Although KCL is unquestionably a more powerful language, and maps more
closely to my mental model of how host/environment/application
configuration is defined, the fact that it doesn't work on ARM (issue
982]) makes it a non-starter. It's also quite slow (owing to how it
compiles a program to evaluate the code) and cumbersome to distribute.
Fortunately, `tmpl` doesn't care how the values it uses were computed,
so we freely change configuration languages, so long as whatever we use
generates JSON/YAML.
CUE is probably a lot more popular than KCL, and is quite a bit simpler.
It's more restrictive (values cannot be overridden once defined), but
still expressive enough for what I am trying to do (so far).
`tmpl` takes a long time to compile on a Raspberry Pi, so I've created a
CI pipeline to build it separately.
`kcl` seems to have a [bug][0] that causes it to include the x86_64
builds of `kclvm_cli` and `libkclvm_cli_cdylib.so` on aarch64. This
naturally doesn't work, so we need to fetch the correct builds
ourselves.
[0]: https://github.com/kcl-lang/cli/issues/31
When `tmpl` runs `systemd-sysusers` after generating the `sysusers.d`
file for NUT, the `/etc/passwd` and `/etc/group` files on the host are
created anew and replaced, which "breaks" the bind mount. Since new
files are put in their place, the container and the host no longer see
the same files. We can work around this by using a symbolic link for
each file, pointing to the respective file in the `/host` directory
(which is the host's `/` directory bind mounted into the container's
namespace). Since the symlinks follow the file by name rather than
inode, the container's view is always in sync with the host's.
As it turns out, KCL literally *compiles* a program from the KCL
sources. The program it creates needs to link with its runtime library,
`libkclvm_cli_cdylib.so`. The `kcl` command extracts this library,
along with a helper utility `kclvm_cli`, which performs the actual
compilation and linking. In a container, `/root/go` is probably mounted
read-only, so we need to extract these files ahead of time and put them
in another location, so the `kcl` command does not have to do it each
time it runs.
Dustin