#cloud-config

users:
  - name: conjure-station
    ssh_authorized_keys:
      - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFO8fDGmKdJylCGqkcRC7lfEFzCWdfTppMFfQ2F2mLzT
    sudo: ['ALL=(ALL) NOPASSWD:ALL']
    groups: sudo
    shell: /bin/bash

apt:
  sources:
    source1:
      source: 'deb https://packages.ntop.org/apt-stable/22.04/ x64/'
      filename: 'ntop-stable.list'
    source2:
      source: 'deb https://packages.ntop.org/apt-stable/22.04/ all/'
      filename: 'ntop-stable.list'
      key: |
        -----BEGIN PGP PUBLIC KEY BLOCK-----
        Version: Hockeypuck 2.1.0-166-geb2a11b

        xsFNBGLeYh8BEAC/5cUZBfZbBMUGsg+ij2oWJrVQz3XaVyugiV5SJAXrZdQliJel
        4sxtIz5AEN00w9GY9sigUTZrlVzeLP7BlJ6WZFPDDDaeJ6LkFpXTObrpCi2Qp4lL
        xI6D+X/o5nD8ytg4gagIXaLAYUHJzLpbVA1kAYnMLYoJoZ49rCfsDVYaVR57WRpV
        FcmyReT3F1mw1cLq9Zjecy74DUlG66nsoUZwl4DEdFXgut5ygDiJMZllSGNazgfY
        qlLpRT+nZSFLf+YjQm9vjDqHfKQvgXheYaZiJNHZXGV+r9+9o9/6mwdNhG/5+WS1
        N2UhPhjOxS23QHjFggK0SSKPJMz5klMJeV0crcCp/EWJ8KnW8Sw5OsPPxpfqU5yt
        SNMOTcScPE1W11iXKt6XBVUMU3qsaQ2UviP2nZn6gLEqz8D8FWAoxLjDWl3+BzSy
        4ZLVzWJb4ew3HnTyrt2/EE83GLEc5CkaL3DpxVTY7xgeRK3KrALVWsGUs3lDpbT9
        aGTCgN9jJ5xQNMXUlIJ44NqlpelxZ9QreWL3lVkeFOhzo6o4LDq/LdCWs22tbjvC
        eYU9xIeWiRxBoynqRHfaa+vH5mDcp0115GMXLNBOvwuWLhvWKJedOGzltg2yAGiz
        dV6n5brxHr6ZhPUYiCiEyr36hrE5Mhpo4TQ2uBeVJj5V0qidEo6BMyKPAwARAQAB
        zRlMdWNhIERlcmkgPGRlcmlAbnRvcC5vcmc+wsGOBBMBCAA4FiEEjgcjHwV1f1b+
        zjl3PYTJVZJPdZkFAmLeYh8CGwMFCwkIBwIGFQgJCgsCBBYCAwECHgECF4AACgkQ
        PYTJVZJPdZnNaRAAkZbwEKSLafYllciRZc1/I1QW8fsFZQRD8v1lpJQl4lE2twzE
        iOlOChTCP9vut9ZdNLE2CAfRGxuYFQb7oPa9mcIdu4+ZGZa5SDXunqKFSJZhUlIs
        maovJs8DIKsFweAAzgaKl8lW6PGtQp7fbe2ulKYKtHXiAEUh0EI7B27mqlnIwLp6
        ciaFNGUP4grUSo0+d6HKT4ieyXuDO89G2bYUmwEbG+uZKwDOKlo6FmOElaPx0rhC
        mMmMAXlXjr3ieQYPq8/XK0jPAtGbwI8bkYsUo9q8yGQnYpc4dm8JOBZj4ZTUCvCD
        DvV4j4TZpqFREz02OdJrwsjmjn83ZUGpfpysdwSOlBPS/Xf2I4no5ia3f+v+56Z/
        2/gylq0SZDbde48YomIzlG4CzyZzSzthtr1rSL7/c1LyrPBWroAjeHnWkkgjLUxi
        Z53DriVPKkc/GvnVDeRk/a31CvrYez5O1jJx43YfJt4Rcp0w0kSeR9seS9y6KgAs
        Q0C5TS+DMSqzpSYfk2qMJWRKzmafCk671GwosOMRmSqb79ix3o5+MUqqq/qzOamt
        lYOIdV41S5f4Ll9K3F6B5Z0VpLi0ygYgB9OutXfXBvL4CrfRX3sjk1m0F2KB2Spl
        Sy+TQLTS8U1A/9cZ4NzdiEslDc26TUYa372ktCIKRQHcEt4V8hgIVj/SnHnOwU0E
        Yt5iHwEQALnjmYZ4gSREtAwT/A8x8oyJOWeCsabHBYCNTvBO6P6BRtuVnYlfK7Pn
        5ivDQ25jIcTrR8c2INEF/f2YoxAVZS4AKlZKm0fACrlKwajR1QnOkuu0gMjsf4i3
        UyhEcr3mbYxuwjt+Pnuc4uNPVArPfqOIZjv9OYk69T4bnho5NBNugQzx2AObNH8A
        M+gVKz/LaRbT2lpiHu/5ddxQEdLzWyLIZwApU3LVQ1Tsoe7ZigSy1u+oxrvXEnU2
        /I9iGwmJ5bVkGyabS1k4uRco3WrwE9Rf7tfvfYs1eXA3QsI7t9NZz64MX7KUBXuI
        BA00T6OsWiY6ByOavxAOJuIiilLeF4K3retZxmGr0I3lhvpTQNuAb6PduZqT+oxV
        VJD3WkV/vnWoxdSHviTy+91bnIarrUtYRb6YtdZgsCiH2jGIfQKSm+Xx9AxOtitz
        uGvr7G3ft/ogXhHpJDVuvzuTrrM0ycTLyRgYRSpbVMnb3YvGpS46C8eUodZLaQmc
        LxhOpavHSG0AtRihLN/v2FCz9O9rG9qz74cAWcl77+ZWMI4mKtHIaWfhWygD0oDv
        j1wzXxdTGps7c24UwSWN5pTqnRXRn3DSaknysakKN9L9uWYMMyJFbtZmP8C2AcO9
        XudUI9CRaaMMLQwFhlRcqAHnhUP3Kf0vCVHivrnsD43Ny4yNJnZ1ABEBAAHCwXYE
        GAEIACAWIQSOByMfBXV/Vv7OOXc9hMlVkk91mQUCYt5iHwIbDAAKCRA9hMlVkk91
        mTaED/41s93HU/DwTy3byJZ1i3QyFiBfcCFpRWG/6aT/jM6ab/I8dJgfqfO0Wxqy
        1LTVdUR7onZ9FWoiU+O3h0C4oFWbVFFLd0jD13JgIAEtcjbkyKBj4eESxb/03/j5
        JswCxLYi5oDIcZPlhqgh7rgL7yQwVvoizCtFt6VMu8L+rfYDr+ujjq6oPXVBmD1d
        VEzIXwwdyyQperAQmgkXCHfDpBz8wT2C4Chx8MF0eRjFjrnjbv4GAbT3ETr7APgm
        X+0guadiLv0eq13qwTpYGfZoGkzFIo6S78SuK1QdqXbPb0Hb7ASkQxlpP3Q1EMrT
        ijz2q4R7xEtaNb4+Z9zu/Coy7UFHcitAV2LQXPbWJ1065/ritXegvAOozgckvMrX
        uEBfM3weC/1ap4YnBKKQaK9oiyvHBjwv+lz8RMMudjdFi220Znjc4raLmfiKhKKq
        01sueH8N5wjuF4wRfnHefyHNtxBJnBnyt6isRfIdmPXL5OAIGQNYaFhfe4hQeLkf
        +lgjZUPypcBwJfzSa1/tDFIqUH+P9e1gbBeVEDqBXfaPzDRW01EDOr0de01/33QM
        L5X9Vy1i0u3A2EM0v0WLOdpUpNhsTNguAa861Ljc7yPH9sJ28PZTS7nXX5+jKxtP
        b+pX8pKp4acetyZ06SeG0Ywrbs7uaYq4/RAmhE06Z8jylDPh0w==
        =Hie3
        -----END PGP PUBLIC KEY BLOCK-----


packages:
  - wget
  - git
  - make
  - gcc
  - bison
  - flex
  - protobuf-compiler
  - curl
  - libssl-dev
  - pkg-config
  - libgmp3-dev
  - libzmq3-dev
  - software-properties-common
  - redis-server
  - pfring

# Scripts
write_files:
    # Install golang
  - content: |
      #!/bin/bash
      cd /tmp/
      curl -sSf "https://dl.google.com/go/$(curl https://go.dev/VERSION?m=text | head -n1).linux-amd64.tar.gz" | tar xzf - -C /usr/bin/ > go.out 2> go.err
    path: /var/lib/cloud/scripts/per-instance/00-install-golang
    permissions: '0755'
  # Install rust
  - content: |
      #!/bin/bash
      mkdir /opt/rust
      export RUSTUP_HOME=/opt/rust
      export CARGO_HOME=/opt/rust
      curl https://sh.rustup.rs -sSf | sh -s -- -y --no-modify-path
    path: /var/lib/cloud/scripts/per-instance/00-install-rust
    permissions: '0755'
  # Configure the pfring kernel module for tap interface
  - content: |
      #!/bin/bash
      echo -e "y\nn" | sudo pf_ringcfg --configure-driver e1000e --rss-queues 1 || exit 0
    path: /var/lib/cloud/scripts/per-instance/01-pfring-configure
    permissions: '0755'
  # Install conjure station
  - content: |
      #!/bin/bash
      cd /opt/conjure
      export RUSTUP_HOME=/opt/rust
      export CARGO_HOME=/opt/rust
      export HOME=/root
      source /opt/rust/env
      rustup install stable
      rustup default stable
      make > make.out 2> make.err
    path: /var/lib/cloud/scripts/per-instance/02-install-conjure
    permissions: '0755'
  # Enable systemd services
  - content: |
      #!/bin/bash
      systemctl enable conjure-det
      systemctl enable conjure-app
      systemctl enable conjure-registration-api
      echo "200 custom" >> /etc/iproute2/rt_tables
      export CJ_PATH=/opt/conjure
      bash /opt/conjure/on-reboot.sh # Note: this is run twice on first boot
      systemctl start conjure-det
      systemctl start conjure-app
      systemctl start conjure-registration-api
    path: /var/lib/cloud/scripts/per-instance/03-enable-services
    permissions: '0755'
  # Mount the conjure station repository from the host
  - content: |
      #!/bin/bash
      mkdir /opt/conjure
      sudo mount -t virtiofs repo /opt/conjure
    path: /var/lib/cloud/scripts/per-boot/00-mount-repo
    permissions: '0755'
  # Set up networking for conjure detector
  - content: |
      #!/bin/bash
      export CJ_PATH=/opt/conjure
      bash /opt/conjure/on-reboot.sh
      systemctl start conjure-det || exit 0 # Note: this will fail the first boot
      systemctl start conjure-app
      systemctl start conjure-registration-api
    path: /var/lib/cloud/scripts/per-boot/01-detector-network
    permissions: '0755'

# Conjure config and service files
  - content: |
      # Conjure environment variables
    path: /etc/conjure/conjure.conf
    permissions: '0644'
  - content: |
      # Conjure environment variables
    path: /etc/conjure/application.toml
    permissions: '0644'
  - content: |
      # Conjure environment variables
    path: /etc/conjure/registration-api.toml
    permissions: '0644'
  - content: |
      # Conjure detector service file
      [Unit]
      Description=Conjure Detector

      [Service]
      Type=simple
      WorkingDirectory=/opt/conjure/
      SyslogIdentifier=conjure
      EnvironmentFile=/opt/conjure/sysconfig/conjure.conf
      ExecStartPre=/bin/sleep 10
      ExecStart=/opt/conjure/bin/conjure -c ${CJ_CLUSTER_ID} -o ${CJ_COREBASE} -l ${CJ_LOG_INTERVAL} -K ${CJ_PRIVKEY} -i ${CJ_IFACE}
      TimeoutStopSec=10

      [Install]
      WantedBy=multi-user.target
    path: /etc/systemd/system/conjure-det.service
    permissions: '0644'
  - content: |
      # Conjure application service file
      [Unit]
      Description=Conjure Application
      After=conjure-detector.service

      [Service]
      Type=simple
      WorkingDirectory=/opt/conjure/
      SyslogIdentifier=conjure
      EnvironmentFile=/opt/conjure/sysconfig/conjure.conf
      ExecStartPre=/bin/sleep 10
      ExecStart=/opt/conjure/bin/application
      TimeoutStopSec=10

      [Install]
      WantedBy=multi-user.target
    path: /etc/systemd/system/conjure-app.service
    permissions: '0644'
  - content: |
      # Conjure registration api service file
      [Unit]
      Description=Conjure Registration API

      [Service]
      Type=simple
      WorkingDirectory=/opt/conjure/
      SyslogIdentifier=conjure
      EnvironmentFile=/opt/conjure/sysconfig/conjure.conf
      ExecStart=/opt/conjure/bin/registration-server
      TimeoutStopSec=10

      [Install]
      WantedBy=multi-user.target
    path: /etc/systemd/system/conjure-registration-api.service
    permissions: '0644'
