sudo install -m 400 -o root -g root \
"$tool"/var/pub/x509/$vm_domainname/imap/crt+crl.self-signed.pem \
/etc/dovecot/$vm_domainname/imap/x509/crt+crl.self-signed.pem
- sudo install -d -m 770 -o root -g adm \
+ sudo install -d -m 770 -o root -g root \
/etc/skel/etc/mail \
/etc/skel/etc/sieve
sudo install -d -m 1777 -o root -g root \
#sudo sv restart spawn-fcgi.git.80.git.heureux-cyclage.org
#sudo sv restart git-daemon.git.9418
}
-rule_locale_configure () {
+rule_locales_configure () {
sudo debconf-set-selections <<-EOF
locales locales/default_environment_locale select None
locales locales/locales_to_be_generated multiselect fr_FR.UTF-8 UTF-8
# Xen hypervisor console
hvc:2345:respawn:/sbin/getty 38400 hvc0
#xvc:2345:respawn:/sbin/getty 38400 xvc0
+
+ #-- runit begin
+ SV:123456:respawn:/usr/sbin/runsvdir-start
+ #-- runit end
EOF
sudo install -m 644 -o root -g root /dev/stdin /etc/login.defs <<-EOF
MAIL_DIR /var/mail
sudo postmap hash:/etc/postfix/$vm_domainname/virtual_alias
sudo service postfix restart
}
+rule_postgresql_configure () {
+ rule apt_get_install postgresql-9.1
+ sudo service postgresql restart
+ }
rule_openerp_configure () {
sudo install -m 660 -o root -g root /dev/stdin /etc/apt/sources.list.d/openerp.list <<-EOF
deb http://nightly.openerp.com/trunk/nightly/deb/ ./
}
rule_procmail_configure () {
rule apt_get_install procmail
- sudo install -d -m 770 -o root -g adm \
+ sudo install -d -m 770 -o root -g root \
/etc/skel/etc/mail \
/etc/skel/var/cache/mail \
/etc/skel/var/log/mail \
/etc/skel/var/mail
- sudo install -m 660 -o root -g adm \
+ sudo install -m 660 -o root -g root \
"$tool"/etc/skel/etc/mail/delivery.procmailrc \
/etc/skel/etc/mail/delivery.procmailrc
}
+rule_runit_configure () {
+ rule apt_get_install runit
+ local -; set +f
+ rm -f /etc/service/*
+ # NOTE: runsvdir éteindra les services qui n'apparaîtront plus ici.
+ for sv in "$tool"/etc/sv/*
+ do sv=${sv#"$tool"/etc/sv/}
+ sudo install -d -m 770 -o root -g root \
+ /etc/sv/"$sv"
+ sudo install -m 770 -o root -g root \
+ "$tool"/etc/sv/"$sv"/run \
+ /etc/sv/"$sv"/run
+ if test -e "$tool"/etc/sv/"$sv"/log/run
+ then
+ sudo install -d -m 770 -o root -g root \
+ /etc/sv/"$sv"/log
+ sudo install -m 770 -o root -g root \
+ "$tool"/etc/sv/"$sv"/log/run \
+ /etc/sv/"$sv"/log/run
+ fi
+ if test ! -x "$tool"/etc/sv/"$sv"/configure ||
+ "$tool"/etc/sv/"$sv"/configure
+ then
+ ln -fns ../sv/"$sv" /etc/service/"$sv"
+ sv restart "$sv"
+ else
+ done
+ }
rule_ssh_configure () {
ssh-keygen -F "$vm_fqdn" -f "$tool"/etc/openssh/known_hosts |
( while IFS= read -r line
done
}
rule_user_configure () {
- true
+ sudo install -m 660 -o root -g root /dev/stdin \
+ /etc/adduser.conf <<-EOF
+ ADD_EXTRA_GROUPS=1
+ DHOME=/home
+ DIR_MODE=0750
+ DSHELL=/bin/bash
+ EXTRA_GROUPS="users"
+ FIRST_GID=1000
+ FIRST_SYSTEM_GID=100
+ FIRST_SYSTEM_UID=100
+ FIRST_UID=1000
+ GROUPHOMES=no
+ LAST_GID=29999
+ LAST_SYSTEM_GID=999
+ LAST_SYSTEM_UID=999
+ LAST_UID=29999
+ LETTERHOMES=no
+ NAME_REGEX="^[a-z][-a-z0-9_.]*\$"
+ QUOTAUSER="" # TODO: init
+ SETGID_HOME=no
+ SKEL=/etc/skel
+ SKEL_IGNORE_REGEX="dpkg-(old|new|dist|save)"
+ USERGROUPS=yes
+ USERS_GID=100
+ EOF
}
rule_user_admin_add () { # SYNTAX: $user
rule user_configure
local user=$1
- id "$user" >/dev/null ||
+ getent passwd "$user" >/dev/null ||
sudo adduser --disabled-password "$user"
eval local home\; home="~$user"
sudo adduser "$user" sudo
- sudo adduser "$user" users
sudo install -m 640 -o root -g root \
"$tool"/var/pub/ssh/"$user".key \
"$home"/etc/ssh/authorized_keys
rule user_root_configure
}
rule_user_configure () {
- sudo install -d -m 750 -o root -g adm \
+ sudo install -d -m 750 -o root -g root \
+ /etc/skel \
/etc/skel/etc \
/etc/skel/etc/gpg \
/etc/skel/etc/ssh
- sudo install -d -m 770 -o root -g adm \
+ sudo install -d -m 770 -o root -g root \
/etc/skel/var \
/etc/skel/var/cache \
/etc/skel/var/log \
/etc/screenrc
}
rule_user_root_configure () {
- sudo install -d -m 750 -o root -g adm \
+ sudo install -d -m 750 -o root -g root \
/root/etc \
/root/etc/gpg \
/root/etc/ssh
rule apt_configure
rule git_configure
rule etckeeper_configure
- rule locale_configure
+ rule locales_configure
rule time_configure
rule network_configure
rule filesystem_configure
rule nginx_configure
rule php5_fpm_configure
rule gitolite_configure
+ rule runit_configure
}
rule_luks_key_change () {