--system
sudo usermod --home /home/mysql mysql
sudo adduser mysql mysql-data
- sudo install -m 644 -o mysql -g mysql \
- "$tool"/etc/mysql/my.cnf \
- /etc/mysql/my.cnf
sudo install -d -m 751 -o mysql -g mysql \
/home/mysql
sudo rm -rf /etc/mysql
sudo install -d -m 750 -o mysql -g mysql \
/etc/mysql \
+ /etc/mysql/conf.d \
/home/mysql/etc
sudo ln -fns \
/etc/mysql \
/home/mysql/etc/mysql
+ sudo install -m 644 -o mysql -g mysql \
+ "$tool"/etc/mysql/my.cnf \
+ /etc/mysql/my.cnf
if sudo test ! -d /home/mysql/data
then
sudo install -d -m 750 -o mysql -g mysql-data \
sudo chmod ugo-x /etc/init.d/mysql
case $(sudo sv status mysql || true) in
(''|run:*|*"s, normally up;"*)
- sudo sv restart mysql
- case $(sudo inotifywait -e create -- /run/mysqld/sock/) in
- ("/run/mysqld/sock/ CREATE mysql")
+ rule runit_sv_restart mysql
+ while case $(sudo inotifywait -e create -- /run/mysqld/sock/) in
+ ("/run/mysqld/sock/ CREATE mysql") false;;
+ (*) true;;
+ esac
+ do true; done
+ (
+ cd /
# NOTE:
# - ajoute l'accès par socket Unix à mysql
# - ajoute les droits de super-utilisateur à mysql
DELETE FROM mysql.user WHERE user = '';
FLUSH PRIVILEGES;
EOF
- ;;
- esac
+ )
+ ;;
esac
}
rule_mysql_db_add () { # SYNTAX: $user $db
"$tool"/etc/php5/fpm/php.ini \
/etc/php5/fpm/php.ini
case $(sudo sv status php5-"$pool" || true) in
- (''|run:*) sudo sv restart php5-"$pool"
+ (''|run:*) rule runit_sv_restart php5-"$pool"
esac
done
rule tmpfs_configure
sudo chmod ugo-x /etc/init.d/postgresql
case $(sudo sv status postgres || true) in
(''|run:*|*"s, normally up;"*)
- sudo sv restart postgres
+ rule runit_sv_restart postgres
while case $(sudo inotifywait -e create -- /run/postgresql/) in
- ("/run/postgresql/ CREATE .s.PGSQL.5432") true;;
- (*) false;;
- esac
+ ("/run/postgresql/ CREATE .s.PGSQL.5432") false;;
+ (*) true;;
+ esac
do true; done
(
cd /
# NOTE: supprime l'accès au schéma public depuis public,
# de sorte à ce que les différents utilisateurices
# ne voient pas leurs bases de données entre-elleux ;
- sudo -u postgres psql template1 -a -f - <<-EOF
- \set ON_ERROR_STOP on
- REVOKE ALL ON DATABASE template1 FROM public;
- REVOKE ALL ON SCHEMA public FROM public;
- GRANT ALL ON SCHEMA public TO postgres;
- EOF
+ #sudo -u postgres psql template1 -a -f - <<-EOF
+ # \set ON_ERROR_STOP on
+ # REVOKE ALL ON DATABASE template1 FROM public;
+ # REVOKE ALL ON SCHEMA public FROM public;
+ # GRANT ALL ON SCHEMA public TO postgres;
+ # EOF
# NOTE: ajoute le support de PL/PGSQL s'il ne l'est pas déjà.
sudo -u postgres psql template1 -a -f - <<-EOF
\set ON_ERROR_STOP on
EOF
# NOTE: supprime l'accès à la liste des bases données
# et utilisateurices depuis public.
- sudo -u postgres psql template1 -a -f - <<-EOF
- \set ON_ERROR_STOP on
- REVOKE ALL ON pg_auth_members FROM public;
- REVOKE ALL ON pg_authid FROM public;
- REVOKE ALL ON pg_database FROM public;
- REVOKE ALL ON pg_group FROM public;
- REVOKE ALL ON pg_roles FROM public;
- REVOKE ALL ON pg_settings FROM public;
- REVOKE ALL ON pg_tablespace FROM public;
- REVOKE ALL ON pg_user FROM public;
- EOF
+ #sudo -u postgres psql template1 -a -f - <<-EOF
+ # \set ON_ERROR_STOP on
+ # REVOKE ALL ON pg_auth_members FROM public;
+ # REVOKE ALL ON pg_authid FROM public;
+ # REVOKE ALL ON pg_database FROM public;
+ # REVOKE ALL ON pg_group FROM public;
+ # REVOKE ALL ON pg_roles FROM public;
+ # REVOKE ALL ON pg_settings FROM public;
+ # REVOKE ALL ON pg_tablespace FROM public;
+ # REVOKE ALL ON pg_user FROM public;
+ # EOF
)
;;
esac
sudo -u postgres psql template1 -a -f - <<-EOF
\set ON_ERROR_STOP on
GRANT ${db}_role TO $db_user;
+ ALTER USER $db SET search_path to $db;
REVOKE ALL ON DATABASE $db FROM public;
EOF
}
case $sv_status in
("") true;;
(fail:*) sleep 1 && sudo sv start "$sv";;
- (run:*)
- while true
- do case $(sudo sv restart "$sv") in
- ("fail: $sv: runsv not running") sleep 1;;
- (*) break;;
- esac
- done
+ (run:*) rule runit_sv_restart "$sv";;
esac
done
done
}
+rule_runit_sv_restart () { # SYNTAX: $sv
+ local sv="$1"
+ while true
+ do case $(sudo sv restart "$sv") in
+ ("fail: $sv: runsv not running") sleep 1;;
+ (*) break;;
+ esac
+ done
+ }
rule_ssh_configure () {
ssh-keygen -F "$vm_fqdn" -f "$tool"/etc/openssh/known_hosts |
( while IFS= read -r line