-[submodule "lib/tool/sh"]
- path = lib/tool/sh
- url = git://git.autogeree.net/tool/sh
[submodule "lib/tool/openssl"]
path = lib/tool/openssl
url = git://git.autogeree.net/tool/openssl
TASK: obtenir une installation chrootable
@host % export TRACE=1
- @host % ~/tool/ateliers/vm_host disk_mount
- @host % ~/tool/ateliers/vm_host disk_format
- @host % ~/tool/ateliers/vm_host part_lvm_format
- @host % ~/tool/ateliers/vm_host part_root_format
- @host % ~/tool/ateliers/vm_host part_boot_format
- @host % ~/tool/ateliers/vm_host part_swap_format
- @host % ~/tool/ateliers/vm_host part_var_format
- @host % ~/tool/ateliers/vm_host part_home_format
- @host % ~/tool/ateliers/vm_host debian_install
- @host % ~/tool/ateliers/vm_host disk_umount
+ @host % ~/tool/ateliers/host/disk-mount
+ @host % ~/tool/ateliers/host/disk-format
+ @host % ~/tool/ateliers/host/part-lvm-format
+ @host % ~/tool/ateliers/host/part-root-format
+ @host % ~/tool/ateliers/host/part-boot-format
+ @host % ~/tool/ateliers/host/part-swap-format
+ @host % ~/tool/ateliers/host/part-var-format
+ @host % ~/tool/ateliers/host/part-home-format
+ @host % ~/tool/ateliers/host/debootstrap
+ @host % ~/tool/ateliers/host/disk-umount
TASK: obtenir une installation démarable
- @host % ~/tool/ateliers/vm_host chroot
+ @host % ~/tool/ateliers/host/chroot
@host % export TRACE=1 LANG=C LC_CTYPE=C
@host % /root/tool/vm/local/init # TODO: revoir ça
@host % exit
TASK: initialiser la VM
- @host % ~/tool/ateliers/vm_host vm_configure
- @host % ~/tool/ateliers/vm_host vm_start
+ @host % ~/tool/ateliers/xen-vm-configure
+ @host % ~/tool/ateliers/xen-vm-start
@local % local/user-configure
TASK: démarrer la VM
- @host % vm_host vm_start
+ @host % host/xen-vm-start
TASK: ajouter un-e administrateurice $user
@remote % cp .../id_rsa var/pub/ssh/$user.key
@remote % gpg --armor --export --export-options export-clean >var/pub/openpgp/$user.key
@local % local/git-reset
@local % local/user-admin-add $user
TASK: démarrer la VM
- @host % vm_host vm_start
+ @host % host/xen-vm-start
@remote % remote/luks-key-disk-send
TASK: pousser des changements locaux sur la VM
@remote % remote/git-push
-EMAIL="admin@VM_DOMAINNAME"
+EMAIL="admin@LOCAL_DOMAINNAME"
# DIFF_ONLY="1"
# LISTCHANGES_PROFILE="apticron"
# ALL_FQDNS="1"
# NOTIFY_NO_UPDATES="0"
# CUSTOM_SUBJECT=""
# CUSTOM_NO_UPDATES_SUBJECT=""
-# CUSTOM_FROM="root@VM_DOMAINNAME"
+# CUSTOM_FROM="root@LOCAL_DOMAINNAME"
alias sl='ls'
alias vi='vim'
alias vim='vim -p'
-alias vm_hosted='~/src/vm/vm_hosted'
-alias vm='vm_hosted'
alias :e='vim'
alias :q='exit'
# <target name> <source device> <key file> <options>
-VM_LVM_LV`'_root_deciphered /dev/VM_LVM_VG/VM_LVM_LV`'_root none luks,lvm=VM_LVM_VG
-VM_LVM_LV`'_var_deciphered /dev/VM_LVM_VG/VM_LVM_LV`'_var VM_LVM_LV`'_root_deciphered luks,lvm=VM_LVM_VG,keyscript=/lib/cryptsetup/scripts/decrypt_derived
-VM_LVM_LV`'_home_deciphered /dev/VM_LVM_VG/VM_LVM_LV`'_home VM_LVM_LV`'_root_deciphered luks,lvm=VM_LVM_VG,keyscript=/lib/cryptsetup/scripts/decrypt_derived
-VM_LVM_LV`'_swap_deciphered /dev/VM_LVM_VG/VM_LVM_LV`'_swap VM_LVM_LV`'_root_deciphered luks,lvm=VM_LVM_VG,keyscript=/lib/cryptsetup/scripts/decrypt_derived
+LOCAL_LLOCAL_LV`'_root_deciphered /dev/LOCAL_LLOCAL_VG/LOCAL_LLOCAL_LV`'_root none luks,lvm=LOCAL_LLOCAL_VG
+LOCAL_LLOCAL_LV`'_var_deciphered /dev/LOCAL_LLOCAL_VG/LOCAL_LLOCAL_LV`'_var LOCAL_LLOCAL_LV`'_root_deciphered luks,lvm=LOCAL_LLOCAL_VG,keyscript=/lib/cryptsetup/scripts/decrypt_derived
+LOCAL_LLOCAL_LV`'_home_deciphered /dev/LOCAL_LLOCAL_VG/LOCAL_LLOCAL_LV`'_home LOCAL_LLOCAL_LV`'_root_deciphered luks,lvm=LOCAL_LLOCAL_VG,keyscript=/lib/cryptsetup/scripts/decrypt_derived
+LOCAL_LLOCAL_LV`'_swap_deciphered /dev/LOCAL_LLOCAL_VG/LOCAL_LLOCAL_LV`'_swap LOCAL_LLOCAL_LV`'_root_deciphered luks,lvm=LOCAL_LLOCAL_VG,keyscript=/lib/cryptsetup/scripts/decrypt_derived
}
protocol lda {
auth_socket_path = /var/run/dovecot/auth-master
- hostname = VM_DOMAINNAME
+ hostname = LOCAL_DOMAINNAME
info_log_path =
log_path =
mail_plugins = $mail_plugins sieve
- postmaster_address = contact+dovecot+lda@VM_DOMAINNAME
+ postmaster_address = contact+dovecot+lda@LOCAL_DOMAINNAME
syslog_facility = mail
}
protocols = imap sieve
group = postfix
}
}
-ssl_ca = </etc/dovecot/VM_DOMAINNAME/imap/x509/crt+crl.self-signed.pem
-ssl_cert = </etc/dovecot/VM_DOMAINNAME/imap/x509/crt+crl.self-signed.pem
+ssl_ca = </etc/dovecot/LOCAL_DOMAINNAME/imap/x509/crt+crl.self-signed.pem
+ssl_cert = </etc/dovecot/LOCAL_DOMAINNAME/imap/x509/crt+crl.self-signed.pem
ssl_cipher_list = AES256-SHA
-ssl_key = </etc/dovecot/VM_DOMAINNAME/imap/x509/key.pem
+ssl_key = </etc/dovecot/LOCAL_DOMAINNAME/imap/x509/key.pem
ssl_verify_client_cert = yes
userdb {
driver = passwd
# <file system> <mount point> <type> <options> <dump> <pass>
-LABEL=VM_LVM_LV`'_boot /boot ext2 defaults 0 0
+LABEL=LOCAL_LLOCAL_LV`'_boot /boot ext2 defaults 0 0
proc /proc proc defaults 0 0
sysfs /sys sysfs defaults 0 0
-/dev/mapper/VM_LVM_LV`'_root_deciphered / ext4 defaults,errors=remount-ro,acl,barrier=1,noatime 0 1
-/dev/mapper/VM_LVM_LV`'_var_deciphered /var ext4 defaults,errors=remount-ro,acl,barrier=1,noatime 0 1
-/dev/mapper/VM_LVM_LV`'_home_deciphered /home ext4 defaults,errors=remount-ro,acl,barrier=1,noatime,usrquota,grpquota 0 0
+/dev/mapper/LOCAL_LLOCAL_LV`'_root_deciphered / ext4 defaults,errors=remount-ro,acl,barrier=1,noatime 0 1
+/dev/mapper/LOCAL_LLOCAL_LV`'_var_deciphered /var ext4 defaults,errors=remount-ro,acl,barrier=1,noatime 0 1
+/dev/mapper/LOCAL_LLOCAL_LV`'_home_deciphered /home ext4 defaults,errors=remount-ro,acl,barrier=1,noatime,usrquota,grpquota 0 0
# NOTE: barrier=1 réduit drastiquement les performances d'écriture, mais garantit la cohérence du système de fichiers.
-/dev/mapper/VM_LVM_LV`'_swap_deciphered swap swap sw 0 0
+/dev/mapper/LOCAL_LLOCAL_LV`'_swap_deciphered swap swap sw 0 0
. "$tool"/etc/local.sh
-readonly vm_dev_disk=/dev/mapper/domU-$(printf %s "$vm_fqdn-disk" | sed -e 's/-/--/g')
-readonly vm_dev_disk_boot="${vm_dev_disk}1"
+readonly local_dev_disk=/dev/mapper/domU-$(printf %s "$local_fqdn-disk" | sed -e 's/-/--/g')
+readonly local_dev_disk_boot="${local_dev_disk}1"
-case $vm_use_lvm in
+case $local_use_lvm in
(no)
- readonly vm_dev_disk_swap="${vm_dev_disk}5"
- readonly vm_dev_disk_root="${vm_dev_disk}6"
- readonly vm_dev_disk_var="${vm_dev_disk}7"
- readonly vm_dev_disk_home="${vm_dev_disk}8"
+ readonly local_dev_disk_swap="${local_dev_disk}5"
+ readonly local_dev_disk_root="${local_dev_disk}6"
+ readonly local_dev_disk_var="${local_dev_disk}7"
+ readonly local_dev_disk_home="${local_dev_disk}8"
;;
(yes)
- readonly vm_lvm_pv="${vm_dev_disk}2"
- readonly vm_dev_disk_swap=/dev/$vm_lvm_vg/${vm_lvm_lv}_swap
- readonly vm_dev_disk_root=/dev/$vm_lvm_vg/${vm_lvm_lv}_root
- readonly vm_dev_disk_var=/dev/$vm_lvm_vg/${vm_lvm_lv}_var
- readonly vm_dev_disk_home=/dev/$vm_lvm_vg/${vm_lvm_lv}_home
+ readonly local_lvm_pv="${local_dev_disk}2"
+ readonly local_dev_disk_swap=/dev/$local_lvm_vg/${local_lvm_lv}_swap
+ readonly local_dev_disk_root=/dev/$local_lvm_vg/${local_lvm_lv}_root
+ readonly local_dev_disk_var=/dev/$local_lvm_vg/${local_lvm_lv}_var
+ readonly local_dev_disk_home=/dev/$local_lvm_vg/${local_lvm_lv}_home
;;
(*) exit 1;;
esac
readonly PATH=$PATH:/usr/sbin:/sbin
-readonly vm_domainname="heureux-cyclage.org"
-readonly vm_hostname="ateliers"
-readonly vm_fqdn="$vm_hostname.$vm_domainname"
-readonly vm=$vm_hostname
-readonly vm_host="rouf.grenode.net"
-readonly vm_host_nameserver="91.216.110.110"
+readonly local_domainname="heureux-cyclage.org"
+readonly local_hostname="ateliers"
+readonly local_fqdn="$local_hostname.$local_domainname"
+readonly vm=$local_hostname
+readonly local_host="rouf.grenode.net"
+readonly local_host_nameserver="91.216.110.110"
-readonly vm_use_lvm="yes"
+readonly local_use_lvm="yes"
# - sans LVM :
# - on a accès au LVM de l'hôte, mais c'est pas très propre.
# - pour l'extension de mémoire, on peut soit :
- # 1.1. étendre avec lvresize /dev/domU/$vm_fqdn-disk
- # 1.2. étendre avec sfdisk $vm_dev_disk_home
- # 1.3. étendre avec resize2fs /dev/mapper/${vm_lvm_lv}_home_deciphered
+ # 1.1. étendre avec lvresize /dev/domU/$local_fqdn-disk
+ # 1.2. étendre avec sfdisk $local_dev_disk_home
+ # 1.3. étendre avec resize2fs /dev/mapper/${local_lvm_lv}_home_deciphered
# soit :
# 2.1. créer une nouvelle partition sur le LVM de l'hôte
- # 2.2. l'ajouter comme un disque supplémentaire dans /etc/xen/$vm_fqdn.cfg
+ # 2.2. l'ajouter comme un disque supplémentaire dans /etc/xen/$local_fqdn.cfg
# 2.3. le monter sur /home2 en pensant à changer DHOME=/home2 dans /etc/adduser.conf
# - pour la sauvegarde: on peut soit :
# 1. sauvegarder au niveau applicatif (pgdump, mysqldump, etckeeper, git)
# - avec LVM :
# - question ouverte de la performance du LVM dans du LVM.
# - pour l'extension de mémoire, on peut soit :
- # 1.1. étendre avec lvresize /dev/domU/$vm_fqdn-disk
- # 1.1. étendre avec pvextend $vm_lvm_pv
- # 1.1. étendre avec lvresize /dev/${vm_lvm_vg}/${vm_lvm_lv}_home
- # 1.3. étendre avec resize2fs /dev/mapper/${vm_lvm_lv}_home_deciphered
+ # 1.1. étendre avec lvresize /dev/domU/$local_fqdn-disk
+ # 1.1. étendre avec pvextend $local_lvm_pv
+ # 1.1. étendre avec lvresize /dev/${local_lvm_vg}/${local_lvm_lv}_home
+ # 1.3. étendre avec resize2fs /dev/mapper/${local_lvm_lv}_home_deciphered
# - pour la sauvegarde: on peut soit :
# 1. sauvegarder au niveau applicatif (pgdump, mysqldump, etckeeper, git)
# 2. sauvegarder incrémentalement avec (duplicity, backup-ninja, BackupPC),
# /dev/sd{a,b}3 -> /dev/md2
# LVM
# /dev/md0 -> dom0
-# /dev/md2 -> domU -> /dev/mapper/$vm_fqdn-disk
+# /dev/md2 -> domU -> /dev/mapper/$local_fqdn-disk
# LVM
-# /dev/mapper/$vm_fqdn-disk -> /dev/xvda{1,2}
-# /dev/xvda2 -> /dev/mapper/${vm_lvm_vg}-${vm_lvm_lv}_{swap,root,var,home}
+# /dev/mapper/$local_fqdn-disk -> /dev/xvda{1,2}
+# /dev/xvda2 -> /dev/mapper/${local_lvm_vg}-${local_lvm_lv}_{swap,root,var,home}
-case $vm_use_lvm in
+case $local_use_lvm in
(no)
;;
(yes)
- readonly vm_lvm_vg=$vm_fqdn
- readonly vm_lvm_lv=$vm
+ readonly local_lvm_vg=$local_fqdn
+ readonly local_lvm_lv=$vm
;;
(*)
exit 1;;
esac
-readonly vm_raid_effective_disks=1 # NOTE: RAID1 (mirroring)
+readonly local_raid_effective_disks=1 # NOTE: RAID1 (mirroring)
# NOTE: julm@rouf:~$ sudo pvs /dev/md2 -o+pe_start
# PV VG Fmt Attr PSize PFree 1st PE
# /dev/md2 domU lvm2 a- 925,64g 470,64g 192,00k <- pas adapté au TRIM SSD, mais on utilise du SATA2
-readonly vm_e2fs_block_size=4096
+readonly local_e2fs_block_size=4096
# NOTE: valeur standard pour un disque avec des secteurs de 512 octets :
# julm@rouf:~$ grep . /sys/block/sd{a,b}/queue/*_block_size
# /sys/block/sda/queue/logical_block_size:512
# /sys/block/sda/queue/physical_block_size:512
# /sys/block/sdb/queue/logical_block_size:512
# /sys/block/sdb/queue/physical_block_size:512
-readonly vm_e2fs_stripe_size=
+readonly local_e2fs_stripe_size=
# NOTE: égal au chunk size de mdadm --detail ;
# mais ne concerne pas RAID1 où il n'y a pas de changement de disque à effectuer,
# et donc pas de chunk size.
-readonly vm_e2fs_stride=${vm_e2fs_stripe_size:+$((vm_e2fs_stripe_size / vm_e2fs_block_size))}
-readonly vm_e2fs_stripe_width=${vm_e2fs_stride:+$((vm_e2fs_stride * vm_raid_effective_disks))}
-vm_e2fs_extended_options=${vm_e2fs_stride:+,stride=$vm_e2fs_stride}${vm_e2fs_stripe_width:+,stripe_width=$vm_e2fs_stripe_width}
+readonly local_e2fs_stride=${local_e2fs_stripe_size:+$((local_e2fs_stripe_size / local_e2fs_block_size))}
+readonly local_e2fs_stripe_width=${local_e2fs_stride:+$((local_e2fs_stride * local_raid_effective_disks))}
+local_e2fs_extended_options=${local_e2fs_stride:+,stride=$local_e2fs_stride}${local_e2fs_stripe_width:+,stripe_width=$local_e2fs_stripe_width}
-readonly vm_arch="amd64"
-readonly vm_bridge="br-gresille"
-readonly vm_ipv4="91.216.110.42" # NOTE: IPv4 publique assignée par Grésille
-readonly vm_lsb_name="wheezy"
-readonly vm_mac="00:16:3E:E5:98:42" # NOTE: addresse MAC assignée par Grésille
+readonly local_arch="amd64"
+readonly local_bridge="br-gresille"
+readonly local_ipv4="91.216.110.42" # NOTE: IPv4 publique assignée par Grésille
+readonly local_lsb_name="wheezy"
+readonly local_mac="00:16:3E:E5:98:42" # NOTE: addresse MAC assignée par Grésille
# NOTE: on part sur wheezy dès le début
# dans l'idée de ne pas s'embêter avec
# une migration squeeze -> wheezy dans deux mois ;
auto eth0=grenode
iface grenode inet static
- address VM_IPV4
- gateway VM_IPV4 # NOTE: proxy_arp sur la passerelle permet d'utiliser la même adresse
- network VM_IPV4
- broadcast VM_IPV4
+ address LOCAL_IPV4
+ gateway LOCAL_IPV4 # NOTE: proxy_arp sur la passerelle permet d'utiliser la même adresse
+ network LOCAL_IPV4
+ broadcast LOCAL_IPV4
netmask 255.255.255.255
mtu 1300
# NOTE: il y a besoin de ça en l'état actuel du réseau de Grenode
#
# --- soupirail.grenode.net ping statistics ---
# 0 packets transmitted, 0 received, +1 errors
- post-up ip address add VM_IPV4/32 dev $IFACE
- pre-down ip address delete VM_IPV4/32 dev $IFACE
+ post-up ip address add LOCAL_IPV4/32 dev $IFACE
+ pre-down ip address delete LOCAL_IPV4/32 dev $IFACE
-#!/bin/sh
-set -e -f -u -x
-local hint="run before: ./vm_remote runit_configure nginx -- $site"
-assert "sudo test -f /etc/nginx/x509.d/\"$site\"/key.pem" hint
+sudo test -f /etc/nginx/x509.d/\"$site\"/key.pem ||
+printf '%s\n' "$(tput rev)run before: remote/runit-configure nginx -- $site$(tput sggr0)" && exit 1
+
sudo install -m 664 -o www -g www \
"$tool"/var/pub/x509/git.heureux-cyclage.org/crt+ca.pem \
/etc/nginx/x509.d/"$site"/crt.pem
-#!/bin/sh
-set -e -f -u -x
-local hint="run vm_remote nginx_configure before"
-assert "sudo test -f /etc/nginx/x509.d/\"$site\"/key.pem" hint
+sudo test -f /etc/nginx/x509.d/\"$site\"/key.pem ||
+printf '%s\n' "$(tput rev)run before: remote/runit-configure nginx -- $site$(tput sgr0)" && exit 1
+
sudo install -m 664 -o www -g www \
"$tool"/var/pub/x509/questionnaires.heureux-cyclage.org/crt+ca.pem \
/etc/nginx/x509.d/"$site"/crt.pem
-local hint="run before: ./vm_remote runit_configure nginx -- $site"
-assert "sudo getent passwd wiki-\"$site\" >/dev/null" hint
-assert "sudo test -f ~wiki-$site/etc/ssh/id_rsa" hint
+sudo test -f /etc/nginx/x509.d/\"$site\"/key.pem &&
+sudo test -f ~wiki-$site/etc/ssh/id_rsa ||
+printf '%s\n' "$(tput rev)run before: remote/runit-configure nginx -- $site$(tput sgr0)" && exit 1
"$tool"/local/apt-get-install ikiwiki \
libsearch-xapian-perl
-#!/bin/sh
-set -e -f -u -x
-local hint="run before: ./vm_remote runit_configure nginx -- $site"
-assert "sudo test -f /etc/nginx/x509.d/\"$site\"/key.pem" hint
+sudo test -f /etc/nginx/x509.d/\"$site\"/key.pem ||
+printf '%s\n' "$(tput rev)run before: remote/runit-configure nginx -- $site$(tput sgr0)" && exit 1
+
sudo install -m 664 -o www -g www \
"$tool"/var/pub/x509/stats.heureux-cyclage.org/crt+ca.pem \
/etc/nginx/x509.d/"$site"/crt.pem
-#!/bin/sh
-set -e -f -u -x
-local hint="run before: ./vm_remote runit_configure nginx -- $site"
-assert "sudo test -f /etc/nginx/x509.d/\"$site\"/key.pem" hint
+sudo test -f /etc/nginx/x509.d/\"$site\"/key.pem ||
+printf '%s\n' "$(tput rev)run before: remote/runit-configure nginx -- $site$(tput sgr0)" && exit 1
+
sudo install -m 664 -o www -g www \
"$tool"/var/pub/x509/www.heureux-cyclage.org/crt+ca.pem \
/etc/nginx/x509.d/"$site"/crt.pem
-local hint="run before: ./vm_remote runit_configure nginx -- $site"
-assert "sudo test -f /etc/nginx/x509.d/\"$site\"/key.pem" hint
+sudo test -f /etc/nginx/x509.d/\"$site\"/key.pem ||
+printf '%s\n' "$(tput rev)run before: remote/runit-configure nginx -- $site$(tput sgr0)" && exit 1
+
sudo install -m 664 -o www -g www \
"$tool"/var/pub/x509/sympa.heureux-cyclage.org/crt+ca.pem \
/etc/nginx/x509.d/"$site"/crt.pem
sympa-owner: postmaster
sympa-request: postmaster
-abuse-feedback-report: "| /usr/lib/sympa/bin/bouncequeue sympa@VM_DOMAINNAME"
-bounce+*: "| /usr/lib/sympa/bin/bouncequeue sympa@VM_DOMAINNAME"
-listmaster: "| /usr/lib/sympa/bin/queue listmaster@VM_DOMAINNAME"
-sympa: "| /usr/lib/sympa/bin/queue sympa@VM_DOMAINNAME"
+abuse-feedback-report: "| /usr/lib/sympa/bin/bouncequeue sympa@LOCAL_DOMAINNAME"
+bounce+*: "| /usr/lib/sympa/bin/bouncequeue sympa@LOCAL_DOMAINNAME"
+listmaster: "| /usr/lib/sympa/bin/queue listmaster@LOCAL_DOMAINNAME"
+sympa: "| /usr/lib/sympa/bin/queue sympa@LOCAL_DOMAINNAME"
# NOTE: compatibilité avec d'autres gestionnaires de listes
listserv: sympa
KeyRegenerationInterval 3600
Port 22
ListenAddress 127.0.0.1
-ListenAddress VM_IPV4
+ListenAddress LOCAL_IPV4
LogLevel INFO
LoginGraceTime 120
MaxAuthTries 3
"$tool"/local/apt-get-install dovecot-imapd dovecot-managesieved dovecot-sieve
"$tool"/local/insserv-remove dovecot
-local hint="run before: ./vm_remote runit_configure dovecot"
-assert "sudo test -f /etc/dovecot/\"$vm_domainname\"/imap/x509/key.pem" hint
+
+sudo test -f /etc/dovecot/\"$local_domainname\"/imap/x509/key.pem ||
+printf '%s\n' "$(tput rev)run before: remote/runit-configure dovecot$(tput sgr0)" && exit 1
+
sudo install -m 400 -o root -g root \
- "$tool"/var/pub/x509/imap."$vm_domainname"/crt+crl.self-signed.pem \
- /etc/dovecot/"$vm_domainname"/imap/x509/crt+crl.self-signed.pem
+ "$tool"/var/pub/x509/imap."$local_domainname"/crt+crl.self-signed.pem \
+ /etc/dovecot/"$local_domainname"/imap/x509/crt+crl.self-signed.pem
sudo install -d -m 770 -o root -g root \
/etc/skel/etc/mail \
/etc/skel/etc/sieve
/var/lib/dovecot-control \
/var/lib/dovecot-index
m4 \
- --define=VM_DOMAINNAME=$vm_domainname \
+ --define=LOCAL_DOMAINNAME=$local_domainname \
<"$tool"/etc/dovecot/local.conf.m4 |
sudo install -m 644 -o root -g root /dev/stdin \
/etc/dovecot/local.conf
-"$tool"/remote/site-x509-key-decrypt imap."$vm_domainname" |
+"$tool"/remote/site-x509-key-decrypt imap."$local_domainname" |
"$tool"/remote/ssh -l root ' \
sudo install -d -m 770 -o root -g root \
- /etc/dovecot/'"$vm_domainname"'/ \
- /etc/dovecot/'"$vm_domainname"'/imap \
- /etc/dovecot/'"$vm_domainname"'/imap/x509 ; \
+ /etc/dovecot/'"$local_domainname"'/ \
+ /etc/dovecot/'"$local_domainname"'/imap \
+ /etc/dovecot/'"$local_domainname"'/imap/x509 ; \
sudo install -m 644 -o root -g root /dev/stdin \
- /etc/dovecot/'"$vm_domainname"'/imap/x509/.gitignore <<-EOF
+ /etc/dovecot/'"$local_domainname"'/imap/x509/.gitignore <<-EOF
key.pem
EOF
sudo install -m 400 -o root -g root \
/dev/stdin \
- /etc/dovecot/"$vm_domainname"/imap/x509/key.pem
+ /etc/dovecot/"$local_domainname"/imap/x509/key.pem
'
sudo ln -fns \
../pub \
- "$home"/git.$vm_domainname
+ "$home"/git.$local_domainname
sudo ln -fns \
../pub \
- "$home"/burette.$vm_domainname
+ "$home"/burette.$local_domainname
# NOTE : rétro-compatibilité
\$search_str = "Filtre :";
\$site_footer = "/etc/gitweb/site_footer.html";
\$site_header = "/etc/gitweb/site_header.html";
- \$site_name = "git.$vm_domainname";
+ \$site_name = "git.$local_domainname";
@stylesheets = ("static/gitweb.css");#
EOF
sudo install -m 400 -o fcgi-"$sv" -g fcgi-"$sv" /dev/stdin \
{
cat <<-EOF
server:
- ip-address: $vm_ipv4
+ ip-address: $local_ipv4
ip4-only: yes
EOF
cat "$tool"/etc/nsd3/nsd.conf
then m4 \
--define=ZONE_DOMAIN=$zone \
--define=ZONE_SERIAL=$(cd "$tool" && git log -1 --format="%ct" -- etc/nsd3/zone.d/"$zone".zone.m4) \
- --define=VM_IP4=$vm_ipv4 \
+ --define=LOCAL_IP4=$local_ipv4 \
"$tool"/etc/nsd3/zone.d/"$zone".zone.m4
else cat "$tool"/etc/nsd3/zone.d/"$zone".zone
fi |
-local hint="run before: ./vm_remote runit_configure postfix"
-assert "sudo test -f /etc/postfix/$vm_domainname/smtpd/x509/key.pem" hint
-#warn "lors de l'installation Debian, ne sélectionner aucune configuration pour postfix"
+sudo test -f /etc/postfix/$local_domainname/smtpd/x509/key.pem ||
+printf '%s\n' "$(tput rev)run before: remote/runit-configure dovecot$(tput sgr0)" && exit 1
+
sudo debconf-set-selections <<-EOF
postfix postfix/main_mailer_type select No configuration
EOF
"$tool"/local/apt-get-install postfix procmail postfix-pcre
"$tool"/local/insserv-remove postfix
+
sudo install -m 640 -o root -g root /dev/stdin /etc/postfix/.gitignore <<-EOF
*.db
EOF
sudo install -d -m 771 -o root -g root \
/etc/postfix/ \
- /etc/postfix/$vm_domainname/ \
- /etc/postfix/$vm_domainname/smtp \
- /etc/postfix/$vm_domainname/smtp/x509 \
- /etc/postfix/$vm_domainname/smtp/x509/ca \
- /etc/postfix/$vm_domainname/smtpd \
- /etc/postfix/$vm_domainname/smtpd/x509 \
- /etc/postfix/$vm_domainname/smtpd/x509/ca
+ /etc/postfix/$local_domainname/ \
+ /etc/postfix/$local_domainname/smtp \
+ /etc/postfix/$local_domainname/smtp/x509 \
+ /etc/postfix/$local_domainname/smtp/x509/ca \
+ /etc/postfix/$local_domainname/smtpd \
+ /etc/postfix/$local_domainname/smtpd/x509 \
+ /etc/postfix/$local_domainname/smtpd/x509/ca
sudo ln -fns \
../crt+crl.self-signed.pem \
- /etc/postfix/$vm_domainname/smtpd/x509/ca/crt.pem
+ /etc/postfix/$local_domainname/smtpd/x509/ca/crt.pem
sudo install -m 400 -o root -g root \
- "$tool"/var/pub/x509/smtpd.$vm_domainname/crt+crl.self-signed.pem \
- /etc/postfix/$vm_domainname/smtpd/x509/crt+crl.self-signed.pem
+ "$tool"/var/pub/x509/smtpd.$local_domainname/crt+crl.self-signed.pem \
+ /etc/postfix/$local_domainname/smtpd/x509/crt+crl.self-signed.pem
sudo install -m 400 -o root -g root \
- "$tool"/var/pub/x509/smtpd.$vm_domainname/crt.pem \
- /etc/postfix/$vm_domainname/smtpd/x509/crt.pem
+ "$tool"/var/pub/x509/smtpd.$local_domainname/crt.pem \
+ /etc/postfix/$local_domainname/smtpd/x509/crt.pem
sudo install -m 400 -o root -g root \
- "$tool"/var/pub/x509/smtpd.$vm_domainname/crt+ca.pem \
- /etc/postfix/$vm_domainname/smtpd/x509/crt+ca.pem
+ "$tool"/var/pub/x509/smtpd.$local_domainname/crt+ca.pem \
+ /etc/postfix/$local_domainname/smtpd/x509/crt+ca.pem
sudo install -m 400 -o root -g root \
- "$tool"/var/pub/x509/smtpd.$vm_domainname/crt+crl.self-signed.pem \
- /etc/postfix/$vm_domainname/smtpd/x509/crt+crl.self-signed.pem
+ "$tool"/var/pub/x509/smtpd.$local_domainname/crt+crl.self-signed.pem \
+ /etc/postfix/$local_domainname/smtpd/x509/crt+crl.self-signed.pem
sudo install -m 640 -o root -g root \
- "$tool"/etc/postfix/$vm_domainname/header_checks \
- /etc/postfix/$vm_domainname/header_checks
+ "$tool"/etc/postfix/$local_domainname/header_checks \
+ /etc/postfix/$local_domainname/header_checks
m4 \
- --define=VM_DOMAINNAME="$vm_domainname" \
+ --define=LOCAL_DOMAINNAME="$local_domainname" \
<"$tool"/etc/postfix/aliases.m4 |
sudo install -m 644 -o root -g root /dev/stdin \
/etc/postfix/aliases
/etc/postfix/aliases \
/etc/aliases
cat /dev/stdin "$tool"/etc/postfix/main.cf <<-EOF |
- mydomain = $vm_domainname
+ mydomain = $local_domainname
myorigin = \$mydomain
- myhostname = $vm_hostname.\$mydomain
+ myhostname = $local_hostname.\$mydomain
mail_name = \$myhostname
- mydestination = $vm_hostname \$myhostname \$myorigin
+ mydestination = $local_hostname \$myhostname \$myorigin
EOF
sudo install -m 644 -o root -g root /dev/stdin \
/etc/postfix/main.cf
"$tool"/etc/postfix/master.cf \
/etc/postfix/master.cf
sudo install -m 640 -o root -g root \
- "$tool"/etc/postfix/$vm_domainname/smtp/x509/policy \
- /etc/postfix/$vm_domainname/smtp/x509/policy
-sudo postmap hash:/etc/postfix/$vm_domainname/smtp/x509/policy
+ "$tool"/etc/postfix/$local_domainname/smtp/x509/policy \
+ /etc/postfix/$local_domainname/smtp/x509/policy
+sudo postmap hash:/etc/postfix/$local_domainname/smtp/x509/policy
sudo install -m 640 -o root -g root \
- "$tool"/etc/postfix/$vm_domainname/smtp/header_checks \
- /etc/postfix/$vm_domainname/smtp/header_checks
+ "$tool"/etc/postfix/$local_domainname/smtp/header_checks \
+ /etc/postfix/$local_domainname/smtp/header_checks
sudo install -m 640 -o root -g root \
- "$tool"/etc/postfix/$vm_domainname/smtpd/sender_access \
- /etc/postfix/$vm_domainname/smtpd/sender_access
-sudo postmap hash:/etc/postfix/$vm_domainname/smtpd/sender_access
+ "$tool"/etc/postfix/$local_domainname/smtpd/sender_access \
+ /etc/postfix/$local_domainname/smtpd/sender_access
+sudo postmap hash:/etc/postfix/$local_domainname/smtpd/sender_access
sudo install -m 640 -o root -g root \
- "$tool"/etc/postfix/$vm_domainname/smtpd/client_blacklist \
- /etc/postfix/$vm_domainname/smtpd/client_blacklist
-sudo postmap hash:/etc/postfix/$vm_domainname/smtpd/client_blacklist
+ "$tool"/etc/postfix/$local_domainname/smtpd/client_blacklist \
+ /etc/postfix/$local_domainname/smtpd/client_blacklist
+sudo postmap hash:/etc/postfix/$local_domainname/smtpd/client_blacklist
sudo install -m 640 -o root -g root \
- "$tool"/etc/postfix/$vm_domainname/smtpd/relay_clientcerts \
- /etc/postfix/$vm_domainname/smtpd/relay_clientcerts
-sudo postmap hash:/etc/postfix/$vm_domainname/smtpd/relay_clientcerts
+ "$tool"/etc/postfix/$local_domainname/smtpd/relay_clientcerts \
+ /etc/postfix/$local_domainname/smtpd/relay_clientcerts
+sudo postmap hash:/etc/postfix/$local_domainname/smtpd/relay_clientcerts
sudo install -m 640 -o root -g root \
- "$tool"/etc/postfix/$vm_domainname/transport \
- /etc/postfix/$vm_domainname/transport
-sudo postmap hash:/etc/postfix/$vm_domainname/transport
+ "$tool"/etc/postfix/$local_domainname/transport \
+ /etc/postfix/$local_domainname/transport
+sudo postmap hash:/etc/postfix/$local_domainname/transport
sudo install -m 640 -o root -g root \
- "$tool"/etc/postfix/$vm_domainname/virtual_alias \
- /etc/postfix/$vm_domainname/virtual_alias
-sudo postmap hash:/etc/postfix/$vm_domainname/virtual_alias
+ "$tool"/etc/postfix/$local_domainname/virtual_alias \
+ /etc/postfix/$local_domainname/virtual_alias
+sudo postmap hash:/etc/postfix/$local_domainname/virtual_alias
sudo install -d -m 770 -o root -g root \
/etc/skel/etc/mail \
/etc/skel/var/cache/mail \
"$tool"/remote/site-x509-key-decrypt \
- smtpd."$vm_domainname" |
+ smtpd."$local_domainname" |
"$tool"/remote/ssh -l root ' \
sudo install -d -m 770 -o root -g root \
- /etc/postfix/'"$vm_domainname"'/ \
- /etc/postfix/'"$vm_domainname"'/smtpd \
- /etc/postfix/'"$vm_domainname"'/smtpd/x509; \
+ /etc/postfix/'"$local_domainname"'/ \
+ /etc/postfix/'"$local_domainname"'/smtpd \
+ /etc/postfix/'"$local_domainname"'/smtpd/x509; \
sudo install -m 644 -o root -g root /dev/stdin \
- /etc/postfix/'"$vm_domainname"'/smtp/x509/.gitignore <<-EOF
+ /etc/postfix/'"$local_domainname"'/smtp/x509/.gitignore <<-EOF
key.pem
EOF
sudo install -m 644 -o root -g root /dev/stdin \
- /etc/postfix/'"$vm_domainname"'/smtpd/x509/.gitignore <<-EOF
+ /etc/postfix/'"$local_domainname"'/smtpd/x509/.gitignore <<-EOF
key.pem
EOF
install -m 400 -o root -g root \
/dev/stdin \
- /etc/postfix/'"'$vm_domainname'"'/smtpd/x509/key.pem
+ /etc/postfix/'"'$local_domainname'"'/smtpd/x509/key.pem
'
"$tool"/local/apt-get-install openssh-server
"$tool"/local/insserv-remove ssh
-ssh-keygen -F "$vm_fqdn" -f "$tool"/etc/openssh/known_hosts |
+ssh-keygen -F "$local_fqdn" -f "$tool"/etc/openssh/known_hosts |
( while IFS= read -r line
do case $line in (*" RSA") return 0; break;; esac
done; return 1 ) ||
/etc/ssh/ssh_host_ecdsa_key.pub
# NOTE: clefs générées par Debian
m4 \
- --define=VM_IPV4=$vm_ipv4 \
+ --define=LOCAL_IPV4=$local_ipv4 \
<"$tool"/etc/ssh/sshd_config.m4 |
sudo install -m 640 -o root -g root /dev/stdin \
/etc/ssh/sshd_config
key_passwd
EOF
m4 \
- --define=VM_DOMAINNAME="$vm_domainname" \
+ --define=LOCAL_DOMAINNAME="$local_domainname" \
--define=HOME="$home" \
"$tool"/etc/sympa/sympa.conf.m4 |
sudo install -m 640 -o "$sv" -g "$sv" /dev/stdin \
sympa sympa/dbconfig-install boolean true
# Nom d'hôte du serveur pour sympa :
sympa sympa/remote/newhost string
- sympa sympa/listmaster string postmaster@$vm_domainname
- sympa wwsympa/wwsympa_url string https://$sv.$vm_domainname/wws
+ sympa sympa/listmaster string postmaster@$local_domainname
+ sympa wwsympa/wwsympa_url string https://$sv.$local_domainname/wws
sympa wwsympa/webserver_restart boolean false
sympa sympa/remote/port string
sympa sympa/pgsql/manualconf note
sympa sympa/upgrade-backup boolean true
sympa sympa/pgsql/changeconf boolean false
# Nom d'hôte du serveur « sympa » :
- sympa sympa/hostname string $sv.$vm_domainname
+ sympa sympa/hostname string $sv.$local_domainname
sympa sympa/pgsql/authmethod-user select unix socket
# Faut-il mettre à jour la base de données pour sympa avec dbconfig-common ?
sympa sympa/dbconfig-upgrade boolean true
"$tool"/local/insserv-remove unbound
sudo install -m 644 -o root -g root /dev/stdin /etc/resolv.conf <<-EOF
- search ${vm_host#*.}
+ search ${local_host#*.}
nameserver 127.0.0.1
- #nameserver ${vm_host_nameserver}
+ #nameserver ${local_host_nameserver}
EOF
sudo install -m 440 -o unbound -g unbound \
"$tool"/etc/unbound/named.cache \
/etc/unbound/named.cache
m4 \
- --define=OUTGOING_INTERFACE=$vm_ipv4 \
+ --define=OUTGOING_INTERFACE=$local_ipv4 \
<"$tool"/etc/unbound/unbound.conf |
sudo install -m 440 -o unbound -g unbound /dev/stdin \
/etc/unbound/unbound.conf
###\\\\ General definition ////###
create_list public_listmaster
-domain VM_DOMAINNAME
+domain LOCAL_DOMAINNAME
edit_list owner
email sympa
-#host VM_DOMAINNAME
-#http_host sympa.VM_DOMAINNAME
+#host LOCAL_DOMAINNAME
+#http_host sympa.LOCAL_DOMAINNAME
listmaster esyscmd(getent passwd $(getent group sudo | cut -d : -f 4 | tr '\054' ' ') |
cut -d : -f 5 | cut -d $(printf '\054') -f 5 | tr '\n' '\054' | sed -e 's/\x2C$//')
max_wrong_password 19
soap_url http://--HOST--/sympasoap
spam_status x-spam-status
-#wwsympa_url https://sympa.VM_DOMAINNAME
+#wwsympa_url https://sympa.LOCAL_DOMAINNAME
"$tool"/host/part-var-mount
#"$tool"/host/part-home-mount
-mountpoint -q /mnt/$vm_fqdn/proc ||
-sudo mount -t proc proc /mnt/$vm_fqdn/proc
-mountpoint -q /mnt/$vm_fqdn/sys ||
-sudo mount -t sysfs sys /mnt/$vm_fqdn/sys
-mountpoint -q /mnt/$vm_fqdn/dev ||
-sudo mount --bind /dev /mnt/$vm_fqdn/dev
-if test -d /mnt/$vm_fqdn/root/src/vm/.git
+mountpoint -q /mnt/$local_fqdn/proc ||
+sudo mount -t proc proc /mnt/$local_fqdn/proc
+mountpoint -q /mnt/$local_fqdn/sys ||
+sudo mount -t sysfs sys /mnt/$local_fqdn/sys
+mountpoint -q /mnt/$local_fqdn/dev ||
+sudo mount --bind /dev /mnt/$local_fqdn/dev
+if test -d /mnt/$local_fqdn/root/src/vm/.git
then
- mountpoint -q /mnt/$vm_fqdn/root/src/vm ||
- sudo mount --bind "$tool" /mnt/$vm_fqdn/root/src/vm
+ mountpoint -q /mnt/$local_fqdn/root/src/vm ||
+ sudo mount --bind "$tool" /mnt/$local_fqdn/root/src/vm
else
- sudo rsync -a "$tool"/ /mnt/$vm_fqdn/root/src/vm
+ sudo rsync -a "$tool"/ /mnt/$local_fqdn/root/src/vm
fi
-sudo chroot /mnt/$vm_fqdn /bin/bash || true
+sudo chroot /mnt/$local_fqdn /bin/bash || true
"$tool"/host/chroot-clean
tool=$(readlink -e "${0%/*}/..")
. "$tool"/host/lib.sh
-! sudo mountpoint -q /mnt/$vm_fqdn/root/src/vm ||
-sudo umount -v /mnt/$vm_fqdn/root/src/vm
-! mountpoint -q /mnt/$vm_fqdn/dev ||
-sudo umount -v /mnt/$vm_fqdn/dev
-! mountpoint -q /mnt/$vm_fqdn/sys ||
-sudo umount -v /mnt/$vm_fqdn/sys
-! mountpoint -q /mnt/$vm_fqdn/proc ||
-sudo umount -v /mnt/$vm_fqdn/proc
+! sudo mountpoint -q /mnt/$local_fqdn/root/src/vm ||
+sudo umount -v /mnt/$local_fqdn/root/src/vm
+! mountpoint -q /mnt/$local_fqdn/dev ||
+sudo umount -v /mnt/$local_fqdn/dev
+! mountpoint -q /mnt/$local_fqdn/sys ||
+sudo umount -v /mnt/$local_fqdn/sys
+! mountpoint -q /mnt/$local_fqdn/proc ||
+sudo umount -v /mnt/$local_fqdn/proc
"$tool"/host/part-home-umount
"$tool"/host/part-var-umount
"$tool"/host/part-boot-umount
"$tool"/host/part-boot-mount
"$tool"/host/part-var-mount
sudo DEBOOTSTRAP_DIR=/usr/share/debootstrap/ LANG=C LC_CTYPE=C debootstrap \
- --arch=$vm_arch --verbose --keyring=/usr/share/keyrings/debian-archive-keyring.gpg \
+ --arch=$local_arch --verbose --keyring=/usr/share/keyrings/debian-archive-keyring.gpg \
--exclude=vim-tiny \
--include=$(printf '%s,' \
acl \
wget \
zsh \
) \
- $vm_lsb_name /mnt/$vm_fqdn/ \
+ $local_lsb_name /mnt/$local_fqdn/ \
http://ftp.fr.debian.org/debian/
"$tool"/host/part-var-umount
"$tool"/host/part-boot-umount
tool=$(readlink -e "${0%/*}/..")
. "$tool"/host/lib.sh
-case $vm_use_lvm in
+case $local_use_lvm in
(no)
- sudo sfdisk $vm_dev_disk <<-EOF
- # partition table of $vm_dev_disk
+ sudo sfdisk $local_dev_disk <<-EOF
+ # partition table of $local_dev_disk
unit: sectors
- ${vm_dev_disk}1 : start= 63, size= 497952, Id=83, bootable
- ${vm_dev_disk}2 : start= 498015, size=418927005, Id= 5
- ${vm_dev_disk}3 : start= 0, size= 0, Id= 0
- ${vm_dev_disk}4 : start= 0, size= 0, Id= 0
- ${vm_dev_disk}5 : start= 498078, size= 1959867, Id=82
- ${vm_dev_disk}6 : start= 2458008, size= 29302497, Id=83
- ${vm_dev_disk}7 : start= 31760568, size= 9767457, Id=83
- ${vm_dev_disk}8 : start= 41528088, size=377896932, Id=83
+ ${local_dev_disk}1 : start= 63, size= 497952, Id=83, bootable
+ ${local_dev_disk}2 : start= 498015, size=418927005, Id= 5
+ ${local_dev_disk}3 : start= 0, size= 0, Id= 0
+ ${local_dev_disk}4 : start= 0, size= 0, Id= 0
+ ${local_dev_disk}5 : start= 498078, size= 1959867, Id=82
+ ${local_dev_disk}6 : start= 2458008, size= 29302497, Id=83
+ ${local_dev_disk}7 : start= 31760568, size= 9767457, Id=83
+ ${local_dev_disk}8 : start= 41528088, size=377896932, Id=83
EOF
;;
(yes)
- sudo sfdisk $vm_dev_disk <<-EOF
- # partition table of $vm_dev_disk
+ sudo sfdisk $local_dev_disk <<-EOF
+ # partition table of $local_dev_disk
unit: sectors
- ${vm_dev_disk}1 : start= 63, size= 497952, Id=83, bootable
- ${vm_dev_disk}2 : start= 498015, size=418927005, Id=8E
+ ${local_dev_disk}1 : start= 63, size= 497952, Id=83, bootable
+ ${local_dev_disk}2 : start= 498015, size=418927005, Id=8E
EOF
;;
(*) exit 1;;
esac
-#sudo partprobe $vm_dev_disk
-sudo kpartx -u -v /dev/domU/$vm_fqdn-disk
+#sudo partprobe $local_dev_disk
+sudo kpartx -u -v /dev/domU/$local_fqdn-disk
tool=$(readlink -e "${0%/*}/..")
. "$tool"/host/lib.sh
-sudo kpartx -a -v /dev/domU/$vm_fqdn-disk
-#sudo xm block-attach 0 phy:/dev/domU/$vm_fqdn-disk $vm_dev_disk w
+sudo kpartx -a -v /dev/domU/$local_fqdn-disk
+#sudo xm block-attach 0 phy:/dev/domU/$local_fqdn-disk $local_dev_disk w
. "$tool"/host/lib.sh
"$tool"/host/part-boot-umount
-case $vm_use_lvm in
+case $local_use_lvm in
(yes)
"$tool"/host/part-lvm-umount
;;
;;
(*) exit 1;;
esac
-sudo kpartx -d -v /dev/domU/$vm_fqdn-disk
-#sudo xm block-detach 0 $vm_dev_disk
+sudo kpartx -d -v /dev/domU/$local_fqdn-disk
+#sudo xm block-detach 0 $local_dev_disk
# XXX: DANGEREUX ; si jamais il bloque parce que le disque était encore utilisé :
-# utiliser xm block-detach 0 $vm_dev_disk --force ;
+# utiliser xm block-detach 0 $local_dev_disk --force ;
# ôter les éventuels mappages LVM concernés avec dmsetup table et dmsetup remove --force ;
# ôter les mappages concernés dans /etc/lvm/cache/.cache,
# et pour bien trouver tous les mappages :
-# % sudo find /dev -type l -exec sh -c 'printf "%s -> " "$@"; readlink "$@"' - {} \; | grep $vm_dev_disk
+# % sudo find /dev -type l -exec sh -c 'printf "%s -> " "$@"; readlink "$@"' - {} \; | grep $local_dev_disk
# enfin, ôter l'éventuel verrou dans /var/lock/lvm/
. "$tool"/etc/host.sh
set -x
-test "$(hostname --fqdn)" = "$vm_host"
+test "$(hostname --fqdn)" = "$local_host"
tool=$(readlink -e "${0%/*}/..")
. "$tool"/host/lib.sh
-mount | grep -q "^$vm_dev_disk_boot " ||
+mount | grep -q "^$local_dev_disk_boot " ||
sudo mke2fs -t ext2 -c -c -m 5 -T small \
- -E resize=1G${vm_e2fs_extended_options} \
- -L ${vm_lvm_lv}_boot $vm_dev_disk_boot
+ -E resize=1G${local_e2fs_extended_options} \
+ -L ${local_lvm_lv}_boot $local_dev_disk_boot
tool=$(readlink -e "${0%/*}/..")
. "$tool"/host/lib.sh
-mountpoint -q /mnt/$vm_fqdn
-test -d /mnt/$vm_fqdn/boot
-mountpoint -q /mnt/$vm_fqdn/boot ||
-sudo mount -v -t ext2 $vm_dev_disk_boot /mnt/$vm_fqdn/boot
+mountpoint -q /mnt/$local_fqdn
+test -d /mnt/$local_fqdn/boot
+mountpoint -q /mnt/$local_fqdn/boot ||
+sudo mount -v -t ext2 $local_dev_disk_boot /mnt/$local_fqdn/boot
tool=$(readlink -e "${0%/*}/..")
. "$tool"/host/lib.sh
-! mountpoint -q /mnt/$vm_fqdn/boot ||
-sudo umount -v /mnt/$vm_fqdn/boot
+! mountpoint -q /mnt/$local_fqdn/boot ||
+sudo umount -v /mnt/$local_fqdn/boot
"$tool"/host/part-luks-format home
"$tool"/host/part-luks-mount home
-sudo mke2fs -t ext4 -c -c -m 0 -T ext4 -b $vm_e2fs_block_size \
- -E resize=400G${vm_e2fs_extended_options} \
- -L ${vm_lvm_lv}_home \
- /dev/mapper/${vm_lvm_lv}_home_deciphered
+sudo mke2fs -t ext4 -c -c -m 0 -T ext4 -b $local_e2fs_block_size \
+ -E resize=400G${local_e2fs_extended_options} \
+ -L ${local_lvm_lv}_home \
+ /dev/mapper/${local_lvm_lv}_home_deciphered
# NOTE: -O quota pas supporté par e2fsprogs/squeeze
"$tool"/host/part-luks-umount home
. "$tool"/host/lib.sh
"$tool"/host/part-luks-mount home
-mountpoint -q /mnt/$vm_fqdn/home ||
-sudo mount -v -t ext4 /dev/mapper/${vm_lvm_lv}_home_deciphered /mnt/$vm_fqdn/home
+mountpoint -q /mnt/$local_fqdn/home ||
+sudo mount -v -t ext4 /dev/mapper/${local_lvm_lv}_home_deciphered /mnt/$local_fqdn/home
tool=$(readlink -e "${0%/*}/..")
. "$tool"/host/lib.sh
-! mountpoint -q /mnt/$vm_fqdn/home ||
-sudo umount -v /mnt/$vm_fqdn/home
+! mountpoint -q /mnt/$local_fqdn/home ||
+sudo umount -v /mnt/$local_fqdn/home
"$tool"/host/part-luks-umount home
# NOTE: la clef de chiffrement est dérivée de celle de /,
# / doit être déchiffrée pour que cela fonctionne.
part="$1"
-eval "dev=\"\$vm_dev_disk_$part\""
-test ! -e /dev/mapper/${vm_lvm_lv}_root_deciphered ||
-sudo /bin/sh -c "/lib/cryptsetup/scripts/decrypt_derived ${vm_lvm_lv}_root_deciphered |
+eval "dev=\"\$local_dev_disk_$part\""
+test ! -e /dev/mapper/${local_lvm_lv}_root_deciphered ||
+sudo /bin/sh -c "/lib/cryptsetup/scripts/decrypt_derived ${local_lvm_lv}_root_deciphered |
cryptsetup luksFormat --hash=sha512 --key-size=512 \
--cipher=aes-xts-essiv:sha256 --key-file=- --align-payload=8 $dev"
. "$tool"/host/lib.sh
part="$1"
-eval "dev=\"\$vm_dev_disk_$part\""
-test -e /dev/mapper/${vm_lvm_lv}_${part}_deciphered ||
-sudo /bin/sh -c "/lib/cryptsetup/scripts/decrypt_derived ${vm_lvm_lv}_root_deciphered |
-cryptsetup luksOpen --key-file=- $dev ${vm_lvm_lv}_${part}_deciphered"
+eval "dev=\"\$local_dev_disk_$part\""
+test -e /dev/mapper/${local_lvm_lv}_${part}_deciphered ||
+sudo /bin/sh -c "/lib/cryptsetup/scripts/decrypt_derived ${local_lvm_lv}_root_deciphered |
+cryptsetup luksOpen --key-file=- $dev ${local_lvm_lv}_${part}_deciphered"
. "$tool"/host/lib.sh
part="$1"
-eval "dev=\"\$vm_dev_disk_$part\""
-test ! -e /dev/mapper/${vm_lvm_lv}_${part}_deciphered ||
-sudo cryptsetup luksClose ${vm_lvm_lv}_${part}_deciphered
+eval "dev=\"\$local_dev_disk_$part\""
+test ! -e /dev/mapper/${local_lvm_lv}_${part}_deciphered ||
+sudo cryptsetup luksClose ${local_lvm_lv}_${part}_deciphered
. "$tool"/host/lib.sh
"$tool"/host/part-lvm-umount
-! sudo vgs | grep -q "^ $vm_lvm_vg " ||
-sudo vgremove $vm_lvm_vg
-sudo pvcreate --dataalignment 512k $vm_lvm_pv
-sudo vgcreate --dataalignment 512k $vm_lvm_vg $vm_lvm_pv
-sudo lvcreate --contiguous y -n ${vm_lvm_lv}_swap -L 1G $vm_lvm_vg
-sudo lvcreate --contiguous y -n ${vm_lvm_lv}_root -L 15G $vm_lvm_vg
-sudo lvcreate --contiguous y -n ${vm_lvm_lv}_var -L 5G $vm_lvm_vg
-sudo lvcreate --contiguous y -n ${vm_lvm_lv}_home -l 99%FREE $vm_lvm_vg
+! sudo vgs | grep -q "^ $local_lvm_vg " ||
+sudo vgremove $local_lvm_vg
+sudo pvcreate --dataalignment 512k $local_lvm_pv
+sudo vgcreate --dataalignment 512k $local_lvm_vg $local_lvm_pv
+sudo lvcreate --contiguous y -n ${local_lvm_lv}_swap -L 1G $local_lvm_vg
+sudo lvcreate --contiguous y -n ${local_lvm_lv}_root -L 15G $local_lvm_vg
+sudo lvcreate --contiguous y -n ${local_lvm_lv}_var -L 5G $local_lvm_vg
+sudo lvcreate --contiguous y -n ${local_lvm_lv}_home -l 99%FREE $local_lvm_vg
"$tool"/host/part-lvm-umount
tool=$(readlink -e "${0%/*}/..")
. "$tool"/host/lib.sh
-case $vm_use_lvm in
+case $local_use_lvm in
(yes)
- sudo vgchange -a y $vm_lvm_vg
+ sudo vgchange -a y $local_lvm_vg
;;
(*) exit 1;;
esac
tool=$(readlink -e "${0%/*}/..")
. "$tool"/host/lib.sh
-case $vm_use_lvm in
+case $local_use_lvm in
(yes)
"$tool"/host/part-root-umount
"$tool"/host/part-var-umount
"$tool"/host/part-home-umount
- ! sudo vgs | grep -q "^ $vm_lvm_vg " ||
- sudo vgchange -a n $vm_lvm_vg
+ ! sudo vgs | grep -q "^ $local_lvm_vg " ||
+ sudo vgchange -a n $local_lvm_vg
;;
(*) exit 1;;
esac
. "$tool"/host/lib.sh
part="$1"
-eval "sudo dd if=/dev/urandom of=\$vm_dev_disk_$part"
+eval "sudo dd if=/dev/urandom of=\$local_dev_disk_$part"
. "$tool"/host/lib.sh
part="$1"
-eval "pkill -USR1 -f \"^dd if=/dev/urandom of=\$vm_dev_disk_$part\""
+eval "pkill -USR1 -f \"^dd if=/dev/urandom of=\$local_dev_disk_$part\""
tool=$(readlink -e "${0%/*}/..")
. "$tool"/host/lib.sh
-if ! mount | grep -q "^$vm_dev_disk_root "
+if ! mount | grep -q "^$local_dev_disk_root "
then
sudo cryptsetup luksFormat --hash=sha512 --key-size=512 \
- --cipher=aes-xts-essiv:sha256 --align-payload=8 $vm_dev_disk_root
- sudo cryptsetup luksOpen $vm_dev_disk_root ${vm_lvm_lv}_root_deciphered
- sudo mke2fs -t ext4 -c -c -m 5 -T ext4 -b $vm_e2fs_block_size \
- -E resize=30G${vm_e2fs_extended_options} \
- -L ${vm_lvm_lv}_root \
- /dev/mapper/${vm_lvm_lv}_root_deciphered
- ! mountpoint -q /mnt/$vm_fqdn
- sudo mount -v /dev/mapper/${vm_lvm_lv}_root_deciphered /mnt/$vm_fqdn
+ --cipher=aes-xts-essiv:sha256 --align-payload=8 $local_dev_disk_root
+ sudo cryptsetup luksOpen $local_dev_disk_root ${local_lvm_lv}_root_deciphered
+ sudo mke2fs -t ext4 -c -c -m 5 -T ext4 -b $local_e2fs_block_size \
+ -E resize=30G${local_e2fs_extended_options} \
+ -L ${local_lvm_lv}_root \
+ /dev/mapper/${local_lvm_lv}_root_deciphered
+ ! mountpoint -q /mnt/$local_fqdn
+ sudo mount -v /dev/mapper/${local_lvm_lv}_root_deciphered /mnt/$local_fqdn
sudo install -d -m 770 -o root -g root \
- /mnt/$vm_fqdn/boot \
- /mnt/$vm_fqdn/dev \
- /mnt/$vm_fqdn/home \
- /mnt/$vm_fqdn/proc \
- /mnt/$vm_fqdn/root \
- /mnt/$vm_fqdn/root/src \
- /mnt/$vm_fqdn/root/src/$vm \
- /mnt/$vm_fqdn/sys \
- /mnt/$vm_fqdn/var
- sudo umount -v /mnt/$vm_fqdn
- sudo cryptsetup luksClose ${vm_lvm_lv}_root_deciphered
+ /mnt/$local_fqdn/boot \
+ /mnt/$local_fqdn/dev \
+ /mnt/$local_fqdn/home \
+ /mnt/$local_fqdn/proc \
+ /mnt/$local_fqdn/root \
+ /mnt/$local_fqdn/root/src \
+ /mnt/$local_fqdn/root/src/$vm \
+ /mnt/$local_fqdn/sys \
+ /mnt/$local_fqdn/var
+ sudo umount -v /mnt/$local_fqdn
+ sudo cryptsetup luksClose ${local_lvm_lv}_root_deciphered
fi
tool=$(readlink -e "${0%/*}/..")
. "$tool"/host/lib.sh
-test -e /dev/mapper/${vm_lvm_lv}_root_deciphered ||
-sudo cryptsetup luksOpen $vm_dev_disk_root ${vm_lvm_lv}_root_deciphered
-mountpoint -q /mnt/$vm_fqdn ||
-sudo mount -v -t ext4 /dev/mapper/${vm_lvm_lv}_root_deciphered /mnt/$vm_fqdn
+test -e /dev/mapper/${local_lvm_lv}_root_deciphered ||
+sudo cryptsetup luksOpen $local_dev_disk_root ${local_lvm_lv}_root_deciphered
+mountpoint -q /mnt/$local_fqdn ||
+sudo mount -v -t ext4 /dev/mapper/${local_lvm_lv}_root_deciphered /mnt/$local_fqdn
tool=$(readlink -e "${0%/*}/..")
. "$tool"/host/lib.sh
-! mountpoint -q /mnt/$vm_fqdn ||
-sudo umount -v /mnt/$vm_fqdn
-! test -e /dev/mapper/${vm_lvm_lv}_root_deciphered ||
-sudo cryptsetup luksClose ${vm_lvm_lv}_root_deciphered
+! mountpoint -q /mnt/$local_fqdn ||
+sudo umount -v /mnt/$local_fqdn
+! test -e /dev/mapper/${local_lvm_lv}_root_deciphered ||
+sudo cryptsetup luksClose ${local_lvm_lv}_root_deciphered
"$tool"/host/part-luks-format swap
"$tool"/host/part-luks-mount swap
-sudo mkswap -f -L ${vm_lvm_lv}_swap \
- /dev/mapper/${vm_lvm_lv}_swap_deciphered
+sudo mkswap -f -L ${local_lvm_lv}_swap \
+ /dev/mapper/${local_lvm_lv}_swap_deciphered
"$tool"/host/part-luks-umount swap
"$tool"/host/part-luks-format var
"$tool"/host/part-luks-mount var
-sudo mke2fs -t ext4 -c -c -m 5 -T ext4 -b $vm_e2fs_block_size \
- -E resize=10G${vm_e2fs_extended_options} \
- -L ${vm_lvm_lv}_var \
- /dev/mapper/${vm_lvm_lv}_var_deciphered
+sudo mke2fs -t ext4 -c -c -m 5 -T ext4 -b $local_e2fs_block_size \
+ -E resize=10G${local_e2fs_extended_options} \
+ -L ${local_lvm_lv}_var \
+ /dev/mapper/${local_lvm_lv}_var_deciphered
"$tool"/host/part-luks-umount var
. "$tool"/host/lib.sh
"$tool"/host/part-luks-mount var
-mountpoint -q /mnt/$vm_fqdn/var ||
-sudo mount -v -t ext4 /dev/mapper/${vm_lvm_lv}_var_deciphered /mnt/$vm_fqdn/var
+mountpoint -q /mnt/$local_fqdn/var ||
+sudo mount -v -t ext4 /dev/mapper/${local_lvm_lv}_var_deciphered /mnt/$local_fqdn/var
tool=$(readlink -e "${0%/*}/..")
. "$tool"/host/lib.sh
-! mountpoint -q /mnt/$vm_fqdn/var ||
-sudo umount -v /mnt/$vm_fqdn/var
+! mountpoint -q /mnt/$local_fqdn/var ||
+sudo umount -v /mnt/$local_fqdn/var
"$tool"/host/part-luks-umount var
tool=$(readlink -e "${0%/*}/..")
. "$tool"/host/lib.sh
-! pgrep -f "sudo xm console $vm_fqdn"
+! pgrep -f "sudo xm console $local_fqdn"
info 'Ctrl-] pour se détacher de la console'
-sudo xm console $vm_fqdn
+sudo xm console $local_fqdn
. "$tool"/host/lib.sh
sudo install -m 644 -u root -g root /dev/stdin \
- /etc/xen/$vm_fqdn.cfg <<-EOF
+ /etc/xen/$local_fqdn.cfg <<-EOF
# -*- mode: python; -*-
- # DOC: http://wiki.xen.org/wiki/Xen_Linux_PV_on_HVM_drivers
+ # DOC: http://wiki.xen.org/wiki/Xen_Linux_PV_on_HLOCAL_drivers
import os, re
- name = "$vm_fqdn"
+ name = "$local_fqdn"
arch = os.uname()[4]
memory = 2048
vcpus = 1
pae = 1
acpi = 1
apic = 1
- vif = ['mac=$vm_mac,bridge=$vm_bridge']
- disk = ['phy:/dev/domU/$vm_fqdn-disk,hda,w']
+ vif = ['mac=$local_mac,bridge=$local_bridge']
+ disk = ['phy:/dev/domU/$local_fqdn-disk,hda,w']
device_model = 'qemu-dm'
# HVM :
#kernel = "/usr/lib/xen-4.0/boot/hvmloader"
tool=$(readlink -e "${0%/*}/..")
. "$tool"/host/lib.sh
-test ! -e /dev/domU/$vm_fqdn-disk1
-sudo xm create $vm_fqdn.cfg
+test ! -e /dev/domU/$local_fqdn-disk1
+sudo xm create $local_fqdn.cfg
"$tool"/host/xen-vm-attach
tool=$(readlink -e "${0%/*}/..")
. "$tool"/host/lib.sh
-sudo xm shutdown $vm_fqdn
+sudo xm shutdown $local_fqdn
tool=$(readlink -e "${0%/*}/..")
. "$tool"/host/lib.sh
-sudo xm destroy $vm_fqdn
+sudo xm destroy $local_fqdn
. "$tool"/local/lib.sh
sudo install -m 664 -o root -g root /dev/stdin /etc/apt/sources.list <<-EOF
- deb http://ftp.rezopole.net/debian $vm_lsb_name main
+ deb http://ftp.rezopole.net/debian $local_lsb_name main
EOF
-sudo install -m 664 -o root -g root /dev/stdin /etc/apt/sources.list.d/$vm_lsb_name-backports.list <<-EOF
- deb http://ftp.rezopole.net/debian $vm_lsb_name-backports main
+sudo install -m 664 -o root -g root /dev/stdin /etc/apt/sources.list.d/$local_lsb_name-backports.list <<-EOF
+ deb http://ftp.rezopole.net/debian $local_lsb_name-backports main
EOF
sudo install -m 664 -o root -g root /dev/stdin /etc/apt/sources.list.d/openerp.list <<-EOF
deb http://nightly.openerp.com/7.0/nightly/deb/ ./
EOF
sudo install -m 664 -o root -g root /dev/stdin /etc/apt/preferences <<-EOF
Package: *
- Pin: release a=$vm_lsb_name
+ Pin: release a=$local_lsb_name
Pin-Priority: 200
Package: *
- Pin: release a=$vm_lsb_name-backports
+ Pin: release a=$local_lsb_name-backports
Pin-Priority: 170
EOF
sudo apt-get update
"$tool"/local/apt-get-install apticron
m4 \
- --define=VM_DOMAINNAME=$vm_domainname \
+ --define=LOCAL_DOMAINNAME=$local_domainname \
<"$tool"/etc/apticron/apticron.conf.m4 |
sudo install -m 644 -o root -g root /dev/stdin \
/etc/apticron/apticron.conf
EOF
"$tool"/local/apt-get-install grub-pc
sudo install -d -m 644 -o root -g root /boot/grub
-"$tool"/local/apt-get-install linux-image-$vm_arch
+"$tool"/local/apt-get-install linux-image-$local_arch
sudo install -m 644 -o root -g root /dev/stdin \
/etc/default/grub <<-EOF
GRUB_DEFAULT=0
GRUB_TIMEOUT=5
GRUB_DISTRIBUTOR=\`lsb_release -i -s 2> /dev/null || echo Debian\`
GRUB_CMDLINE_LINUX_DEFAULT="quiet"
- GRUB_CMDLINE_LINUX="vt.default_utf8=1 rootfstype=ext4 loglevel=5 console=hvc0 ip=$vm_ipv4::$vm_ipv4:255.255.255.254:$vm:eth0:off resume=/dev/mapper/${vm}_swap_deciphered"
+ GRUB_CMDLINE_LINUX="vt.default_utf8=1 rootfstype=ext4 loglevel=5 console=hvc0 ip=$local_ipv4::$local_ipv4:255.255.255.254:$vm:eth0:off resume=/dev/mapper/${vm}_swap_deciphered"
GRUB_DISABLE_RECOVERY="true"
#GRUB_PRELOAD_MODULES="lvm"
EOF
sudo install -m 644 -o root -g root /dev/stdin \
/boot/grub/device.map <<-EOF
(hd0) /dev/xvda
- (hd0) /dev/mapper/domU-$(printf %s $vm_fqdn-disk | sed -e 's/-/--/g')
+ (hd0) /dev/mapper/domU-$(printf %s $local_fqdn-disk | sed -e 's/-/--/g')
EOF
sudo update-grub2 # NOTE: prend en compte /boot/grub/device.map
"$tool"/local/initramfs-configure
. "$tool"/local/lib.sh
m4 \
- --define=VM_LVM_LV=$vm_lvm_lv \
- --define=VM_LVM_VG=$vm_lvm_vg \
+ --define=LOCAL_LLOCAL_LV=$local_lvm_lv \
+ --define=LOCAL_LLOCAL_VG=$local_lvm_vg \
<"$tool"/etc/fstab.m4 |
sudo install -m 644 -o root -g root /dev/stdin \
/etc/fstab
m4 \
- --define=VM_LVM_LV=$vm_lvm_lv \
- --define=VM_LVM_VG=$vm_lvm_vg \
+ --define=LOCAL_LLOCAL_LV=$local_lvm_lv \
+ --define=LOCAL_LLOCAL_VG=$local_lvm_vg \
<"$tool"/etc/crypttab.m4 |
sudo install -m 644 -o root -g root /dev/stdin \
/etc/crypttab
\$GL_CONF_COMPILED = "\$GL_ADMINDIR/conf/gitolite.conf.pm";
#\$GL_GET_MEMBERSHIPS_PGM = "/usr/local/bin/expand-ldap-user-to-groups"
\$GL_GITCONFIG_KEYS = "gitweb\\..* hooks\\..*";
- #\$GL_HOSTNAME = "git.$vm_domainname";
+ #\$GL_HOSTNAME = "git.$local_domainname";
# NOTE: read doc/mirroring.mkd COMPLETELY before setting this.
#\$GL_HTTP_ANON_USER = "mob";
\$GL_KEYDIR = "\$GL_ADMINDIR/keydir";
\$GL_PACKAGE_HOOKS = "/usr/share/gitolite/hooks";
#\$GL_PERFLOGT = \$ENV{HOME} . "/log/gitolite/perf/%y-%m-%d.log";
#\$GL_REF_OR_FILENAME_PATT = qr(^[0-9a-zA-Z][0-9a-zA-Z._\\@/+ :,-]*\$);
- \$GL_SITE_INFO = "git.$vm_domainname";
+ \$GL_SITE_INFO = "git.$local_domainname";
#\$GL_SLAVE_MODE = 0;
\$GL_WILDREPOS = 0;
#\$GL_WILDREPOS_DEFPERMS = 'R @all';
sudo sed -e '/^configure_networking /s/ &$//' \
-i /usr/share/initramfs-tools/scripts/init-premount/dropbear
# NOTE: corrige une vermine : dropbear doit attendre que le réseau soit configuré..
-ssh-keygen -F "init.$vm_fqdn" -f "$tool"/etc/openssh/known_hosts |
+ssh-keygen -F "init.$local_fqdn" -f "$tool"/etc/openssh/known_hosts |
( while IFS= read -r line
do case $line in (*" RSA") return 0; break;; esac
done; return 1 ) ||
. "$tool"/etc/local.sh
set -x
-test "$(hostname --fqdn)" = "$vm_fqdn"
+test "$(hostname --fqdn)" = "$local_fqdn"
tool=$(readlink -e "${0%/*}/..")
. "$tool"/local/lib.sh
-sudo cryptsetup luksChangeKey /dev/$vm_lvm_vg/${vm_lvm_lv}_root
+sudo cryptsetup luksChangeKey /dev/$local_lvm_vg/${local_lvm_lv}_root
sudo install -m 644 -o root -g root /dev/stdin \
/etc/hosts <<-EOF
$(cat /etc/hosts)
- 127.0.0.1 $vm_fqdn $vm
+ 127.0.0.1 $local_fqdn $vm
EOF
sudo install -m 644 -o root -g root /dev/stdin \
/etc/resolv.conf <<-EOF
- search ${vm_host#*.}
- nameserver ${vm_host_nameserver}
+ search ${local_host#*.}
+ nameserver ${local_host_nameserver}
EOF
m4 \
- --define=VM_IPV4=$vm_ipv4 \
+ --define=LOCAL_IPV4=$local_ipv4 \
<"$tool"/etc/network/interfaces.m4 |
sudo install -m 640 -o root -g root /dev/stdin \
/etc/network/interfaces
done
sudo install -m 660 -o root -g root /dev/stdin \
/etc/sysctl.d/local-kernel-name.conf <<-EOF
- kernel.hostname = $vm_hostname
- kernel.domainname = $vm_domainname
+ kernel.hostname = $local_hostname
+ kernel.domainname = $local_domainname
EOF
sudo sysctl --system
. "$tool"/remote/lib.sh
subkey_caps="e s" \
-"$tool"/remote/gpg-gen-key "backup+$vm_hostname@$vm_domainname" <<-EOF
- Name-Real: $vm_fqdn
- Name-Email: backup+$vm_hostname@$vm_domainname
+"$tool"/remote/gpg-gen-key "backup+$local_hostname@$local_domainname" <<-EOF
+ Name-Real: $local_fqdn
+ Name-Email: backup+$local_hostname@$local_domainname
Name-Comment: (duplicity)
Expire-Date: 0
EOF
. "$tool"/remote/lib.sh
gpg --export-options export-reset-subkey-passwd \
- --export-secret-subkeys "backup+$vm_hostname@$vm_domainname" |
+ --export-secret-subkeys "backup+$local_hostname@$local_domainname" |
"$tool"/remote/ssh gpg --import -
. "$tool"/remote/lib.sh
git remote rm host || true
-git remote add host $vm_host:src/vm
+git remote add host $local_host:src/vm
git config --replace remote.host.push HEAD:refs/remotes/master
git remote rm local || true
-git remote add local $vm_fqdn:src/vm
+git remote add local $local_fqdn:src/vm
git config --replace remote.local.push HEAD:refs/remotes/master
git submodule update --init
tool=$(readlink -e "${0%/*}/..")
. "$tool"/remote/lib.sh
-remote=${1:-$vm_fqdn}; shift
+remote=${1:-$local_fqdn}; shift
GIT_SSH="$tool"/remote/ssh git push -v "$remote" "$@"
. "$tool"/etc/local.sh
set -x
-test ! "$(hostname --fqdn)" = "$vm_fqdn"
-test ! "$(hostname --fqdn)" = "$vm_host"
+test ! "$(hostname --fqdn)" = "$local_fqdn"
+test ! "$(hostname --fqdn)" = "$local_host"
exec 2>/dev/null;
tmp=$(mktemp -t "luks.'"$part"'.XXXXXXXX.tmp" --dry-run);
cryptsetup luksHeaderBackup >/dev/null \
- /dev/'"$vm_lvm_vg"'/'"$vm_lvm_lv"'_'"$part"' \
+ /dev/'"$local_lvm_vg"'/'"$local_lvm_lv"'_'"$part"' \
--header-backup-file "$tmp"; \
cat "$tmp";
shred >/dev/null --remove "$tmp"; \
' |
gpg "$@" --encrypt \
- -o var/sec/luks/${vm_lvm_lv}_${part}.luks.gpg
+ -o var/sec/luks/${local_lvm_lv}_${part}.luks.gpg
done
tool=$(readlink -e "${0%/*}/..")
. "$tool"/remote/lib.sh
-gpg --decrypt "$tool"/var/sec/luks/$vm_fqdn.key.gpg |
-"$tool"/remote/ssh root@$vm_fqdn "$@" \
+gpg --decrypt "$tool"/var/sec/luks/$local_fqdn.key.gpg |
+"$tool"/remote/ssh root@$local_fqdn "$@" \
-o CheckHostIP=no \
- -o HostKeyAlias=init.$vm_fqdn \
+ -o HostKeyAlias=init.$local_fqdn \
tee /lib/cryptsetup/passfifo \>/dev/null
tool=$(readlink -e "${0%/*}/..")
. "$tool"/remote/lib.sh
-mosh --ssh="$tool/remote/ssh ${ssh_options-}" -- $vm_fqdn "$@"
+mosh --ssh="$tool/remote/ssh ${ssh_options-}" -- $local_fqdn "$@"