X-Git-Url: https://git.cyclocoop.org/?a=blobdiff_plain;ds=sidebyside;f=vm_hosted;h=4cf4b9d14c113463ad1c6fac846fa05870a890ca;hb=22f04b9fac14adc3d3fc98273ba126c3a51792c3;hp=9e04d2a33bf728fe0f65fbecdc1bb4207b2eb541;hpb=af4a5efcb6025d664fb179a8533efa0e2df08265;p=lhc%2Fateliers.git diff --git a/vm_hosted b/vm_hosted index 9e04d2a..4cf4b9d 100755 --- a/vm_hosted +++ b/vm_hosted @@ -305,6 +305,39 @@ rule_boot_configure () { # et davantage sécurisant. EOF } +rule_duplicity_configure () { + rule apt_get_install duplicity + home="/home/backup" + rule adduser backup \ + --disabled-password \ + --group \ + --home "$home" \ + --shell /bin/bash \ + --system + sudo usermod --home "$home" backup + sudo install -d -m 750 -o backup -g backup \ + "$home" \ + "$home"/etc \ + "$home"/etc/gpg \ + "$home"/etc/ssh + sudo install -d -m 770 -o backup -g backup \ + "$home"/mysql \ + "$home"/postgres + getent group sudo backup | + while IFS=: read -r group x x users + do while test -n "$users" && IFS=, read -r user users <<-EOF + $users + EOF + do eval local home\; home="~$user" + sudo cat "$home"/etc/ssh/authorized_keys + done + done | + sudo install -m 640 -o backup -g backup /dev/stdin \ + "$home"/etc/ssh/authorized_keys + sudo ln -fns etc/gpg "$home"/.gnupg + #sudo adduser backup mysql-data + #sudo adduser backup postgres-data + } rule_etckeeper_configure () { sudo install -m 644 -o root -g root /dev/stdin /etc/etckeeper/etckeeper.conf <<-EOF VCS=git @@ -557,8 +590,8 @@ rule_network_configure () { sudo install -m 640 -o root -g root /dev/stdin \ /etc/network/interfaces } -rule_runit_configure () { # SYNTAX: $sv - #rule apt_get_install runit +rule_runit_configure () { # SYNTAX: $sv [...] -- $configure_options + rule apt_get_install runit if test $# = 0 then set +x @@ -591,14 +624,14 @@ rule_runit_configure () { # SYNTAX: $sv -false $(printf -- '-or -name %s\n' $services) \ -printf '%f\n') do - rule runit_sv_configure "$sv" "$@" - rule runit_sv_start "$sv" + rule _runit_sv_configure "$sv" "$@" + rule _runit_sv_start "$sv" done #sleep 3 #sudo find -L /etc/service -type l -delete fi } -rule_runit_sv_configure () { # SYNTAX: $sv $configure_options +rule__runit_sv_configure () { # SYNTAX: $sv $configure_options local sv="$1"; shift sudo install -d -m 770 -o root -g root \ /etc/sv/"$sv" @@ -625,7 +658,7 @@ rule_runit_sv_configure () { # SYNTAX: $sv $configure_options ../sv/"$sv" \ /etc/service/"$sv" } -rule_runit_sv_restart () { # SYNTAX: $sv +rule__runit_sv_restart () { # SYNTAX: $sv local sv="$1" while true do case $(sudo sv restart "$sv" | tee /dev/stderr) in @@ -635,7 +668,7 @@ rule_runit_sv_restart () { # SYNTAX: $sv esac done } -rule_runit_sv_start () { # SYNTAX: $sv +rule__runit_sv_start () { # SYNTAX: $sv local sv="$1" while true do case $(sudo sv start "$sv" | tee /dev/stderr) in @@ -726,10 +759,12 @@ rule_user_add () { # SYNTAX: $user sudo install -m 640 -o "$user" -g "$user" \ "$tool"/var/pub/ssh/"$user".key \ "$home"/etc/ssh/authorized_keys - local key; local -; set +f - for key in "$tool"/var/pub/openpgp/*.key - do sudo -u "$user" gpg --import - <"$key" - done + gpg \ + --homedir "$tool"/var/pub/openpgp/ \ + --no-default-keyring \ + --secret-keyring /dev/null \ + --export | + sudo -u "$user" gpg --import - } rule_user_configure () { rule apt_get_install bash-completion @@ -775,6 +810,9 @@ rule_user_configure () { sudo install -m 644 -o root -g root \ "$tool"/etc/bash.bashrc \ /etc/bash.bashrc + sudo install -m 644 -o root -g root \ + "$tool"/etc/inputrc \ + /etc/inputrc sudo install -m 644 -o root -g root \ "$tool"/etc/screenrc \ /etc/screenrc @@ -796,10 +834,12 @@ rule_user_admin_add () { # SYNTAX: $user sudo install -m 640 -o root -g root \ "$tool"/var/pub/ssh/"$user".key \ "$home"/etc/ssh/authorized_keys - local key; local -; set +f - for key in "$tool"/var/pub/openpgp/*.key - do sudo -u "$user" gpg --import - <"$key" - done + gpg \ + --homedir "$tool"/var/pub/openpgp/ \ + --no-default-keyring \ + --secret-keyring /dev/null \ + --export | + sudo -u "$user" gpg --import - rule user_admin_configure } rule_user_admin_configure () { @@ -822,13 +862,16 @@ rule_user_root_configure () { sudo cat "$home"/etc/ssh/authorized_keys done done | - sudo install -m 640 -o root -g root /dev/stdin /root/etc/ssh/authorized_keys - local key; local -; set +f - for key in "$tool"/var/pub/openpgp/*.key - do sudo gpg --import "$key" - done - } -rule_www_configure () { + sudo install -m 640 -o root -g root /dev/stdin \ + /root/etc/ssh/authorized_keys + gpg \ + --homedir "$tool"/var/pub/openpgp/ \ + --no-default-keyring \ + --secret-keyring /dev/null \ + --export | + sudo gpg --import - + } +rule__www_configure () { rule adduser www \ --disabled-login \ --disabled-password \