X-Git-Url: https://git.cyclocoop.org/?a=blobdiff_plain;f=vm_hosted;h=2e4dc0872209dd0155c9a6c33f95d550dbc6bff7;hb=1612b71dcbc6de9a34c98e755f36b1428ff46d85;hp=f6107016c3afb686403f486dca06122ff8718218;hpb=a7d0fb2448e129747fce8e108ce80e4ce3c17845;p=lhc%2Fateliers.git diff --git a/vm_hosted b/vm_hosted index f610701..2e4dc08 100755 --- a/vm_hosted +++ b/vm_hosted @@ -292,6 +292,13 @@ rule_initramfs_configure () { # NOTE: clefs générées par Debian sudo update-initramfs -u } +rule_time_configure () { + sudo install -m 644 -o root -g root /dev/stdin /etc/timezone <<-EOF + Europe/Paris + EOF + sudo dpkg-reconfigure tzdata + # TODO: NTP + } rule_locale_configure () { sudo install -m 644 -o root -g root /dev/stdin /etc/locale.gen <<-EOF fr_FR.UTF-8 UTF-8 @@ -395,20 +402,52 @@ rule_login_configure () { session optional pam_umask.so EOF } -rule_procmail_configure () { - rule apt_get_install procmail - sudo install -d -m 770 -o root -g adm \ - /etc/skel/etc/mail \ - /etc/skel/var/cache/mail \ - /etc/skel/var/log/mail \ - /etc/skel/var/mail - sudo install -m 660 -o root -g adm \ - "$tool"/etc/skel/etc/mail/delivery.procmailrc \ - /etc/skel/etc/mail/delivery.procmailrc +rule_mail_configure () { + rule postfix_configure + rule postgrey_configure + rule procmail_configure + rule dovecot_configure } -rule_postgrey_configure () { - rule apt_get_install postgrey - sudo service postgrey restart +rule_network_configure () { + sudo install -m 644 -o root -g root /dev/stdin /etc/hostname <<-EOF + $vm + EOF + grep -q " $vm\$" /etc/hosts || + sudo install -m 644 -o root -g root /dev/stdin /etc/hosts <<-EOF + $(cat /etc/hosts) + 127.0.0.1 $vm_fqdn $vm + EOF + sudo install -m 644 -o root -g root /dev/stdin /etc/network/interfaces <<-EOF + auto lo + iface lo inet loopback + + auto eth0=grenode + iface grenode inet static + address $vm_ipv4 + gateway $vm_ipv4 # NOTE: proxy_arp sur la passerelle permet d'utiliser la même adresse + network $vm_ipv4 + broadcast $vm_ipv4 + netmask 255.255.255.255 + mtu 1300 + # NOTE: il y a besoin de ça en l'état actuel du réseau de Grenode + # car la MTU des tunnels GRE/IPsec entre les routeurs de Grenode l'impose. + # + # root@ateliers:~# ping -M do -c 1 -s \$((1500-20-8-200)) soupirail.grenode.net + # PING soupirail.grenode.net (91.216.110.1) 1272(1300) bytes of data. + # 1280 bytes from soupirail.grenode.net (91.216.110.1): icmp_req=1 ttl=63 time=18.0 ms + # + # --- soupirail.grenode.net ping statistics --- + # 1 packets transmitted, 1 received, 0% packet loss, time 0ms + # rtt min/avg/max/mdev = 18.027/18.027/18.027/0.000 ms + # root@ateliers:~# ping -M do -c 1 -s \$((1500-20-8-200+1)) soupirail.grenode.net + # PING soupirail.grenode.net (91.216.110.1) 1273(1301) bytes of data. + # From estran.grenode.net (91.216.110.6) icmp_seq=1 Frag needed and DF set (mtu = 1300) + # + # --- soupirail.grenode.net ping statistics --- + # 0 packets transmitted, 0 received, +1 errors + post-up ip address add $vm_ipv4/32 dev \$IFACE + pre-down ip address delete $vm_ipv4/32 dev \$IFACE + EOF } rule_postfix_configure () { local hint="run vm_remote postfix_key_send before" @@ -438,25 +477,25 @@ rule_postfix_configure () { ../crt+crl.self-signed.pem \ /etc/postfix/$vm_domainname/smtpd/x509/ca/crt.pem sudo install -m 400 -o root -g root \ - var/pub/x509/service/smtpd/crt+crl.self-signed.pem \ + "$tool"/var/pub/x509/service/smtpd/crt+crl.self-signed.pem \ /etc/postfix/$vm_domainname/smtpd/x509/crt+crl.self-signed.pem sudo install -m 400 -o root -g root \ - var/pub/x509/service/smtpd/crt.pem \ + "$tool"/var/pub/x509/service/smtpd/crt.pem \ /etc/postfix/$vm_domainname/smtpd/x509/crt.pem sudo install -m 400 -o root -g root \ - var/pub/x509/service/smtpd/crt+root.pem \ + "$tool"/var/pub/x509/service/smtpd/crt+root.pem \ /etc/postfix/$vm_domainname/smtpd/x509/crt+root.pem sudo install -m 400 -o root -g root \ - var/pub/x509/service/smtpd/crt+crl.self-signed.pem \ + "$tool"/var/pub/x509/service/smtpd/crt+crl.self-signed.pem \ /etc/postfix/$vm_domainname/smtpd/x509/crt+crl.self-signed.pem sudo install -m 660 -o root -g root \ - etc/postfix/$vm_domainname/header_checks \ - /etc/postfix/$vm_domainname/header_checks + "$tool"/etc/postfix/$vm_domainname/header_checks \ + /etc/postfix/$vm_domainname/header_checks sudo install -m 664 -o root -g root \ - etc/postfix/aliases \ - /etc/postfix/aliases + "$tool"/etc/postfix/aliases \ + /etc/postfix/aliases sudo newaliases -oA/etc/postfix/aliases - cat /dev/stdin etc/postfix/main.cf <<-EOF | + cat /dev/stdin "$tool"/etc/postfix/main.cf <<-EOF | mydomain = $vm_domainname myorigin = \$mydomain myhostname = $vm_hostname.\$mydomain @@ -466,83 +505,51 @@ rule_postfix_configure () { sudo install -m 664 -o root -g root /dev/stdin \ /etc/postfix/main.cf sudo install -m 664 -o root -g root \ - etc/postfix/master.cf \ - /etc/postfix/master.cf + "$tool"/etc/postfix/master.cf \ + /etc/postfix/master.cf sudo install -m 660 -o root -g root \ - etc/postfix/$vm_domainname/smtp/x509/policy \ - /etc/postfix/$vm_domainname/smtp/x509/policy + "$tool"/etc/postfix/$vm_domainname/smtp/x509/policy \ + /etc/postfix/$vm_domainname/smtp/x509/policy sudo postmap hash:/etc/postfix/$vm_domainname/smtp/x509/policy sudo install -m 660 -o root -g root \ - etc/postfix/$vm_domainname/smtp/header_checks \ - /etc/postfix/$vm_domainname/smtp/header_checks + "$tool"/etc/postfix/$vm_domainname/smtp/header_checks \ + /etc/postfix/$vm_domainname/smtp/header_checks sudo install -m 660 -o root -g root \ - etc/postfix/$vm_domainname/smtpd/sender_access \ - /etc/postfix/$vm_domainname/smtpd/sender_access + "$tool"/etc/postfix/$vm_domainname/smtpd/sender_access \ + /etc/postfix/$vm_domainname/smtpd/sender_access sudo postmap hash:/etc/postfix/$vm_domainname/smtpd/sender_access sudo install -m 660 -o root -g root \ - etc/postfix/$vm_domainname/smtpd/client_blacklist \ - /etc/postfix/$vm_domainname/smtpd/client_blacklist + "$tool"/etc/postfix/$vm_domainname/smtpd/client_blacklist \ + /etc/postfix/$vm_domainname/smtpd/client_blacklist sudo postmap hash:/etc/postfix/$vm_domainname/smtpd/client_blacklist sudo install -m 660 -o root -g root \ - etc/postfix/$vm_domainname/smtpd/relay_clientcerts \ - /etc/postfix/$vm_domainname/smtpd/relay_clientcerts + "$tool"/etc/postfix/$vm_domainname/smtpd/relay_clientcerts \ + /etc/postfix/$vm_domainname/smtpd/relay_clientcerts sudo postmap hash:/etc/postfix/$vm_domainname/smtpd/relay_clientcerts sudo install -m 660 -o root -g root \ - etc/postfix/$vm_domainname/transport \ - /etc/postfix/$vm_domainname/transport + "$tool"/etc/postfix/$vm_domainname/transport \ + /etc/postfix/$vm_domainname/transport sudo postmap hash:/etc/postfix/$vm_domainname/transport sudo install -m 660 -o root -g root \ - etc/postfix/$vm_domainname/virtual_alias \ - /etc/postfix/$vm_domainname/virtual_alias + "$tool"/etc/postfix/$vm_domainname/virtual_alias \ + /etc/postfix/$vm_domainname/virtual_alias sudo postmap hash:/etc/postfix/$vm_domainname/virtual_alias sudo service postfix restart } -rule_mail_configure () { - rule postfix_configure - rule postgrey_configure - rule procmail_configure - rule dovecot_configure +rule_postgrey_configure () { + rule apt_get_install postgrey + sudo service postgrey restart } -rule_network_configure () { - sudo install -m 644 -o root -g root /dev/stdin /etc/hostname <<-EOF - $vm - EOF - grep -q " $vm\$" /etc/hosts || - sudo install -m 644 -o root -g root /dev/stdin /etc/hosts <<-EOF - $(cat /etc/hosts) - 127.0.0.1 $vm_fqdn $vm - EOF - sudo install -m 644 -o root -g root /dev/stdin /etc/network/interfaces <<-EOF - auto lo - iface lo inet loopback - - auto eth0=grenode - iface grenode inet static - address $vm_ipv4 - gateway $vm_ipv4 # NOTE: proxy_arp sur la passerelle permet d'utiliser la même adresse - network $vm_ipv4 - broadcast $vm_ipv4 - netmask 255.255.255.255 - mtu 1300 - # NOTE: il y a besoin de ça en l'état actuel du réseau de Grenode - # car la MTU des tunnels GRE/IPsec entre les routeurs de Grenode l'impose. - # - # root@ateliers:~# ping -M do -c 1 -s \$((1500-20-8-200)) soupirail.grenode.net - # PING soupirail.grenode.net (91.216.110.1) 1272(1300) bytes of data. - # 1280 bytes from soupirail.grenode.net (91.216.110.1): icmp_req=1 ttl=63 time=18.0 ms - # - # --- soupirail.grenode.net ping statistics --- - # 1 packets transmitted, 1 received, 0% packet loss, time 0ms - # rtt min/avg/max/mdev = 18.027/18.027/18.027/0.000 ms - # root@ateliers:~# ping -M do -c 1 -s \$((1500-20-8-200+1)) soupirail.grenode.net - # PING soupirail.grenode.net (91.216.110.1) 1273(1301) bytes of data. - # From estran.grenode.net (91.216.110.6) icmp_seq=1 Frag needed and DF set (mtu = 1300) - # - # --- soupirail.grenode.net ping statistics --- - # 0 packets transmitted, 0 received, +1 errors - post-up ip address add $vm_ipv4/32 dev \$IFACE - pre-down ip address delete $vm_ipv4/32 dev \$IFACE - EOF +rule_procmail_configure () { + rule apt_get_install procmail + sudo install -d -m 770 -o root -g adm \ + /etc/skel/etc/mail \ + /etc/skel/var/cache/mail \ + /etc/skel/var/log/mail \ + /etc/skel/var/mail + sudo install -m 660 -o root -g adm \ + "$tool"/etc/skel/etc/mail/delivery.procmailrc \ + /etc/skel/etc/mail/delivery.procmailrc } rule_ssh_configure () { ssh-keygen -F "$vm_fqdn" -f "$tool"/etc/openssh/known_hosts | @@ -652,11 +659,11 @@ rule_user_configure () { 'case \$(/usr/bin/passwd --status "\$SUDO_USER") in ("\$SUDO_USER L "*) /usr/bin/passwd \$SUDO_USER;; esac' EOF sudo install -m 644 -o root -g root \ - etc/bash.bashrc \ - /etc/bash.bashrc + "$tool"/etc/bash.bashrc \ + /etc/bash.bashrc sudo install -m 644 -o root -g root \ - etc/screenrc \ - /etc/screenrc + "$tool"/etc/screenrc \ + /etc/screenrc } rule_user_root_configure () { sudo install -d -m 750 -o root -g adm \ @@ -685,10 +692,12 @@ rule_configure () { rule git_configure rule etckeeper_configure rule locale_configure + rule time_configure rule network_configure rule filesystem_configure rule login_configure rule ssh_configure + rule mail_configure rule user_root_configure rule boot_configure rule user_configure