dépôts
/
lhc
/
ateliers.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
[keys] +lchevalier
[lhc/ateliers.git]
/
vm_hosted
diff --git
a/vm_hosted
b/vm_hosted
index
56e1ee0
..
a630d12
100755
(executable)
--- a/
vm_hosted
+++ b/
vm_hosted
@@
-1,9
+1,8
@@
#!/bin/sh
set -e -f ${DRY_RUN:+-n} -u
tool=${0%/*}
#!/bin/sh
set -e -f ${DRY_RUN:+-n} -u
tool=${0%/*}
-. "$tool"/functions.sh
-. "$tool"/vm.sh
-test "$(hostname --fqdn)" = "$vm_fqdn"
+. "$tool"/lib/functions.sh
+. "$tool"/etc/vm.sh
rule_help () {
cat >&2 <<-EOF
rule_help () {
cat >&2 <<-EOF
@@
-40,7
+39,7
@@
rule__etckeeper_init () {
GIT_COMMIT_OPTIONS=""
AVOID_DAILY_AUTOCOMMITS=1
#AVOID_SPECIAL_FILE_WARNING=1
GIT_COMMIT_OPTIONS=""
AVOID_DAILY_AUTOCOMMITS=1
#AVOID_SPECIAL_FILE_WARNING=1
-
#
AVOID_COMMIT_BEFORE_INSTALL=1
+ AVOID_COMMIT_BEFORE_INSTALL=1
HIGHLEVEL_PACKAGE_MANAGER=apt
LOWLEVEL_PACKAGE_MANAGER=dpkg
EOF
HIGHLEVEL_PACKAGE_MANAGER=apt
LOWLEVEL_PACKAGE_MANAGER=dpkg
EOF
@@
-70,7
+69,7
@@
rule__network_init () {
network $vm_ipv4
broadcast $vm_ipv4
netmask 255.255.255.255
network $vm_ipv4
broadcast $vm_ipv4
netmask 255.255.255.255
- mtu 1300 # TODO: voir si c'est nécessaire à Lyon
+ #mtu 1300
post-up ip address add $vm_ipv4/32 dev \$IFACE
pre-down ip address delete $vm_ipv4/32 dev \$IFACE
EOF
post-up ip address add $vm_ipv4/32 dev \$IFACE
pre-down ip address delete $vm_ipv4/32 dev \$IFACE
EOF
@@
-80,7
+79,7
@@
rule__apt_init () {
deb http://ftp.fr.debian.org/debian $vm_lsb_name main contrib non-free
EOF
mk_reg mod= own= /etc/apt/sources.list.d/$vm_lsb_name-backports.list <<-EOF
deb http://ftp.fr.debian.org/debian $vm_lsb_name main contrib non-free
EOF
mk_reg mod= own= /etc/apt/sources.list.d/$vm_lsb_name-backports.list <<-EOF
- deb http://backports.debian.org/debian-backports $vm_lsb_name-backports main contrib non-free
+
#
deb http://backports.debian.org/debian-backports $vm_lsb_name-backports main contrib non-free
EOF
mk_reg mod= own= /etc/apt/preferences <<-EOF
Package: *
EOF
mk_reg mod= own= /etc/apt/preferences <<-EOF
Package: *
@@
-183,17
+182,17
@@
rule__login_init () {
HUSHLOGIN_FILE .hushlogin
ENV_SUPATH PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
ENV_PATH PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
HUSHLOGIN_FILE .hushlogin
ENV_SUPATH PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
ENV_PATH PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
- # NOTE: met les sbin/ dans ENV_PATH ;
- # - ça n'apporte aucune protection de ne pas les mettre ;
- # - ça frustre de ne pas les trouver.
+
# NOTE: met les sbin/ dans ENV_PATH ;
+
# - ça n'apporte aucune protection de ne pas les mettre ;
+
# - ça frustre de ne pas les trouver.
TTYGROUP tty
TTYPERM 0600
ERASECHAR 0177
KILLCHAR 025
TTYGROUP tty
TTYPERM 0600
ERASECHAR 0177
KILLCHAR 025
- # NOTE: rwxrwx--- ;
- # - donne une même confiance au groupe propriétaire qu'au propriétaire ;
- # - facilite l'utilisation des ACL, qui sont dépendantes des droits du groupe propriétaire.
UMASK 007
UMASK 007
+ # NOTE: rwxrwx--- ;
+ # - donne une même confiance au groupe propriétaire qu'au propriétaire ;
+ # - facilite l'utilisation des ACL, qui sont dépendantes des droits du groupe propriétaire.
PASS_MAX_DAYS 99999
PASS_MIN_DAYS 0
PASS_WARN_AGE 7
PASS_MAX_DAYS 99999
PASS_MIN_DAYS 0
PASS_WARN_AGE 7
@@
-229,7
+228,7
@@
rule__user_root_init () {
EOF
done |
mk_reg mod=640 own=root:root /root/etc/ssh/authorized_keys
EOF
done |
mk_reg mod=640 own=root:root /root/etc/ssh/authorized_keys
- sudo find "$tool"/
key -type f -name '*.gpg.pub
' -exec gpg --import {} \;
+ sudo find "$tool"/
var/pub/openpgp -type f -name '*.key
' -exec gpg --import {} \;
}
rule__initramfs_init () {
mk_reg mod=644 own=root:root /etc/initramfs-tools/initramfs.conf <<-EOF
}
rule__initramfs_init () {
mk_reg mod=644 own=root:root /etc/initramfs-tools/initramfs.conf <<-EOF
@@
-262,16
+261,13
@@
rule__initramfs_init () {
/etc/initramfs-tools/etc/dropbear/dropbear_dss_host_key.pub \
/etc/initramfs-tools/etc/dropbear/dropbear_rsa_host_key \
/etc/initramfs-tools/etc/dropbear/dropbear_rsa_host_key.pub
/etc/initramfs-tools/etc/dropbear/dropbear_dss_host_key.pub \
/etc/initramfs-tools/etc/dropbear/dropbear_rsa_host_key \
/etc/initramfs-tools/etc/dropbear/dropbear_rsa_host_key.pub
- #mk_reg mod=640 own=root:root </dev/null \
- # /etc/initramfs-tools/etc/dropbear/dropbear_dss_host_key \
- # /etc/initramfs-tools/etc/dropbear/dropbear_dss_host_key.pub
- ssh-keygen -F "init.$vm_fqdn" -f "$tool"/key/ssh.known_hosts |
+ ssh-keygen -F "init.$vm_fqdn" -f "$tool"/etc/openssh/known_hosts |
( while IFS= read -r line
do case $line in (*" RSA") return 0; break;; esac
done; return 1 ) ||
sudo dropbearkey -t rsa -s 4096 -f \
/etc/initramfs-tools/etc/dropbear/dropbear_rsa_host_key
( while IFS= read -r line
do case $line in (*" RSA") return 0; break;; esac
done; return 1 ) ||
sudo dropbearkey -t rsa -s 4096 -f \
/etc/initramfs-tools/etc/dropbear/dropbear_rsa_host_key
- ssh-keygen -F "init.$vm_fqdn" -f "$tool"/
key/ssh.
known_hosts |
+ ssh-keygen -F "init.$vm_fqdn" -f "$tool"/
etc/openssh/
known_hosts |
( while IFS= read -r line
do case $line in (*" DSA") return 0; break;; esac
done; return 1 ) ||
( while IFS= read -r line
do case $line in (*" DSA") return 0; break;; esac
done; return 1 ) ||
@@
-348,7
+344,7
@@
rule_user_init () {
mk_dir mod=700 own="root:adm" /etc/skel/tmp
mk_lnk etc/ssh /etc/skel/.ssh
mk_lnk etc/gpg /etc/skel/.gnupg
mk_dir mod=700 own="root:adm" /etc/skel/tmp
mk_lnk etc/ssh /etc/skel/.ssh
mk_lnk etc/gpg /etc/skel/.gnupg
- ssh-keygen -F "$vm_fqdn" -f "$tool"/
key/ssh.
known_hosts |
+ ssh-keygen -F "$vm_fqdn" -f "$tool"/
etc/openssh/
known_hosts |
( while IFS= read -r line
do case $line in (*" RSA") return 0; break;; esac
done; return 1 ) ||
( while IFS= read -r line
do case $line in (*" RSA") return 0; break;; esac
done; return 1 ) ||
@@
-428,10
+424,12
@@
rule_user_admin_add () { # SYNTAX: $user
# NOTE: le mot-de-passe doit être initialisé par l'utilisateur à l'aide de passwd-init .
eval local home\; home="~$user"
sudo adduser "$user" sudo
# NOTE: le mot-de-passe doit être initialisé par l'utilisateur à l'aide de passwd-init .
eval local home\; home="~$user"
sudo adduser "$user" sudo
- ssh_key_add user=$user "$tool"/key/"$user".ssh.pub "$home"/etc/ssh/authorized_keys
+ mk_reg mod=640 own=$user:$user "$home"/etc/ssh/authorized_keys \
+ <"$tool"/var/pub/ssh/"$user".key
rule__initramfs_init
rule__user_root_init
rule__initramfs_init
rule__user_root_init
- sudo gpg --import "$tool"/key/"$user".gpg.pub
+ sudo gpg --import "$tool"/var/pub/opengpg/"$user".key
+ # TODO: importer toutes les clefs des utilisateurices
}
rule_user_mail_format () {
mk_dir mod=770 own=root:adm /etc/skel/etc/procmail
}
rule_user_mail_format () {
mk_dir mod=770 own=root:adm /etc/skel/etc/procmail
@@
-800,5
+798,11
@@
rule_mail_install () {
rule=${1:-help}
${1+shift}
rule=${1:-help}
${1+shift}
-set "${TRACE:+-x}"
+case $rule in
+ (help);;
+ (*)
+ test "$(hostname --fqdn)" = "$vm_fqdn"
+ set "${TRACE:+-x}"
+ ;;
+ esac
rule_$rule "$@"
rule_$rule "$@"