. "$tool"/lib/rule.sh
. "$tool"/etc/vm.sh
export TRACE=1
-cd /
rule_help () { # SYNTAX: [--hidden]
local hidden; [ ${1:+set} ] || hidden=set
sudo adduser "$@" "$user"
}
rule_apt_get_install () { # SYNTAX: $package
- sudo DEBIAN_FRONTEND=noninteractive apt-get install --yes "$@"
+ sudo \
+ DEBIAN_FRONTEND=noninteractive \
+ DEBIAN_PRIORITY=low \
+ apt-get install --yes "$@"
}
rule_dpkg_reconfigure () { # SYNTAX: $package
- sudo DEBIAN_FRONTEND=noninteractive dpkg-reconfigure "$@"
+ sudo \
+ DEBIAN_FRONTEND=noninteractive \
+ DEBIAN_PRIORITY=low \
+ dpkg-reconfigure "$@"
}
rule__chrooted_configure () { # NOTE: est-ce bien utile à un moment ?
sudo service apache2 restart
}
rule_apt_configure () {
- sudo install -m 660 -o root -g root /dev/stdin /etc/apt/sources.list <<-EOF
+ sudo install -m 664 -o root -g root /dev/stdin /etc/apt/sources.list <<-EOF
deb http://ftp.rezopole.net/debian $vm_lsb_name main
EOF
- sudo install -m 660 -o root -g root /dev/stdin /etc/apt/sources.list.d/$vm_lsb_name-backports.list <<-EOF
+ sudo install -m 664 -o root -g root /dev/stdin /etc/apt/sources.list.d/$vm_lsb_name-backports.list <<-EOF
deb http://ftp.rezopole.net/debian $vm_lsb_name-backports main
EOF
- sudo install -m 660 -o root -g root /dev/stdin /etc/apt/sources.list.d/openerp.list <<-EOF
+ sudo install -m 664 -o root -g root /dev/stdin /etc/apt/sources.list.d/openerp.list <<-EOF
deb http://nightly.openerp.com/7.0/nightly/deb/ ./
EOF
- sudo install -m 660 -o root -g root /dev/stdin /etc/apt/preferences <<-EOF
+ sudo install -m 664 -o root -g root /dev/stdin /etc/apt/preferences <<-EOF
Package: *
Pin: release a=$vm_lsb_name
Pin-Priority: 200
# et davantage sécurisant.
EOF
}
+rule_duplicity_configure () {
+ rule apt_get_install duplicity
+ home="/home/backup"
+ rule adduser backup \
+ --disabled-password \
+ --group \
+ --home "$home" \
+ --shell /bin/bash \
+ --system
+ sudo usermod --home "$home" backup
+ sudo install -d -m 750 -o backup -g backup \
+ "$home" \
+ "$home"/etc \
+ "$home"/etc/gpg \
+ "$home"/etc/ssh
+ sudo install -d -m 770 -o backup -g backup \
+ "$home"/mysql \
+ "$home"/postgres
+ getent group sudo backup |
+ while IFS=: read -r group x x users
+ do while test -n "$users" && IFS=, read -r user users <<-EOF
+ $users
+ EOF
+ do eval local home\; home="~$user"
+ sudo cat "$home"/etc/ssh/authorized_keys
+ done
+ done |
+ sudo install -m 640 -o backup -g backup /dev/stdin \
+ "$home"/etc/ssh/authorized_keys
+ sudo ln -fns etc/gpg "$home"/.gnupg
+ #sudo adduser backup mysql-data
+ #sudo adduser backup postgres-data
+ }
rule_etckeeper_configure () {
sudo install -m 644 -o root -g root /dev/stdin /etc/etckeeper/etckeeper.conf <<-EOF
VCS=git
sudo install -m 640 -o root -g root /dev/stdin \
/etc/network/interfaces
}
-rule_runit_configure () { # SYNTAX: $sv
+rule_runit_configure () { # SYNTAX: $sv [...] -- $configure_options
rule apt_get_install runit
- local -; set +f
- sudo find /etc/sv -mindepth 1 -maxdepth 1 -type d -name "${1:-*}" -exec \
- /bin/sh -efux -c 'case $(sv stop "$1") in
- (*": runsv not running") true;;
- (*": unable to open supervise/ok: file does not exist") true;;
- ("ok: down:"*) true;;
- (*) false;;
- esac' '' {} +
- for sv in ${1-"$tool"/etc/sv/*}
- do sv=${sv##*/}
- rule runit_sv_configure "$sv"
- rule runit_sv_start "$sv"
- done
- #sleep 3
- #sudo find -L /etc/service -type l -delete
+ if test $# = 0
+ then
+ set +x
+ sudo sv status \
+ $(sudo find /etc/sv \
+ -mindepth 1 -maxdepth 1 -type d \
+ -printf '%p\n' | sort)
+ else
+ local services=
+ while [ $# -gt 0 ]
+ do case $1 in
+ (--) shift; break;;
+ (*) services="$services $1"; shift;;
+ esac
+ done
+ #for sv in $(sudo find /etc/sv \
+ # -mindepth 1 -maxdepth 1 -type d \
+ # -false $(printf -- '-or -name %s\n' $services) \
+ # -printf '%f\n')
+ # do
+ # case $(sudo sv stop "$sv" | tee /dev/stderr) in
+ # (*": runsv not running") true;;
+ # (*": unable to open supervise/ok: file does not exist") true;;
+ # ("ok: down:"*) true;;
+ # (*) false;;
+ # esac
+ # done
+ for sv in $(find "$tool"/etc/sv \
+ -mindepth 1 -maxdepth 1 -type d \
+ -false $(printf -- '-or -name %s\n' $services) \
+ -printf '%f\n')
+ do
+ rule _runit_sv_configure "$sv" "$@"
+ rule _runit_sv_start "$sv"
+ done
+ #sleep 3
+ #sudo find -L /etc/service -type l -delete
+ fi
}
-rule_runit_sv_configure () { # SYNTAX: $sv
- local sv="$1"
+rule__runit_sv_configure () { # SYNTAX: $sv $configure_options
+ local sv="$1"; shift
sudo install -d -m 770 -o root -g root \
/etc/sv/"$sv"
sudo install -m 770 -o root -g root \
fi
(
test ! -r "$tool"/etc/sv/"$sv"/configure.sh ||
- . "$tool"/etc/sv/"$sv"/configure.sh
+ . "$tool"/etc/sv/"$sv"/configure.sh || return 1
+ )
+ (
test ! -r "$tool"/etc/sv/"$sv"/log/configure.sh ||
- . "$tool"/etc/sv/"$sv"/log/configure.sh
+ . "$tool"/etc/sv/"$sv"/log/configure.sh || return 1
)
sudo ln -fns \
../sv/"$sv" \
/etc/service/"$sv"
}
-rule_runit_sv_restart () { # SYNTAX: $sv
+rule__runit_sv_restart () { # SYNTAX: $sv
local sv="$1"
while true
- do case $(sudo sv restart "$sv") in
- ("fail: $sv: runsv not running") sleep 1;;
- ("warning: $sv: unable to open supervise/ok: file does not exists") sleep 1;;
+ do case $(sudo sv restart "$sv" | tee /dev/stderr) in
+ (*": runsv not running") sleep 1;;
+ (*": unable to open supervise/ok: file does not exist") sleep 1;;
(*) break;;
esac
done
}
-rule_runit_sv_start () { # SYNTAX: $sv
+rule__runit_sv_start () { # SYNTAX: $sv
local sv="$1"
while true
- do case $(sudo sv start "$sv") in
- ("fail: $sv: runsv not running") sleep 1;;
- ("warning: $sv: unable to open supervise/ok: file does not exists") sleep 1;;
+ do case $(sudo sv start "$sv" | tee /dev/stderr) in
+ (*": runsv not running") sleep 1;;
+ (*": unable to open supervise/ok: file does not exist") sleep 1;;
(*) break;;
esac
done
sudo install -m 640 -o "$user" -g "$user" \
"$tool"/var/pub/ssh/"$user".key \
"$home"/etc/ssh/authorized_keys
- local key; local -; set +f
- for key in "$tool"/var/pub/openpgp/*.key
- do sudo -u "$user" gpg --import - <"$key"
- done
+ gpg \
+ --homedir "$tool"/var/pub/openpgp/ \
+ --no-default-keyring \
+ --secret-keyring /dev/null \
+ --export |
+ sudo -u "$user" gpg --import -
}
rule_user_configure () {
rule apt_get_install bash-completion
sudo install -m 644 -o root -g root \
"$tool"/etc/bash.bashrc \
/etc/bash.bashrc
+ sudo install -m 644 -o root -g root \
+ "$tool"/etc/inputrc \
+ /etc/inputrc
sudo install -m 644 -o root -g root \
"$tool"/etc/screenrc \
/etc/screenrc
for sh in "$tool"/etc/user.d/*/configure.sh
do sh=${sh#"$tool"/etc/user.d/}
local user="${sh%/configure.sh}"
- . "$tool"/etc/user.d/"$sh"
+ (
+ . "$tool"/etc/user.d/"$sh" || return 1
+ )
done
}
rule_user_admin_add () { # SYNTAX: $user
sudo install -m 640 -o root -g root \
"$tool"/var/pub/ssh/"$user".key \
"$home"/etc/ssh/authorized_keys
- local key; local -; set +f
- for key in "$tool"/var/pub/openpgp/*.key
- do sudo -u "$user" gpg --import - <"$key"
- done
+ gpg \
+ --homedir "$tool"/var/pub/openpgp/ \
+ --no-default-keyring \
+ --secret-keyring /dev/null \
+ --export |
+ sudo -u "$user" gpg --import -
rule user_admin_configure
}
rule_user_admin_configure () {
sudo cat "$home"/etc/ssh/authorized_keys
done
done |
- sudo install -m 640 -o root -g root /dev/stdin /root/etc/ssh/authorized_keys
- local key; local -; set +f
- for key in "$tool"/var/pub/openpgp/*.key
- do sudo gpg --import "$key"
- done
- }
-rule_www_configure () {
+ sudo install -m 640 -o root -g root /dev/stdin \
+ /root/etc/ssh/authorized_keys
+ gpg \
+ --homedir "$tool"/var/pub/openpgp/ \
+ --no-default-keyring \
+ --secret-keyring /dev/null \
+ --export |
+ sudo gpg --import -
+ }
+rule__www_configure () {
rule adduser www \
--disabled-login \
--disabled-password \
(help);;
(*)
assert 'test "$(hostname --fqdn)" = "$vm_fqdn"' vm_fqdn
+ cd /
;;
esac
rule $rule "$@"
dépôts / lhc / ateliers.git / blobdiff