 b152fcf6cd81895efa37797ab7ff1aac7350b5f51f2648aa9e3cce9d5ece55791ddf82c396e9da216293e2379a785a294cc972f28a91162dc5bc88ab09e1ab08  falco.patch
 b6cf8bda946b71241b332d25bcde73e73159ae0993be4291c158e23e44f927b4432d53b9d6d730aee442c94ffc75e119b9f6467e94a0950a19a5f1369afb4e13  rules.patch
 9d1292a99bab7792bfe344940fa41ccf01318d5f30f854b01457e9f53ccca27f7f334466c061a11fbe8ebf918aeeb7f723b16a233c9e3bd60dd632d831ae9f5c  falco.initd

kubezero/fluent-bit/APKBUILD

@@ -1,12 +1,13 @@
 # Contributor: Stefan Reimer <stefan@zero-downtime.net>
 # Maintainer: Stefan Reimer <stefan@zero-downtime.net>
 pkgname=fluent-bit
-pkgver=3.1.9
+pkgver=3.1.10
 pkgrel=0
 pkgdesc="Fast and Lightweight Log processor and forwarder"
 url="https://fluentbit.io/"
-# riscv64: does not support bundled luajit
-arch="all !ppc64le !s390x !riscv64"
+# riscv64, loongarch64: does not support bundled luajit
+# arm: doesn't build
+arch="all !armhf !armv7 !ppc64le !s390x !riscv64 !loongarch64"
 license="Apache-2.0"
 makedepends="
 	bison
@@ -44,6 +45,7 @@ build() {
 	# default CORE_STACK_SIZE=((3 * PTHREAD_STACK_MIN) / 2)=3072 is invalid
 	# set default to 24576
 	# Disable stream processor due to issue see: https://github.com/fluent/fluent-bit/issues/2464
+
 	cmake -B build \
 		-DCMAKE_INSTALL_PREFIX=/usr \
 		-DCMAKE_INSTALL_LIBDIR=lib \
@@ -51,12 +53,21 @@ build() {
 		-DFLB_CORO_STACK_SIZE=24576 \
 		-DFLB_RELEASE=Yes \
 		-DFLB_DEBUG=Off \
+		-DFLB_SIMD=Yes \
 		-DFLB_SHARED_LIB=Off \
 		-DFLB_JEMALLOC=Yes \
-		-DFLB_IN_SYSTEMD=Off \
 		-DFLB_PROXY_GO=No \
-		-DFLB_TLS=Yes \
-		-DFLB_HTTP_SERVER=Yes \
+		-DFLB_PROFILES=No \
+		-DFLB_AWS=No \
+		-DFLB_SIGNV4=No \
+		-DFLB_FILTER_AWS=No \
+		-DFLB_OUT_S3=No \
+		-DFLB_OUT_CLOUDWATCH_LOGS=No \
+		-DFLB_OUT_KINESIS_FIREHOSE=No \
+		-DFLB_OUT_KINESIS_STREAMS=No \
+		-DFLB_OUT_BIGQUERY=No \
+		-DFLB_EXAMPLES=No \
+		-DCMAKE_VERBOSE_MAKEFILE:BOOL=ON \
 		 $CMAKE_CROSSOPTS .
 	make -C build
 		#-DCMAKE_FIND_LIBRARY_SUFFIXES=".a" \
@@ -65,15 +76,6 @@ build() {
 		#-DFLB_LUAJIT=Yes \
 		#-DFLB_FILTER_LUA=Off \
 		#-DFLB_TESTS_INTERNAL=Yes \
-		#-DFLB_AWS=No \
-		#-DFLB_SIGNV4=No \
-		#-DFLB_OUT_S3=No \
-		#-DFLB_OUT_CLOUDWATCH_LOGS=No \
-		#-DFLB_OUT_KINESIS_FIREHOSE=No \
-		#-DFLB_OUT_KINESIS_STREAMS=No \
-		#-DFLB_OUT_BIGQUERY=No \
-		#-DFLB_FILTER_AWS=No \
-		#-DCMAKE_VERBOSE_MAKEFILE:BOOL=ON \
 }
 
 check() {
@@ -101,7 +103,7 @@ package() {
 }
 
 sha512sums="
-fbf6a8c8b35cafb8fc2f95e5a52dee835c86af9f1bcded9edabca9586c41cf9c4ded776018dfecc0f96b7f7a68587f263fb19704c458f8606b6b1033a323034e  fluent-bit-3.1.9.tar.gz
+88f63cd81aced94a0081ddf6963d5f92be1744a6ac27b20ca8c1e690629bfdd6c56d4d2cb72976feebb2dff8fefc6aeac988deba9efb4ddcb87c18131399f5ac  fluent-bit-3.1.10.tar.gz
 8ba6c8e84dee90176f9b4375fb2c6444fa5d32fa601d9bcf3ea7960fec87f1ef664f175caf08bd0b052843e971efdbf08e2a5cd180ad9a8f23ff2c5cb233814f  fluent-bit.initd
 6bd7d8b4da93a17f29b6ea1e0286ea226d0e376024284741110936779b3229bd8d6cd03ffbdc5d3b4842294e7f32a888de0dd16b0851b65d91b062ca58530ea0  chunkio-static-lib-fts.patch
 aa1449f8f4599330e1a01c2837f22cb1d10ce5926d9cb92f92fb89939c7b6af3116d3339566709ad466ebf6e37a5b178e84619ec6a1608327241a0374992be81  exclude-luajit.patch

kubezero/openvpn-auth-oauth2/APKBUILD

@@ -1,7 +1,7 @@
 # Contributor: Stefan Reimer <stefan@zero-downtime.net>
 # Maintainer: Stefan Reimer <stefan@zero-downtime.net>
 pkgname=openvpn-auth-oauth2
-pkgver=1.22.0
+pkgver=1.22.4
 pkgrel=0
 pkgdesc="OpenVPN management client that handles the single sign-on (SSO) authentication against various OIDC providers"
 url="https://github.com/jkroepke/openvpn-auth-oauth2"
@@ -28,6 +28,6 @@ package() {
 }
 
 sha512sums="
-872b8a637a07c689d4c1699993b5173732714e8070b0e4253d126ef0caf667dd936c0f66bd90cfdd227c717a0c9d346bb11f7d26dbc8a1d377148807a8d4a05e  openvpn-auth-oauth2-1.22.0.tar.gz
+c5c8d85eab9859ac6e1c80a9a61b79236d64acf457053584d35beb40d4d56e6f4ad8b78a13d98bb6612b4f65371ac80cf0ce4216f18d3bc7b5b1dadc9425ced9  openvpn-auth-oauth2-1.22.4.tar.gz
 6dcaa021d495c4e7ddb3501e9ce11a09d7c286a6eda579cff75a2c6b6e12794ec35069941d81ce411209212cab6d0707cc0a00e99327be13b10acb23b83c6f35  openvpn-auth-oauth2.initd
 "

kubezero/openvpn3/APKBUILD

@@ -1,21 +1,21 @@
 # Contributor: Patrycja Rosa <alpine@ptrcnull.me>
 # Maintainer: Patrycja Rosa <alpine@ptrcnull.me>
 pkgname=openvpn3
-pkgver=3.8.5
+pkgver=3.10.4
 pkgrel=0
 pkgdesc="C++ class library that implements the functionality of an OpenVPN client"
 url="https://github.com/OpenVPN/openvpn3"
 arch="all !s390x" # broken tests due to endianness assumptions
 license="AGPL-3.0-only"
-depends_dev="lz4-dev asio-dev libcap-dev jsoncpp-dev xxhash-dev"
-makedepends="cmake samurai gtest-dev $depends_dev"
+makedepends="cmake samurai gtest-dev lz4-dev asio-dev libcap-dev jsoncpp-dev xxhash-dev"
 subpackages="$pkgname-dev"
 source="https://github.com/OpenVPN/openvpn3/archive/refs/tags/release/$pkgver/openvpn3-$pkgver.tar.gz
-	unvendor.patch
 	"
+	#unvendor.patch
 builddir="$srcdir/openvpn3-release-$pkgver"
 
 build() {
+  sh
 	cmake -G Ninja -B build \
 		-DCMAKE_INSTALL_PREFIX=/usr \
 		-DBUILD_SHARED_LIBS=False \
@@ -37,6 +37,5 @@ package() {
 }
 
 sha512sums="
-01e750267857d8ae23b4da4460a1e515ebbfadc17e0ff8ad0513368f51c0cf53fc5a41a92422f04812161be2b2b2f3fbc793a72150a8c902af201c2ee9028025  openvpn3-3.8.5.tar.gz
-8bd3e9c92734b75701f0845398e831086a8a6d1e7f595f3873e0b599604379a0f99f9764f9ba19a16eb6a63216875ae8607a50c8fc0145ddcf05934a2ba1fb91  unvendor.patch
+3309c7f7581fabc93615d118cb4dc7a4fd163bfd23910b021b2c3f350996f2d92c8745fb7de213a25277f165ac8b0dafd6aaf5104039ff76394e4c65b376de38  openvpn3-3.10.4.tar.gz
 "

kubezero/zdt-base/APKBUILD

@@ -1,13 +1,13 @@
 # Contributor: Stefan Reimer <stefan@zero-downtime.net>
 # Maintainer: Stefan Reimer <stefan@zero-downtime.net>
 pkgname=zdt-base
-pkgver=0.3.20
+pkgver=0.3.21
 pkgrel=0
 pkgdesc="ZeroDownTime Alpine additions and customizations"
 url="https://git.zero-downtime.net/ZeroDownTime/alpine-overlay/src/branch/master/kubezero/zdt-base"
 arch="noarch"
 license="AGPL-3.0"
-depends="logrotate syslog-ng neofetch monit file tiny-cloud dhcpcd"
+depends="logrotate syslog-ng fastfetch monit file tiny-cloud dhcpcd starship"
 options="!check"
 subpackages="$pkgname-openrc $pkgname-aws $pkgname-nocloud"
 install="$pkgname.post-install"
@@ -27,14 +27,17 @@ source="
         cloudbender.stop
         cloudbender.start
         dhcpcd-mtu.hook
-        monitrc
+        monitd.conf
         monit_alert.sh.aws
-        neofetch.conf
+        fastfetch.jsonc
         zdt-ascii.txt
         route53.py
         get_iam_sshkeys.py
         uniq_hostname.py
         write_parameters.py
+        zdt-profile.sh
+        starship.toml
+        aws-certbot.sh
         "
 
 build() {
@@ -62,24 +65,27 @@ package() {
   install -Dm755 "$srcdir/cloudbender.start" "$pkgdir/etc/local.d/cloudbender.start"
   install -Dm755 "$srcdir/cloudbender.stop" "$pkgdir/etc/local.d/cloudbender.stop"
 
-
-  # syslog-ng configs, json all into messages
-  install -Dm644 "$srcdir"/syslog-ng.conf "$pkgdir"/lib/zdt/syslog-ng.conf
-  install -Dm644 "$srcdir"/syslog-ng.logrotate.conf "$pkgdir"/lib/zdt/syslog-ng.logrotate.conf
-  install -Dm644 "$srcdir"/syslog-ng.apparmor "$pkgdir"/lib/zdt/syslog-ng.apparmor
+  # syslog-ng configs, json all into messages - installed via postinstall
+  install -Dm644 "$srcdir"/syslog-ng.conf "$pkgdir"/usr/lib/zdt/syslog-ng.conf
+  install -Dm644 "$srcdir"/syslog-ng.logrotate.conf "$pkgdir"/usr/lib/zdt/syslog-ng.logrotate.conf
+  install -Dm644 "$srcdir"/syslog-ng.apparmor "$pkgdir"/usr/lib/zdt/syslog-ng.apparmor
 
   # monit
   mkdir -p "$pkgdir"/etc/monit.d
-  install -Dm600 "$srcdir"/monitrc "$pkgdir"/etc/monitrc.zdt
+  install -Dm644 "$srcdir"/monitd.conf "$pkgdir"/etc/monit.d/zdt-base.conf
 
   # ps_mem
   install -Dm755 "$srcdir"/ps_mem.py "$pkgdir"/usr/sbin/ps_mem
 
-  # Neofetch
-  install -Dm644 "$srcdir"/neofetch.conf "$pkgdir"/etc/neofetch.conf
-  install -Dm644 "$srcdir"/zdt-ascii.txt "$pkgdir"/etc/neofetch-logo.txt
-  mkdir -p "$pkgdir"/etc/profile.d
-  echo '[ -n "$SSH_TTY" -a "$SHLVL" -eq 1 ] && neofetch --config /etc/neofetch.conf' > "$pkgdir"/etc/profile.d/motd.sh
+  # fastfetch
+  install -Dm644 "$srcdir"/fastfetch.jsonc "$pkgdir"/etc/fastfetch.jsonc
+  install -Dm644 "$srcdir"/zdt-ascii.txt "$pkgdir"/etc/zdt-ascii.txt
+
+  # starship
+  install -Dm644 "$srcdir"/starship.toml "$pkgdir"/etc/starship.toml
+
+  # zdt shell profile
+  install -Dm644 "$srcdir"/zdt-profile.sh "$pkgdir"/etc/profile.d/zdt-base.sh
 }
 
 aws() {
@@ -93,6 +99,7 @@ aws() {
   install -Dm755 "$srcdir"/uniq_hostname.py "$subpkgdir"/usr/sbin/uniq_hostname.py
   install -Dm755 "$srcdir"/get_iam_sshkeys.py "$subpkgdir"/usr/sbin/get_iam_sshkeys.py
   install -Dm755 "$srcdir"/write_parameters.py "$subpkgdir"/usr/sbin/write_parameters.py
+  install -Dm755 "$srcdir"/aws-certbot.sh "$pkgdir"/usr/sbin/aws-certbot.sh
 
   # Cloudbender SNS integration
   install -Dm755 "$srcdir"/monit_alert.sh.aws "$pkgdir"/usr/bin/monit_alert.sh
@@ -106,8 +113,8 @@ nocloud() {
 }
 
 sha512sums="
-4fc38f503ca4e89a39457c07d4c845419a1f54c8989bc97f6b824c277df1369c186f454264d73dfd43bee5642f800fc763f5e57f83149324df126f2b1a2e8c7e  common.sh
-cf8b75a81bb35e853761d21b15b5b109f15350c54daaf66d2912541a20f758c3ca237d58932e5608d2d3867fe15a07ebd694fd1c313a8290d15afc2b27a575dd  boot.sh
+d1656d36d48b58102e3b1aee581801c8c94aa7a52a5a441bd44a59ed09e8c041eb8fa44b1fd5b6bde758c72826bbe563ecbfbac078a27840b88920c6eaf27fd7  common.sh
+d494e3b65de86a49f84a6c5adf4a9425ab3f7dfa87719954f45e2e3883cf82a27e2c4a88038a69bbdf1568aa1b519f5bcdd5fdc7d5f783abe0883b0a301c7f81  boot.sh
 eb7d5b6f92f500dbaba04a915cdd8d66e90456ca86bed86b3a9243f0c25577a9aa42c2ba28c3cad9dda6e6f2d14363411d78eff35656c7c60a6a8646f43dcba5  cloudbender-early.init
 cac71c605324ad8e60b72f54b8c39ee0924205fcd1f072af9df92b0e8216bcde887ffec677eb2f0eacce3df430f31d5b5609e997d85f14389ee099fbde3c478f  cloudbender.init
 f4f1b1f67e6b368f61482f4dfcc48a32ccf75cf12349f82680b93f572534bef97ed1b4c0273e4e57fe89289f4383b15c2dafb39ae20416fc6dab96e92b8d678d  cloud-aws.sh
@@ -120,12 +127,15 @@ e86eed7dd2f4507b04050b869927b471e8de26bc7d97e7064850478323380a0580a92de302509901
 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e  cloudbender.stop
 f106f3e9befdeaad6beef4bada0c774eb7745568b8d29eb86970ac9ea73d1aaac080676d399a11d462973d10e1aef08125bf78d7a362db47a53a2ba06df7d9b4  cloudbender.start
 f8c052c7ec12c71937c7b8bc05d8374c588f345e303b30eda9c8612dff8f8f34a87a433648a3e9b85b278196ece198533b29680a303ff6478171d43f8e095189  dhcpcd-mtu.hook
-e00a8f296c76446fe1241bf804c0108f47a2676f377a413ee9fede0943362a6582cad30fe13edd93f3d0daab0e2d7696553fb9458dca62adc05572dce339021a  monitrc
+d3ebf236391bd7ae4f0a8674135e0f86e868d1c48161f5ca6485bf58eccb8132308123194691cb60e3b3987835a13295a9501c04d9052f10dca69459b67c289a  monitd.conf
 c955dabe692c0a4a2fa2b09ab9096f6b14e83064b34ae8d22697096daf6551f00b590d837787d66ea1d0030a7cc30bef583cc4c936c980465663e73aec5fa2dc  monit_alert.sh.aws
-2c02a1d454881dd7197548286c6cf24c1453dd9d726f3e5445703c12414853b0e12205e5b6a0c3ae09b76097d2bdfcfd6e1bc9a122dd9f66c6d6d03ab41f748a  neofetch.conf
-532b8e2eb04942ab20bdc36b5dea1c60239fcbfcb85706123f3e05c18d65c938b85e9072d964ae5793177625a8db47b532db1f5bd5ed5ecbb70d5a331666ff54  zdt-ascii.txt
+30610b53264e31dd55394bbf581f32720b91c53d845315ac9d86efe14e320121c87cd8d2d40bd114372b0ae0e448dcd8f9b020cc51b675225076d4cde5563b06  fastfetch.jsonc
+9e34401b682454821ec91d44c4b31a5c2fcb14140ca2ec52eed9bf85edbd3fef4915b2ac30f97a61133c12e2814cfc99d7f4125d6c0d256e6602d868549033b6  zdt-ascii.txt
 816049360aa442f9e9aa4d6525795913cfe3dc7c6c14dc4ccad59c0880500f9d42f198edc442fe036bc84ba2690d9c5bc8ae622341d8276b3f14947db6b879b1  route53.py
 7da28446762a36a6737c5b30becbce78775bd943b4d0c5ef938a50f49b4f51f66708434aa79004c19d16c56c83f54c8d6d68e1502ebc250c73f8aae12bed83c0  get_iam_sshkeys.py
 ae1941fc45e61fa8d211f5ef7eff2dd01510a6d364c4302cab267812321a10e7434ecc8d8c9263d8671ce5604d04d6531601bf42886a55fb6aec7f321651e1dc  uniq_hostname.py
 ee4264337d86ad99ba6cf9ec3017986c804ac208c0beb5fc8651345bd277bb6de03e7c3a8c1b751767647be48f9d45ac47a7d14cf040d9c827780984394e826d  write_parameters.py
+72b7120a5b7e928b6c351fa6b9fb9bc1697a61922d080d58e1aa5c6f680c54ce55de8375a5992cf66921b3a7be741ebc09746fcf41ab7de8d36c48922315701e  zdt-profile.sh
+459f4957b10e6be8f9af04394f7bc1bd51364e629b687050607f7f4a8d60d92e90903ad7ef89ffed472f77506049ec7e163338a1b25ca6a65c6f1599cc13cfcf  starship.toml
+58d431dc4342997712fbf5c2092e51e9ef474372ca6a4dd1a4c53ce25333c4a406ef3549a120ef0c6ead1a5965574e8d2df7983621ebdbb4d8a3e2d3e8233738  aws-certbot.sh
 "

kubezero/zdt-base/aws-certbot.sh

@@ -0,0 +1,50 @@
+#!/bin/bash
+set -x
+# Certbot wrapper with S3 persistence support
+
+CERTBOT_CERTNAME=$1
+CERTBOT_EMAIL=$2
+CERTBOT_DOMAIN=$3
+CERTBOT_BACKEND=$4
+
+LETSENCRYPT_PATH=/etc/letsencrypt
+
+if [ -z "$CERTBOT_BACKEND" -o -z "$CERTBOT_EMAIL" -o -z "$CERTBOT_DOMAIN" -o -z "$CERTBOT_CERTNAME" ]; then
+  echo "CertbotBackend, CertbotEmail,Certbot_CertName or CertbotDomain are missing!"
+  exit 1
+fi
+
+function sync_to_s3 {
+    local links="$LETSENCRYPT_PATH/links.txt"
+    local expr=$(sed 's@\/@\\\/@g' <<< "'$LETSENCRYPT_PATH/")
+
+    find /etc/letsencrypt/ -type l | xargs -I% sh -c "echo -n \'; readlink -fn %; echo \"' '%'\"" | sed -e "s/$expr/'/g" > "$links"
+
+    aws s3 --no-follow-symlinks sync "$LETSENCRYPT_PATH" "$CERTBOT_BACKEND"
+}
+
+function sync_from_s3 {
+    local s3location=$CERTBOT_BACKEND
+    local links="$LETSENCRYPT_PATH/links.txt"
+    local currDir=$(pwd)
+
+    aws s3 sync "$s3location" "$LETSENCRYPT_PATH"
+
+    if [ -f $links ]; then
+      cd "$LETSENCRYPT_PATH"
+      xargs -I% sh -c "ln -f -s $LETSENCRYPT_PATH/%" < "$links"
+      cd "$currDir"
+    fi
+}
+
+
+sync_from_s3
+
+certbot certonly \
+  --non-interactive \
+  --dns-route53 \
+  --agree-tos \
+  --email $CERTBOT_EMAIL \
+  --domain $CERTBOT_DOMAIN \
+  --cert-name $CERTBOT_CERTNAME && \
+  sync_to_s3

kubezero/zdt-base/boot.sh

@@ -2,7 +2,7 @@
 # We have no metadata nor instance parameters yet!
 
 # We built on top of tiny-cloud
-. /lib/tiny-cloud/common
+. /usr/lib/tiny-cloud/common
 
 # archive orig /var, mount new var on top and restore orig var
 copy_and_mount() {

kubezero/zdt-base/common.sh

@@ -1,5 +1,5 @@
 # We built on top of tiny-cloud
-. /lib/tiny-cloud/common
+. /usr/lib/tiny-cloud/common
 . /usr/lib/cloudbender/cloud/"$CLOUD".sh
 
 # boolean flags

kubezero/zdt-base/fastfetch.jsonc

@@ -0,0 +1,49 @@
+{
+  "$schema": "https://github.com/fastfetch-cli/fastfetch/raw/dev/doc/json_schema.json",
+  "display": {
+    "size": {
+      "maxPrefix": "MB",
+      "ndigits": 0
+    }
+  },
+  "logo": {
+    "source": "/etc/zdt-ascii.txt",
+    "type": "file",
+    "color": {
+      "1": "38;2;32;120;108"
+    }
+  },
+  "modules": [
+    "break",
+    {
+      "type": "custom",
+      "format": "{#2}Welcome to Alpine - ZeroDownTime edition"
+    },
+    {
+      "type": "custom",
+      "format": "-> {#3}https://kubezero.com/releases/v1.31"
+    },
+    "break",
+    "title",
+    "separator",
+    "os",
+    "host",
+    {
+      "type": "kernel",
+      "format": "{release}"
+    },
+    "uptime",
+    "cpu",
+    {
+      "type": "gpu",
+      "key": "GPU"
+    },
+    {
+      "type": "memory",
+      "format": "{} / {}"
+    },
+    "swap",
+    "disk",
+    "localIP"
+  ]
+}

kubezero/zdt-base/monitd.conf

@@ -0,0 +1,6 @@
+# Basic rootfs check
+# >80%: emergency logrotate
+# >90%: warning
+check filesystem rootfs with path /
+    if space usage > 80% then exec "/etc/periodic/daily/logrotate"
+    if space usage > 90% then exec "/usr/bin/monit_alert.sh warning"

kubezero/zdt-base/monitrc

@@ -1,19 +0,0 @@
-set daemon 30
-# add `for 2 cycles` might be better than this intial block
-#    with start delay 120
-
-set log syslog
-
-set httpd port 2812 and
-    use address localhost
-    allow localhost
-    allow admin:localmonit
-
-# Basic rootfs check
-# >80%: emergency logrotate
-# >90%: warning
-check filesystem rootfs with path /
-    if space usage > 80% then exec "/etc/periodic/hourly/logrotate"
-    if space usage > 90% then exec "/usr/bin/monit_alert.sh warning"
-
-include /etc/monit.d/*.conf

kubezero/zdt-base/zdt-ascii.txt

@@ -1,12 +1,12 @@
-\x1b[38;2;32;120;108m                   ..
-                ox@@@@@x                    
-            -x@@@@@@@@@@@@x-                
-        .x@@@x-          -x@@@x.            
-     ox@@@@x  ox@@@@@@@@x-  x@@@@xo         
-   @@@@@@@@  x@@@@@@@@@@@@x  @@@@@@@@o      
- o    @@@@@x  -x@@@@@@@@x-  x@@@@@    o     
- @@@x-    @@@x-          -x@@@o   .x@@@. 
- @@@@@@@x.   x@@@@@@@@@@@@@    o@@@@@@@. 
+                   ..
+                ox@@@@@x
+            -x@@@@@@@@@@@@x-
+        .x@@@x-          -x@@@x.
+     ox@@@@x  ox@@@@@@@@x-  x@@@@xo
+   @@@@@@@@  x@@@@@@@@@@@@x  @@@@@@@@o
+ o    @@@@@x  -x@@@@@@@@x-  x@@@@@    o
+ @@@x-    @@@x-          -x@@@o   .x@@@.
+ @@@@@@@x.   x@@@@@@@@@@@@@    o@@@@@@@.
  @@@@@@@@@@xo    @@@@@@    -x@@@@@xx@@@.
  @@@@@@@@@@@@@@x-      .x@@@@@x-   -@@@.
  @@@@@@@@  @@@@@@@@  x@@@@@x   ox  x@@@.
@@ -14,8 +14,8 @@
  @@@@x  @  @@@@@@@@  @@@x  .-o    .x@@@.
  @@@@@x    @xoo@@@@  @@@@xx  .xxx  -@@@.
  @@@@@@@       @@@@  @@@@@  x@xo   x@@@.
-  @@@@@@@. -x@@@@@@  @@@@  x.  -x@@@@@  
-     .@@@@@@@@@@@@@  @@@x  .x@@@@@x     
-         x@@@@@@@@@  @@@@x@@@@@         
-             @@@@@@  @@@@@@.            
-                o@@  @@x                
+  @@@@@@@. -x@@@@@@  @@@@  x.  -x@@@@@
+     .@@@@@@@@@@@@@  @@@x  .x@@@@@x
+         x@@@@@@@@@  @@@@x@@@@@
+             @@@@@@  @@@@@@.
+                o@@  @@x

kubezero/zdt-base/zdt-base.post-install

@@ -1,6 +1,16 @@
 #!/bin/sh
 
-. /lib/tiny-cloud/common
+# usage: add_once <file> <line-to-add>...
+add_once() {
+	local file="$1"
+	shift
+	for line; do
+		if ! grep -x -F "$line" "$file" 2>/dev/null; then
+			mkdir -p "${file%/*}"
+			printf "%s\n" "$line" >> "$file"
+		fi
+	done
+}
 
 # Enable SSH keepalive
 sed -i -e 's/^[\s#]*TCPKeepAlive\s.*/TCPKeepAlive yes/' -e 's/^[\s#]*ClientAliveInterval\s.*/ClientAliveInterval 60/' /etc/ssh/sshd_config
@@ -20,25 +30,18 @@ sed -i -e 's/^[\s#]*FAST_STARTUP=.*/FAST_STARTUP=yes/' /etc/conf.d/chronyd
 #echo 'enable parallel openRC'
 
 # Setup syslog-ng json logging and apparmor tweaks
-cp /lib/zdt/syslog-ng.conf /etc/syslog-ng/syslog-ng.conf
-cp /lib/zdt/syslog-ng.logrotate.conf /etc/logrotate.d/syslog-ng
-cp /lib/zdt/syslog-ng.apparmor /etc/apparmor.d/local/sbin.syslog-ng
-
-[ -f /etc/periodic/daily/logrotate ] && mv /etc/periodic/daily/logrotate /etc/periodic/hourly/
-echo 'syslog-ng: all to /var/log/messages as json, rotate hourly'
+cp /usr/lib/zdt/syslog-ng.conf /etc/syslog-ng/syslog-ng.conf
+cp /usr/lib/zdt/syslog-ng.logrotate.conf /etc/logrotate.d/syslog-ng
+cp /usr/lib/zdt/syslog-ng.apparmor /etc/apparmor.d/local/sbin.syslog-ng
+echo 'syslog-ng: all to /var/log/messages as json'
 
 # use init to spawn monit
-add_once /etc/inittab ":2345:respawn:/usr/bin/monit -Ic /etc/monitrc.zdt" >/dev/null
-echo 'Enable monit via inittab'
+add_once /etc/inittab ":2345:respawn:/usr/bin/monit -I" >/dev/null
+add_once /etc/monitrc "include /etc/monit.d/*.conf" >/dev/null
+echo 'enabled monit via inittab'
 
-# QoL - color prompt even for doas bash
-[ -f /etc/profile.d/color_prompt.sh.disabled ] && mv /etc/profile.d/color_prompt.sh.disabled /etc/profile.d/color_prompt.sh
-ln -sf /etc/profile.d/color_prompt.sh /etc/bash/color_prompt.sh
+# QoL - make bash default shell for root too
+sed -i -e '/root/ s#\:[^\:]*$#\:/bin/bash#g' /etc/passwd
 
-cat <<EOF > /etc/profile.d/zdt-alias.sh
-alias rs='doas bash'
-alias sudo='doas'
-alias cu='doas cat /var/log/user-data.log'
-alias cl="doas cat /var/log/messages | jq -r '\"\(.time): \(.message)\"'"
-alias tl="doas tail -f /var/log/messages | jq -r '\"\(.time): \(.message)\"'"
-EOF
+add_once /etc/bash/bashrc "export STARSHIP_CONFIG=/etc/starship.toml" >/dev/null
+add_once /etc/bash/bashrc 'eval -- "$(/usr/bin/starship init bash --print-full-init)"' >/dev/null

kubezero/zdt-base/zdt-profile.sh

@@ -0,0 +1,11 @@
+# fastfetch for first login shell
+[ -n "$SSH_TTY" -a "$SHLVL" -eq 1 ] && fastfetch -c /etc/fastfetch.jsonc
+
+# default aliases
+alias rs='doas bash'
+alias sudo='doas'
+alias monit_status='monit status -c /etc/monitrc.zdt'
+
+alias cu='doas cat /var/log/user-data.log'
+alias cl="doas cat /var/log/messages | jq -r '\"\(.time): \(.message)\"'"
+#alias tl="doas tail -f /var/log/messages | jq -r '\"\(.time): \(.message)\"'"