Voir \`$tool/vm_hosted' pour les utilitaires côté VM hébergée.
SYNTAX: $0 \$RULE \${RULE}_SYNTAX
RULES:
- $(sed -ne 's/^rule_\([^_][^ ]*\) () {\( *#.*\|\)/\t\1\2/p' "$tool"/vm.sh "$0")
+ $(sed -ne 's/^rule_\([^_][^ ]*\) () {\( *#.*\|\)/\t\1\2/p' "$tool"/etc/vm.sh "$0")
ENVIRONMENT:
TRACE # affiche les commandes avant leur exécution
- $(sed -ne 's/^readonly \([^ ][^ =]*\).*}\( *#.*\|\)$/\t$\1\2/p' "$tool"/vm.sh "$0")
+ $(sed -ne 's/^readonly \([^ ][^ =]*\).*}\( *#.*\|\)$/\t$\1\2/p' "$tool"/etc/vm.sh "$0")
EOF
}
rule_vm_start () {
test ! -e /dev/domU/$vm_fqdn-disk1
sudo xm create $vm_fqdn.cfg
- rule_vm_attach
+ rule vm_attach
}
rule_vm_attach () {
cat <<-EOF
#sudo xm block-attach 0 phy:/dev/domU/$vm_fqdn-disk $vm_dev_disk w
}
rule_disk_umount () { # DESCRIPTION: démontage du disque de la VM depuis l'hôte
- rule_part_boot_umount
+ rule part_boot_umount
case $vm_use_lvm in
(yes)
- rule_part_lvm_umount
+ rule part_lvm_umount
;;
(no)
- rule_part_root_umount
- rule_part_var_umount
- rule_part_home_umount
+ rule part_root_umount
+ rule part_var_umount
+ rule part_home_umount
;;
(*) exit 1;;
esac
}
rule_part_lvm_format () {
- rule_part_lvm_umount
+ rule part_lvm_umount
! sudo vgs | grep -q "^ $vm_lvm_vg " ||
sudo vgremove $vm_lvm_vg
sudo pvcreate --dataalignment 512k $vm_lvm_pv
sudo lvcreate --contiguous y -n ${vm_lvm_lv}_root -L 15G $vm_lvm_vg
sudo lvcreate --contiguous y -n ${vm_lvm_lv}_var -L 5G $vm_lvm_vg
sudo lvcreate --contiguous y -n ${vm_lvm_lv}_home -l 99%FREE $vm_lvm_vg
- rule_part_lvm_umount
+ rule part_lvm_umount
}
rule_part_lvm_mount () {
case $vm_use_lvm in
rule_part_lvm_umount () {
case $vm_use_lvm in
(yes)
- rule_part_root_umount
- rule_part_var_umount
- rule_part_home_umount
+ rule part_root_umount
+ rule part_var_umount
+ rule part_home_umount
! sudo vgs | grep -q "^ $vm_lvm_vg " ||
sudo vgchange -a n $vm_lvm_vg
;;
sudo cryptsetup luksHeaderBackup $vm_dev_disk_root --header-backup-file ./root.luks
}
rule_part_swap_format () {
- rule__part_encrypted_format swap
- rule__part_encrypted_mount swap
+ rule _part_encrypted_format swap
+ rule _part_encrypted_mount swap
sudo mkswap -f -L ${vm_lvm_lv}_swap \
/dev/mapper/${vm_lvm_lv}_swap_deciphered
- rule__part_encrypted_umount swap
+ rule _part_encrypted_umount swap
}
rule_part_boot_format () {
mount | grep -q "^$vm_dev_disk_boot " ||
sudo umount -v /mnt/$vm_fqdn/boot
}
rule_part_var_format () {
- rule__part_encrypted_format var
- rule__part_encrypted_mount var
+ rule _part_encrypted_format var
+ rule _part_encrypted_mount var
sudo mke2fs -t ext4 -c -c -m 5 -T ext4 -b $vm_e2fs_block_size \
-E resize=10G${vm_e2fs_extended_options} \
-L ${vm_lvm_lv}_var \
/dev/mapper/${vm_lvm_lv}_var_deciphered
- rule__part_encrypted_umount var
+ rule _part_encrypted_umount var
}
rule_part_var_mount () {
- rule__part_encrypted_mount var
+ rule _part_encrypted_mount var
mountpoint -q /mnt/$vm_fqdn/var ||
sudo mount -v -t ext4 /dev/mapper/${vm_lvm_lv}_var_deciphered /mnt/$vm_fqdn/var
}
rule_part_var_umount () {
! mountpoint -q /mnt/$vm_fqdn/var ||
sudo umount -v /mnt/$vm_fqdn/var
- rule__part_encrypted_umount var
+ rule _part_encrypted_umount var
}
rule_part_home_format () {
- rule__part_encrypted_format home
- rule__part_encrypted_mount home
+ rule _part_encrypted_format home
+ rule _part_encrypted_mount home
sudo mke2fs -t ext4 -c -c -m 0 -T ext4 -b $vm_e2fs_block_size \
-E resize=400G${vm_e2fs_extended_options} \
-L ${vm_lvm_lv}_home \
/dev/mapper/${vm_lvm_lv}_home_deciphered
# NOTE: -O quota pas supporté par e2fsprogs/squeeze
- rule__part_encrypted_umount home
+ rule _part_encrypted_umount home
}
rule_part_home_mount () {
- rule__part_encrypted_mount home
+ rule _part_encrypted_mount home
mountpoint -q /mnt/$vm_fqdn/home ||
sudo mount -v -t ext4 /dev/mapper/${vm_lvm_lv}_home_deciphered /mnt/$vm_fqdn/home
}
rule_part_home_umount () {
! mountpoint -q /mnt/$vm_fqdn/home ||
sudo umount -v /mnt/$vm_fqdn/home
- rule__part_encrypted_umount home
+ rule _part_encrypted_umount home
}
rule_debian_install () {
- rule_disk_mount
- rule_part_lvm_mount
- rule_part_root_mount
- rule_part_boot_mount
- rule_part_var_mount
+ rule disk_mount
+ rule part_lvm_mount
+ rule part_root_mount
+ rule part_boot_mount
+ rule part_var_mount
sudo DEBOOTSTRAP_DIR=/usr/share/debootstrap/ LANG=C LC_CTYPE=C debootstrap \
--arch=$vm_arch --verbose --keyring=/usr/share/keyrings/debian-archive-keyring.gpg \
--exclude=vim-tiny \
) \
$vm_lsb_name /mnt/$vm_fqdn/ \
http://ftp.fr.debian.org/debian/
- rule_part_var_umount
- rule_part_boot_umount
- rule_part_root_umount
+ rule part_var_umount
+ rule part_boot_umount
+ rule part_root_umount
}
rule_chroot () {
- rule_disk_mount
- rule_part_lvm_mount
- rule_part_root_mount
- rule_part_boot_mount
- rule_part_var_mount
+ rule disk_mount
+ rule part_lvm_mount
+ rule part_root_mount
+ rule part_boot_mount
+ rule part_var_mount
#rule_part_home_mount
mountpoint -q /mnt/$vm_fqdn/proc ||
sudo mount -t proc proc /mnt/$vm_fqdn/proc
rsync -a "$tool"/ /mnt/$vm_fqdn/root/tool/vm
fi
sudo chroot /mnt/$vm_fqdn /bin/bash || true
- rule__chroot_clean
+ rule _chroot_clean
}
rule__chroot_clean () {
! sudo mountpoint -q /mnt/$vm_fqdn/root/tool/vm ||
sudo umount -v /mnt/$vm_fqdn/sys
! mountpoint -q /mnt/$vm_fqdn/proc ||
sudo umount -v /mnt/$vm_fqdn/proc
- rule_part_home_umount
- rule_part_var_umount
- rule_part_boot_umount
- rule_part_root_umount
- rule_disk_umount
+ rule part_home_umount
+ rule part_var_umount
+ rule part_boot_umount
+ rule part_root_umount
+ rule disk_umount
}
rule=${1:-help}
case $rule in
(help);;
(*)
- test "$(hostname --fqdn)" = "$vm_host" ||
- error 1 "mauvaise machine"
+ assert 'test "$(hostname --fqdn)" = "$vm_host"' vm_host
${TRACE:+set -x}
;;
esac
-rule_$rule "$@"
+rule $rule "$@"
Voir \`$tool/vm_host' pour les utilitaires côté machine hôte.
SYNTAX: $0 \$RULE \${RULE}_SYNTAX
RULES:
- $(sed -ne 's/^rule_\([^_][^ ]*\) () {\( *#.*\|\)/\t\1\2/p' "$tool"/vm.sh "$0")
+ $(sed -ne 's/^rule_\([^_][^ ]*\) () {\( *#.*\|\)/\t\1\2/p' "$tool"/etc/vm.sh "$0")
ENVIRONMENT:
TRACE # affiche les commandes avant leur exécution
- $(sed -ne 's/^readonly \([^ ][^ =]*\).*}\( *#.*\|\)$/\t$\1\2/p' "$tool"/vm.sh "$0")
+ $(sed -ne 's/^readonly \([^ ][^ =]*\).*}\( *#.*\|\)$/\t$\1\2/p' "$tool"/etc/vm.sh "$0")
EOF
}
. /etc/profile
}
-rule__etckeeper_init () {
- mk_reg mod=644 own=root:root /etc/etckeeper/etckeeper.conf <<-EOF
- VCS=git
- GIT_COMMIT_OPTIONS=""
- AVOID_DAILY_AUTOCOMMITS=1
- #AVOID_SPECIAL_FILE_WARNING=1
- AVOID_COMMIT_BEFORE_INSTALL=1
- HIGHLEVEL_PACKAGE_MANAGER=apt
- LOWLEVEL_PACKAGE_MANAGER=dpkg
- EOF
- }
-rule__locale_init () {
- mk_reg mod=644 own=root:root /etc/locale.gen <<-EOF
- fr_FR.UTF-8 UTF-8
- EOF
- sudo update-locale
- }
-rule__network_init () {
- mk_reg mod= own= /etc/hostname <<-EOF
- $vm
- EOF
- grep -q " $vm\$" /etc/hosts ||
- mk_reg mod= own= --append /etc/hosts <<-EOF
- 127.0.0.1 $vm_fqdn $vm
- EOF
- mk_reg mod= own= /etc/network/interfaces <<-EOF
- auto lo
- iface lo inet loopback
-
- auto eth0=grenode
- iface grenode inet static
- address $vm_ipv4
- gateway $vm_ipv4 # NOTE: proxy_arp sur la passerelle permet d'utiliser la même adresse
- network $vm_ipv4
- broadcast $vm_ipv4
- netmask 255.255.255.255
- #mtu 1300
- post-up ip address add $vm_ipv4/32 dev \$IFACE
- pre-down ip address delete $vm_ipv4/32 dev \$IFACE
- EOF
- }
-rule__apt_init () {
+rule_apt_init () {
mk_reg mod= own= /etc/apt/sources.list <<-EOF
deb http://ftp.fr.debian.org/debian $vm_lsb_name main contrib non-free
EOF
deb http://nightly.openerp.com/trunk/nightly/deb/ ./
EOF
}
-rule__filesystem_init () {
+rule_apticron_init () {
+ sudo apt-get install --reinstall apticron
+ mk_reg mod=644 own=root:root /etc/default/grub <<-EOF
+ EMAIL="admin@heureux-cyclage.org"
+ # DIFF_ONLY="1"
+ # LISTCHANGES_PROFILE="apticron"
+ # ALL_FQDNS="1"
+ # SYSTEM="foobar.example.com"
+ # IPADDRESSNUM="1"
+ # IPADDRESSES="192.0.2.1 2001:db8:1:2:3::1"
+ # NOTIFY_HOLDS="0"
+ # NOTIFY_NEW="0"
+ # NOTIFY_NO_UPDATES="0"
+ # CUSTOM_SUBJECT=""
+ # CUSTOM_NO_UPDATES_SUBJECT=""
+ # CUSTOM_FROM="root@ateliers.heureux-cyclage.org"
+ EOF
+ sudo service apticron restart
+ }
+rule_boot_init () {
+ sudo apt-get install --reinstall grub-pc # XXX: attention à n'installer GRUB sur AUCUN disque proposé !
+ mk_dir mod=644 own=root:root /boot/grub
+ sudo apt-get install --reinstall linux-image-$vm_arch
+ mk_reg mod=644 own=root:root /etc/default/grub <<-EOF
+ GRUB_DEFAULT=0
+ GRUB_TIMEOUT=5
+ GRUB_DISTRIBUTOR=\`lsb_release -i -s 2> /dev/null || echo Debian\`
+ GRUB_CMDLINE_LINUX_DEFAULT="quiet"
+ GRUB_CMDLINE_LINUX="vt.default_utf8=1 rootfstype=ext4 loglevel=5 console=hvc0 ip=$vm_ipv4::$vm_ipv4:255.255.255.254:$vm:eth0:off resume=/dev/mapper/${vm}_swap_deciphered"
+ GRUB_DISABLE_RECOVERY="true"
+ #GRUB_PRELOAD_MODULES="lvm"
+ EOF
+ mk_reg mod=644 own=root:root /boot/grub/device.map <<-EOF
+ (hd0) /dev/xvda
+ (hd0) /dev/mapper/domU-$(printf %s $vm_fqdn-disk | sed -e 's/-/--/g')
+ EOF
+ sudo update-grub2 # NOTE: prend en compte /boot/grub/device.map
+ rule initramfs_init
+ }
+rule_etckeeper_init () {
+ mk_reg mod=644 own=root:root /etc/etckeeper/etckeeper.conf <<-EOF
+ VCS=git
+ GIT_COMMIT_OPTIONS=""
+ AVOID_DAILY_AUTOCOMMITS=1
+ #AVOID_SPECIAL_FILE_WARNING=1
+ AVOID_COMMIT_BEFORE_INSTALL=1
+ HIGHLEVEL_PACKAGE_MANAGER=apt
+ LOWLEVEL_PACKAGE_MANAGER=dpkg
+ EOF
+ }
+rule_filesystem_init () {
mk_reg mod=644 own=root:root /etc/fstab <<-EOF
# <file system> <mount point> <type> <options> <dump> <pass>
LABEL=${vm_lvm_lv}_boot /boot ext2 defaults 0 0
vm.vfs_cache_pressure=50
EOF
}
-rule__login_init () {
- grep -q hvc0 /etc/securetty ||
+rule_initramfs_init () {
+ mk_reg mod=644 own=root:root /etc/initramfs-tools/initramfs.conf <<-EOF
+ MODULES=most
+ BUSYBOX=y
+ KEYMAP=y
+ COMPRESS=gzip
+ DEVICE=eth0
+ EOF
+ mk_reg mod=644 own=root:root /etc/modprobe.d/xen-pv.conf <<-EOF
+ alias eth0 xennet
+ alias scsi_hostadapter xenblk
+ EOF
+ mk_reg mod=644 own=root:root /etc/modules <<-EOF
+ sha1_generic
+ sha256_generic
+ sha512_generic
+ aes-x86_64
+ xts
+ # NOTE: pour Xen en mode HVM :
+ #modprobe xen-platform-pci
+ EOF
+ mk_reg mod=644 own=root:root /etc/initramfs-tools/modules <<-EOF
+ EOF
+ sudo sed -e '/^configure_networking /s/ &$//' \
+ -i /usr/share/initramfs-tools/scripts/init-premount/dropbear
+ # NOTE: corrige une vermine : dropbear doit attendre que le réseau soit configuré..
+ sudo rm -f \
+ /etc/initramfs-tools/etc/dropbear/dropbear_dss_host_key \
+ /etc/initramfs-tools/etc/dropbear/dropbear_dss_host_key.pub \
+ /etc/initramfs-tools/etc/dropbear/dropbear_rsa_host_key \
+ /etc/initramfs-tools/etc/dropbear/dropbear_rsa_host_key.pub
+ ssh-keygen -F "init.$vm_fqdn" -f "$tool"/etc/openssh/known_hosts |
+ ( while IFS= read -r line
+ do case $line in (*" RSA") return 0; break;; esac
+ done; return 1 ) ||
+ sudo dropbearkey -t rsa -s 4096 -f \
+ /etc/initramfs-tools/etc/dropbear/dropbear_rsa_host_key
+ ssh-keygen -F "init.$vm_fqdn" -f "$tool"/etc/openssh/known_hosts |
+ ( while IFS= read -r line
+ do case $line in (*" DSA") return 0; break;; esac
+ done; return 1 ) ||
+ sudo dropbearkey -t dss -s 1024 -f \
+ /etc/initramfs-tools/etc/dropbear/dropbear_dss_host_key
+ mk_dir mod=640 own=root:root \
+ /etc/initramfs-tools/root \
+ /etc/initramfs-tools/root/.ssh
+ getent group sudo |
+ while IFS=: read -r group x x users
+ do while test -n "$users" && IFS=, read -r user users <<-EOF
+ $users
+ EOF
+ do eval local home\; home="~$user"
+ cat "$home"/etc/ssh/authorized_keys
+ done
+ done |
+ mk_reg mod=644 own=root:root /etc/initramfs-tools/root/.ssh/authorized_keys
+ sudo rm -f \
+ /etc/initramfs-tools/root/.ssh/id_rsa.dropbear \
+ /etc/initramfs-tools/root/.ssh/id_rsa.pub \
+ /etc/initramfs-tools/root/.ssh/id_rsa
+ # NOTE: clefs générées par Debian
+ sudo update-initramfs -u
+ }
+rule_locale_init () {
+ mk_reg mod=644 own=root:root /etc/locale.gen <<-EOF
+ fr_FR.UTF-8 UTF-8
+ EOF
+ sudo update-locale
+ }
+rule_login_init () {
+ grep -q '^hvc0$' /etc/securetty ||
mk_reg mod= own= --append /etc/securetty <<-EOF
hvc0
EOF
- grep -q xvc0 /etc/securetty ||
+ grep -q '^xvc0$' /etc/securetty ||
mk_reg mod= own= --append /etc/securetty <<-EOF
xvc0
EOF
session optional pam_umask.so
EOF
}
-rule__user_root_init () {
- mk_dir mod=750 own=root:root /root/etc
- mk_dir mod=750 own=root:root /root/etc/ssh
- mk_dir mod=750 own=root:root /root/etc/gpg
- mk_lnk etc/gpg /root/.gnupg
- mk_lnk etc/ssh /root/.ssh
- getent group sudo |
- while test -n "$users" && IFS=: read -r group x x users
- do while IFS=, read -r user users <<-EOF
- $users
- EOF
- do eval local home\; home="~$user"
- cat "$home"/etc/ssh/authorized_keys
- done
- done |
- mk_reg mod=640 own=root:root /root/etc/ssh/authorized_keys
- local key
- for key in "$tool"/var/pub/openpgp/*.key
- do sudo gpg --import "$key"
- done
- }
-rule__initramfs_init () {
- mk_reg mod=644 own=root:root /etc/initramfs-tools/initramfs.conf <<-EOF
- MODULES=most
- BUSYBOX=y
- KEYMAP=y
- COMPRESS=gzip
- DEVICE=eth0
- EOF
- mk_reg mod=644 own=root:root /etc/modprobe.d/xen-pv.conf <<-EOF
- alias eth0 xennet
- alias scsi_hostadapter xenblk
- EOF
- mk_reg mod=644 own=root:root /etc/modules <<-EOF
- sha1_generic
- sha256_generic
- sha512_generic
- aes-x86_64
- xts
- # NOTE: pour Xen en mode HVM :
- #modprobe xen-platform-pci
- EOF
- mk_reg mod=644 own=root:root /etc/initramfs-tools/modules <<-EOF
- EOF
- sudo sed -e '/^configure_networking /s/ &$//' \
- -i /usr/share/initramfs-tools/scripts/init-premount/dropbear
- # NOTE: corrige une vermine : dropbear doit attendre que le réseau soit configuré..
- sudo rm -f \
- /etc/initramfs-tools/etc/dropbear/dropbear_dss_host_key \
- /etc/initramfs-tools/etc/dropbear/dropbear_dss_host_key.pub \
- /etc/initramfs-tools/etc/dropbear/dropbear_rsa_host_key \
- /etc/initramfs-tools/etc/dropbear/dropbear_rsa_host_key.pub
- ssh-keygen -F "init.$vm_fqdn" -f "$tool"/etc/openssh/known_hosts |
- ( while IFS= read -r line
- do case $line in (*" RSA") return 0; break;; esac
- done; return 1 ) ||
- sudo dropbearkey -t rsa -s 4096 -f \
- /etc/initramfs-tools/etc/dropbear/dropbear_rsa_host_key
- ssh-keygen -F "init.$vm_fqdn" -f "$tool"/etc/openssh/known_hosts |
- ( while IFS= read -r line
- do case $line in (*" DSA") return 0; break;; esac
- done; return 1 ) ||
- sudo dropbearkey -t dss -s 1024 -f \
- /etc/initramfs-tools/etc/dropbear/dropbear_dss_host_key
- mk_dir mod=640 own=root:root \
- /etc/initramfs-tools/root \
- /etc/initramfs-tools/root/.ssh
- getent group sudo |
- while IFS=: read -r group x x users
- do while test -n "$users" && IFS=, read -r user users <<-EOF
- $users
- EOF
- do eval local home\; home="~$user"
- cat "$home"/etc/ssh/authorized_keys
- done
- done |
- mk_reg mod=644 own=root:root /etc/initramfs-tools/root/.ssh/authorized_keys
- sudo rm -f \
- /etc/initramfs-tools/root/.ssh/id_rsa.dropbear \
- /etc/initramfs-tools/root/.ssh/id_rsa.pub \
- /etc/initramfs-tools/root/.ssh/id_rsa
- # NOTE: clefs générées par Debian
- sudo update-initramfs -u
- }
-rule__boot_init () {
- sudo apt-get install --reinstall grub-pc # XXX: attention à n'installer GRUB sur AUCUN disque proposé !
- mk_dir mod=644 own=root:root /boot/grub
- sudo apt-get install --reinstall linux-image-$vm_arch
- mk_reg mod=644 own=root:root /etc/default/grub <<-EOF
- GRUB_DEFAULT=0
- GRUB_TIMEOUT=5
- GRUB_DISTRIBUTOR=\`lsb_release -i -s 2> /dev/null || echo Debian\`
- GRUB_CMDLINE_LINUX_DEFAULT="quiet"
- GRUB_CMDLINE_LINUX="vt.default_utf8=1 rootfstype=ext4 loglevel=5 console=hvc0 ip=$vm_ipv4::$vm_ipv4:255.255.255.254:$vm:eth0:off resume=/dev/mapper/${vm}_swap_deciphered"
- GRUB_DISABLE_RECOVERY="true"
- #GRUB_PRELOAD_MODULES="lvm"
+rule_network_init () {
+ mk_reg mod= own= /etc/hostname <<-EOF
+ $vm
EOF
- mk_reg mod=644 own=root:root /boot/grub/device.map <<-EOF
- (hd0) /dev/xvda
- (hd0) /dev/mapper/domU-$(printf %s $vm_fqdn-disk | sed -e 's/-/--/g')
+ grep -q " $vm\$" /etc/hosts ||
+ mk_reg mod= own= --append /etc/hosts <<-EOF
+ 127.0.0.1 $vm_fqdn $vm
EOF
- sudo update-grub2 # NOTE: prend en compte /boot/grub/device.map
- rule__initramfs_init
- }
-rule_apticron_init () {
- sudo apt-get install --reinstall apticron
- mk_reg mod=644 own=root:root /etc/default/grub <<-EOF
- EMAIL="admin@heureux-cyclage.org"
- # DIFF_ONLY="1"
- # LISTCHANGES_PROFILE="apticron"
- # ALL_FQDNS="1"
- # SYSTEM="foobar.example.com"
- # IPADDRESSNUM="1"
- # IPADDRESSES="192.0.2.1 2001:db8:1:2:3::1"
- # NOTIFY_HOLDS="0"
- # NOTIFY_NEW="0"
- # NOTIFY_NO_UPDATES="0"
- # CUSTOM_SUBJECT=""
- # CUSTOM_NO_UPDATES_SUBJECT=""
- # CUSTOM_FROM="root@ateliers.heureux-cyclage.org"
+ mk_reg mod= own= /etc/network/interfaces <<-EOF
+ auto lo
+ iface lo inet loopback
+
+ auto eth0=grenode
+ iface grenode inet static
+ address $vm_ipv4
+ gateway $vm_ipv4 # NOTE: proxy_arp sur la passerelle permet d'utiliser la même adresse
+ network $vm_ipv4
+ broadcast $vm_ipv4
+ netmask 255.255.255.255
+ #mtu 1300
+ post-up ip address add $vm_ipv4/32 dev \$IFACE
+ pre-down ip address delete $vm_ipv4/32 dev \$IFACE
EOF
- sudo service apticron restart
}
-rule__bin_init () {
- mk_lnk "$tool"/vm_hosted /usr/local/sbin/
- }
-rule_init () {
- rule__etckeeper_init
- rule__locale_init
- rule__network_init
- rule__apt_init
- rule__filesystem_init
- rule__login_init
- rule__user_root_init
- rule__boot_init
- rule__bin_init
- }
-
-rule_disk_key_change () {
- sudo cryptsetup luksChangeKey /dev/$vm_lvm_vg/${vm_lvm_lv}_root
- }
-
rule_user_init () {
mk_dir mod=750 own="root:adm" /etc/skel/etc
mk_dir mod=770 own="root:adm" /etc/skel/etc/apache2
'case \$(/usr/bin/passwd --status "\$SUDO_USER") in ("\$SUDO_USER L "*) /usr/bin/passwd \$SUDO_USER;; esac'
EOF
}
+rule_user_root_init () {
+ mk_dir mod=750 own=root:root /root/etc
+ mk_dir mod=750 own=root:root /root/etc/ssh
+ mk_dir mod=750 own=root:root /root/etc/gpg
+ mk_lnk etc/gpg /root/.gnupg
+ mk_lnk etc/ssh /root/.ssh
+ getent group sudo |
+ while test -n "$users" && IFS=: read -r group x x users
+ do while IFS=, read -r user users <<-EOF
+ $users
+ EOF
+ do eval local home\; home="~$user"
+ cat "$home"/etc/ssh/authorized_keys
+ done
+ done |
+ mk_reg mod=640 own=root:root /root/etc/ssh/authorized_keys
+ local key
+ for key in "$tool"/var/pub/openpgp/*.key
+ do sudo gpg --import "$key"
+ done
+ }
+rule__bin_init () {
+ mk_lnk "$tool"/vm_hosted /usr/local/sbin/
+ }
+rule_init () {
+ rule etckeeper_init
+ rule locale_init
+ rule network_init
+ rule apt_init
+ rule filesystem_init
+ rule login_init
+ rule user_root_init
+ rule boot_init
+ rule bin_init
+ }
+
+rule_disk_key_change () {
+ sudo cryptsetup luksChangeKey /dev/$vm_lvm_vg/${vm_lvm_lv}_root
+ }
+
rule_user_admin_add () { # SYNTAX: $user
local user=$1
id "$user" >/dev/null ||
sudo adduser "$user" sudo
mk_reg mod=640 own=$user:$user "$home"/etc/ssh/authorized_keys \
<"$tool"/var/pub/ssh/"$user".key
- rule__initramfs_init
- rule__user_root_init
+ rule initramfs_init
+ rule user_root_init
local key; local -; set +f
for key in "$tool"/var/pub/openpgp/*.key
do sudo -u "$user" gpg --import "$key"
mk_reg mod=664 own=root:root /etc/postgrey/whitelist_recipients.local <<-EOF
EOF
}
-rule_mail_install () {
+rule_mail_init () {
sudo apt-get install postfix postgrey dovecot
}
case $rule in
(help);;
(*)
- test "$(hostname --fqdn)" = "$vm_fqdn" ||
- error 1 "mauvaise machine"
+ assert 'test "$(hostname --fqdn)" = "$vm_fqdn"' vm_fqdn
${TRACE:+set -x}
;;
esac
-rule_$rule "$@"
+rule $rule "$@"