preview of configNow

[izzyb <izzyb@xxxxxxxxxxxxxxx>]

I've been working on a new account configuration system for IRCNOW in 
perl.  It's not quite ready for use, but I have the basic proof of 
concept working.  The main goals of this project are to make user 
management easier with built in backups and quick recovery from bad 
configuration changes.  It's broken into three phases; Config, Staging, 
and Deployment.  Config is done on a per account bases and generates an 
account specific repo of config snippets.  Staging combines the account 
repos and merges all the snippets into a new system config that is also 
tracked in its own git repo.  Finally, committed changes are deployed to 
the system(s)  and services restarted as needed.

I'm developing it for the shell account server on user.planetofnix.com 
and intend to extend it to cover all account configuration.  It will 
eventually be the backend used by botnow and hopefully other account 
manipulation tools we create.  You can find the repo here:

https://got.ircnow.org/cgi-bin/gotweb/gotweb?path=izzyb-configNow.git&action=summary

The main idea is to store configuration snippets for each account in a 
git repo so changes can be tracked over time and admins can review what 
has changed before deploying it.  An account repo can be system specific 
or contain details for remote servers; I intend to support the idea of 
multiple repos for each account as well - it may be necessary for 
security considerations.  The location of the repo will be configurable 
but assumed to be the account's ~/configNow.  Exactly how the repo is 
used is up to the admins to configure and create scripts for their needs 
using simple interfaces in perl.  The configuration generated uses a 
plugin model to make it easy to extend as needed.  Examples of modules 
can be found in the lib/IRCNOW/ConfigNow/Module/ directory.

Each plugin consists of a list of files it manipulates.  More then one 
plugin can modify the same files.  The main focus currently is on config 
files, but I intend to support configuration via IRC for things like znc 
or through a list of shell commands or custom scripts for things like 
shell accounts. Obviously modules doing complex things will be more 
complex to create.  I also want to support pre and post scripts and 
locate/removal of config for modules at some point.

At this stage, it generates fresh config and uses git to compare it to 
the previous config and commit changes if there are any. Merge conflicts 
may need to be resolved if the configuration strays from what was auto 
configured.  The plugins use sprintf strings or perl subroutines for 
more complex configuration with a list of params to pass specified for 
each file.

The intent is to allow the user to view and modify their config directly 
or via configNow tool.  It will be up to the admins to configure if 
users have direct access or have to use the tools to modify their 
config.  Part of the goal of IRCNOW is to teach users to manage their 
own servers, so I'm think this would be a good way to help users dip 
their toes into system config while making it easy for admins to locate 
and resolve issues they create.  So, system admin with training wheels 
and support :)

The second phase of the configNow system will be staging the 
configuration changes from each account into new system configuration 
files.  The location of the staging area will be configurable but 
defaults to ~/stageNow.  (I could default to /etc/configNow).  The 
staging area will contain clones of each accounts configNow repos as 
submodules.  This insures we have a backup of the accounts config repo 
and also helps prevent contamination from compromised ~/configNow 
repos.  The staging phase will combine the config with system wide 
template details into a staged version for review before deploying.  
Admins can review changes via git diffs of the previous config before 
deploying them.  This is where I'm at in development currently; 
combining config snippets.  I have it generating the config repos for 
multiple accounts and the staging area at this point.

Run it like this:

bin/configNow smith ryan pam dave tammy
bin/confignow exile izzyb mantar lotd

This would create the configuration for two accounts; smith and exile.   
smith could be a family account for parents and kids; exile would be an 
account for the Minetest Exile game development team.  Each creating 
dns, and letsencrypt configuration for the group and email, xmpp, and 
eventually shell accounts for the users.  This is still a work in 
progress, but almost ready for the user.planetofnix.com server.  I'm 
planning on extending it for use on any IRCNOW member server.  No reason 
it cant be adopted for other networks also but not my focus - the 
license will be permissive though.

The deployment phase isn't started yet but will require changes to be 
committed and the repo to be in a clean state to deploy and restart 
services.  I'm thinking I'll have to break the repos into 2 branches; an 
auto generated branch and a deployed branch.  This way custom config 
changes can be brought forward using git rebase.  Admins can then 
resolve merge conflicts and commit the change before they'd be deployed.

I'm open to feedback including criticisms of anything I've done here.  
The goal is to have tools to help manage user accounts and system 
configuration in a way that keeps a history.  It should assists admins 
to locate and resolve issues proactively with options to restore 
previous known working configs if bad config slips through.  This is 
just a proof of concept I've hammered together mostly through trial and 
error.  I'm planning on making it part of the p5-IRCNOW library but have 
resisted creating a dependency on it so far.  Feedback and contributions 
are welcome to help polish the turd :)

...Izzy