#!/bin/sh
set -e -f ${DRY_RUN:+-n} -u
tool=${0%/*}
-. "$tool"/lib/functions.sh
+. "$tool"/lib/rule.sh
. "$tool"/etc/vm.sh
+. "$tool"/lib/mk.sh
rule_help () { # SYNTAX: [--hidden]
local hidden; [ ${1:+set} ] || hidden=set
! test -e /dev/mapper/${vm_lvm_lv}_root_deciphered ||
sudo cryptsetup luksClose ${vm_lvm_lv}_root_deciphered
}
-rule_part_root_backup_luks () {
- sudo cryptsetup luksHeaderBackup $vm_dev_disk_root --header-backup-file ./root.luks
- }
rule_part_swap_format () {
rule _part_encrypted_format swap
rule _part_encrypted_mount swap
#!/bin/sh
set -e -f ${DRY_RUN:+-n} -u
tool=${0%/*}
-. "$tool"/lib/functions.sh
+. "$tool"/lib/rule.sh
. "$tool"/etc/vm.sh
+. "$tool"/lib/mk.sh
rule_help () { # SYNTAX: [--hidden]
local hidden; [ ${1:+set} ] || hidden=set
# CUSTOM_NO_UPDATES_SUBJECT=""
# CUSTOM_FROM="root@ateliers.heureux-cyclage.org"
EOF
- sudo service apticron restart
}
rule_boot_configure () {
warn "attention à n'installer GRUB sur AUCUN disque proposé !"
rule login_configure
rule user_root_configure
rule boot_configure
+ rule apticron_configure
rule bin_configure
}
-rule_disk_key_change () {
+rule_luks_key_change () {
sudo cryptsetup luksChangeKey /dev/$vm_lvm_vg/${vm_lvm_lv}_root
}
#!/bin/sh
set -e -f ${DRY_RUN:+-n} -u
tool=${0%/*}
-. "$tool"/lib/functions.sh
+. "$tool"/lib/rule.sh
. "$tool"/etc/vm.sh
rule_help () { # SYNTAX: [--hidden]
EOF
}
-rule_git_config () { # DESCRIPTION: configure le .git local pour bien pousser
+rule_git_configure () { # DESCRIPTION: configure ./.git correctement
(
cd "$tool"
git remote rm host || true
)
}
rule_git_push () { # SYNTAX: {host|hosted} $git_push_options
+ (
+ cd "$tool"
local remote=${1#remote=}; shift
- GIT_SSH=./vm_ssh git push -v "$remote" "$@"
+ GIT_SSH=./lib/ssh git push -v "$remote" "$@"
info "penser à faire : vm_hosted git_reset"
+ )
}
rule_ssh () {
- "$tool"/vm_ssh $vm_fqdn "$@"
+ "$tool"/lib/ssh $vm_fqdn "$@"
}
rule_mosh () {
- mosh --ssh="$tool/vm_ssh $*" $vm_fqdn
+ mosh --ssh="$tool/lib/ssh $*" $vm_fqdn
}
rule__ssh_known_hosts_update () {
rule ssh \
-o HashKnownHosts=no \
whoami
}
-rule_key_disk_send () {
+rule_luks_key_send () { # NOTE: envoie la clef de déchiffrement des partitions au démarrage de la VM.
gpg --decrypt var/sec/luks/$vm_fqdn.key.gpg |
- "$tool"/vm_ssh root@$vm_fqdn "$@" \
+ "$tool"/lib/ssh root@$vm_fqdn "$@" \
-o CheckHostIP=no \
-o HostKeyAlias=init.$vm_fqdn \
tee /lib/cryptsetup/passfifo \>/dev/null
}
-rule_key_disk_backup () {
+rule_luks_key_backup () { # NOTE: sauvegarde localement les entêtes des partitions chiffrées. ENVIRONMENT: $gpg_recipient
for part in root var home
do
mkdir -p var/sec/luks
cat "$tmp";
shred >/dev/null --remove "$tmp"; \
' |
- gpg --encrypt --recipient $USER@ \
+ gpg --encrypt --recipient "${gpg_recipient:-$USER@}" \
-o var/sec/luks/${vm_lvm_lv}_${part}.luks.gpg
done
}