# et davantage sécurisant.
EOF
}
+rule_duplicity_configure () {
+ rule apt_get_install duplicity
+ home="/home/backup"
+ rule adduser backup \
+ --disabled-password \
+ --group \
+ --home "$home" \
+ --shell /bin/bash \
+ --system
+ sudo usermod --home "$home" backup
+ sudo install -d -m 750 -o backup -g backup \
+ "$home" \
+ "$home"/etc \
+ "$home"/etc/gpg \
+ "$home"/etc/ssh
+ sudo install -d -m 770 -o backup -g backup \
+ "$home"/mysql \
+ "$home"/postgres
+ getent group sudo backup |
+ while IFS=: read -r group x x users
+ do while test -n "$users" && IFS=, read -r user users <<-EOF
+ $users
+ EOF
+ do eval local home\; home="~$user"
+ sudo cat "$home"/etc/ssh/authorized_keys
+ done
+ done |
+ sudo install -m 640 -o backup -g backup /dev/stdin \
+ "$home"/etc/ssh/authorized_keys
+ sudo ln -fns etc/gpg "$home"/.gnupg
+ #sudo adduser backup mysql-data
+ #sudo adduser backup postgres-data
+ }
rule_etckeeper_configure () {
sudo install -m 644 -o root -g root /dev/stdin /etc/etckeeper/etckeeper.conf <<-EOF
VCS=git
sudo install -m 640 -o "$user" -g "$user" \
"$tool"/var/pub/ssh/"$user".key \
"$home"/etc/ssh/authorized_keys
- local key; local -; set +f
- for key in "$tool"/var/pub/openpgp/*.key
- do sudo -u "$user" gpg --import - <"$key"
- done
+ gpg \
+ --homedir "$tool"/var/pub/openpgp/ \
+ --no-default-keyring \
+ --secret-keyring /dev/null \
+ --export |
+ sudo -u "$user" gpg --import -
}
rule_user_configure () {
rule apt_get_install bash-completion
sudo install -m 640 -o root -g root \
"$tool"/var/pub/ssh/"$user".key \
"$home"/etc/ssh/authorized_keys
- local key; local -; set +f
- for key in "$tool"/var/pub/openpgp/*.key
- do sudo -u "$user" gpg --import - <"$key"
- done
+ gpg \
+ --homedir "$tool"/var/pub/openpgp/ \
+ --no-default-keyring \
+ --secret-keyring /dev/null \
+ --export |
+ sudo -u "$user" gpg --import -
rule user_admin_configure
}
rule_user_admin_configure () {
sudo cat "$home"/etc/ssh/authorized_keys
done
done |
- sudo install -m 640 -o root -g root /dev/stdin /root/etc/ssh/authorized_keys
- local key; local -; set +f
- for key in "$tool"/var/pub/openpgp/*.key
- do sudo gpg --import "$key"
- done
+ sudo install -m 640 -o root -g root /dev/stdin \
+ /root/etc/ssh/authorized_keys
+ gpg \
+ --homedir "$tool"/var/pub/openpgp/ \
+ --no-default-keyring \
+ --secret-keyring /dev/null \
+ --export |
+ sudo gpg --import -
}
rule__www_configure () {
rule adduser www \