dépôts / lhc / ateliers.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Modification : ateliers_host : peaufinage de la logique des partitions.
[lhc/ateliers.git] / ateliers_hosted
1 #!/bin/sh
2 set -e -f ${DRY_RUN:+-n} -u
3 tool=${0%/*}
4 . "$tool"/env.sh
5 . "$tool"/inc.sh
6
7 rule_help () {
8 cat >&2 <<-EOF
9 DESCRIPTION: ce script regroupe des fonctions utilitaires
10 pour gérer la VM des ateliers _depuis_ la VM hébergée ;
11 il sert à la fois d'outil et de documentation.
12 Voir \`$tool/ateliers_host' pour les utilitaires côté machine hôte.
13 SYNTAX: $0 \$RULE \${RULE}_SYNTAX
14 RULES:
15 $(sed -ne 's/^rule_\([^_][^ ]*\) () {\( *#.*\|\)/\t\1\2/p' "$0")
16 ENVIRONMENT:
17 TRACE # affiche les commandes avant leur exécution
18 $(sed -ne 's/^readonly \([^ =]*\).*}\( *#.*\|\)$/\t$\1\2/p' "$tool"/env.sh "$0")
19 EOF
20 }
21
22 rule_filesystem_mount () {
23 }
24 rule_filesystem_unmount () {
25 ! mountpoint /proc ||
26 umount /proc
27 ! mountpoint /sys ||
28 umount /sys
29 }
30 rule_shell_source () {
31 . /etc/profile
32 }
33 rule_network_init () {
34 mk_reg mod= own= /etc/hostname <<-EOF
35 $vm
36 EOF
37 grep -q " $vm\$" /etc/hosts ||
38 mk_reg mod= own= --append /etc/hosts <<-EOF
39 127.0.0.1 $vm.local $vm
40 EOF
41 mk_reg mod= own= /etc/network/interfaces <<-EOF
42 auto lo
43 iface lo inet loopback
44
45 auto eth0=grenode
46 iface grenode inet static
47 address $vm_ipv4
48 gateway $vm_ipv4 # NOTE: proxy_arp sur la passerelle permet d'utiliser la même adresse
49 network $vm_ipv4
50 broadcast $vm_ipv4
51 netmask 255.255.255.255
52 mtu 1300 # TODO: voir si c'est nécessaire à Lyon
53 up ip address add $vm_ipv4/32 dev \$IFACE
54 down ip address delete $vm_ipv4/32 dev \$IFACE
55 EOF
56 }
57 rule_apt_init () {
58 mk_reg mod= own= /etc/apt/sources.list <<-EOF
59 deb http://ftp.fr.debian.org/debian $vm_lsb_name main contrib non-free
60 EOF
61 mk_reg mod= own= /etc/apt/sources.list.d/openerp.list <<-EOF
62 deb http://nightly.openerp.com/trunk/nightly/deb/ ./
63 EOF
64 mk_reg mod= own= /etc/apt/sources.list.d/$vm_lsb_name-backports.list <<-EOF
65 deb http://backports.debian.org/debian-backports $vm_lsb_name-backports main contrib non-free
66 EOF
67 mk_reg mod= own= /etc/apt/preferences <<-EOF
68 Package: *
69 Pin: release a=$vm_lsb_name
70 Pin-Priority: 170
71
72 Package: *
73 Pin: release a=$vm_lsb_name-backports
74 Pin-Priority: 200
75 EOF
76 }
77 rule_boot_init () {
78 mk_reg mod= own= /etc/fstab <<-EOF
79 # <file system> <mount point> <type> <options> <dump> <pass>
80 LABEL=boot /boot ext2 defaults,no-auto 0 0
81 proc /proc proc defaults 0 0
82 sysfs /sys sysfs defaults 0 0
83 tmpfs /tmp tmpfs rw,nosuid,nodev,auto,size=200m,nr_inodes=1000k,mode=1777,noatime,nodiratime 0 0
84 /dev/mapper/${vm}_root_deciphered / ext4 defaults,errors=remount-ro,acl,noatime 0 1
85 /dev/mapper/${vm}_var_deciphered /var ext4 defaults,errors=remount-ro,acl,noatime 0 1
86 /dev/mapper/${vm}_home_deciphered /home ext4 defaults,errors=remount-ro,acl,noatime,usrquota,grpquota 0 0
87 /dev/mapper/${vm}_swap_deciphered swap swap sw 0 0
88 EOF
89 mk_reg mod= own= /etc/crypttab <<-EOF
90 # <target name> <source device> <key file> <options>
91 ${vm}_root_deciphered LABEL=${vm}_root ${vm}_root luks
92 ${vm}_var_deciphered LABEL=${vm}_var ${vm}_root_deciphered luks,keyscript=/lib/cryptsetup/scripts/decrypt_derived
93 ${vm}_swap_deciphered LABEL=${vm}_swap ${vm}_root_deciphered luks,keyscript=/lib/cryptsetup/scripts/decrypt_derived
94 ${vm}_home_deciphered LABEL=${vm}_home ${vm}_root_deciphered luks,keyscript=/lib/cryptsetup/scripts/decrypt_derived
95 EOF
96 mk_reg mod= own= /etc/initramfs-tools/modules <<-EOF
97 #loop
98 sha1_generic
99 sha256_generic
100 sha512_generic
101 aes-x86_64
102 xts
103 EOF
104 sed -i /etc/default/grub -e '/^GRUB_CMDLINE_LINUX=/d;r/dev/fd/3' 3<<-EOF
105 GRUB_CMDLINE_LINUX="vt.default_utf8=1 rootfstype=ext4 loglevel=5 console=hvc0 resume=/dev/mapper/${vm}_swap_deciphered"
106 EOF
107 }
108 rule_user_admin_add () { # SYNTAX: <name>
109 admin=$1
110 ! id "$admin" || adduser "$admin"
111 eval home="~$admin"
112 adduser "$admin" sudo
113 mk_dir mod=0750 own="$admin:$admin" "$home"/etc
114 mk_dir mod=0700 own="$admin:$admin" "$home"/etc/ssh
115 mk_reg mod=0400 own="$admin:$admin" "$home"/etc/ssh/authorized_keys <"$tool"/key/"$admin".ssh.pub
116 }
117 rule_users_init () {
118 mk_reg mod=0664 own=root:root /etc/ssh/sshd_config <<-EOF
119 ListenAddress $vm_ipv4
120 #ListenAddress ::
121 Port 22
122 Protocol 2
123 Compression yes
124 HostKey /etc/ssh/ssh_host_rsa_key
125 UsePrivilegeSeparation yes
126 KeyRegenerationInterval 3600
127 ServerKeyBits 768
128 SyslogFacility AUTH
129 LogLevel INFO
130 LoginGraceTime 120
131 PermitRootLogin no
132 StrictModes yes
133 RSAAuthentication yes
134 PubkeyAuthentication yes
135 AuthorizedKeysFile %h/etc/ssh/authorized_keys
136 IgnoreRhosts yes
137 RhostsRSAAuthentication no
138 HostbasedAuthentication no
139 IgnoreUserKnownHosts no
140 PermitEmptyPasswords no
141 ChallengeResponseAuthentication no
142 PasswordAuthentication no
143 KerberosAuthentication no
144 GSSAPIAuthentication no
145 X11Forwarding no
146 X11DisplayOffset 10
147 PrintMotd no
148 DebianBanner no
149 PrintLastLog yes
150 TCPKeepAlive yes
151 ClientAliveInterval 0
152 AcceptEnv LANG LC_*
153 Subsystem sftp /usr/lib/openssh/sftp-server
154 UsePAM yes
155 EOF
156 mk_reg mod=0440 own=root:root /etc/sudoers.d/passwd-init <<-EOF
157 %sudo ALL=(ALL) NOPASSWD: /bin/sh -e -f -u -c \
158 case \$(/usr/bin/passwd --status "\$SUDO_USER") in \
159 ("\$SUDO_USER L "*) /usr/bin/passwd \$SUDO_USER;; esac
160 EOF
161 mk_reg mod=0440 own=root:root /etc/sudoers.d/etckeeper-unclean <<-EOF
162 %sudo ALL=(ALL) NOPASSWD: /usr/sbin/etckeeper unclean
163 EOF
164 mk_reg mod=0555 own=root:root /usr/local/sbin/passwd-init <<-EOF
165 #!/bin/sh
166 sudo /bin/sh -e -f -u -c \
167 'case \$(/usr/bin/passwd --status "\$SUDO_USER") in ("\$SUDO_USER L "*) /usr/bin/passwd \$SUDO_USER;; esac'
168 EOF
169 }
170 rule_kernel_init () {
171 sudo apt-get install --reinstall linux-image-$vm_arch
172 }
173
174 rule=${1:-help}
175 ${1+shift}
176 set "${TRACE:+-x}"
177 rule_$rule "$@"
outils d'administration d'ateliers.heureux-cyclage.org