# et davantage sécurisant.
EOF
}
+rule_duplicity_configure () {
+ rule apt_get_install duplicity
+ home="/home/backup"
+ rule adduser backup \
+ --disabled-password \
+ --group \
+ --home "$home" \
+ --shell /bin/bash \
+ --system
+ sudo usermod --home "$home" backup
+ sudo install -d -m 750 -o backup -g backup \
+ "$home" \
+ "$home"/etc \
+ "$home"/etc/gpg \
+ "$home"/etc/ssh
+ sudo install -d -m 770 -o backup -g backup \
+ "$home"/mysql \
+ "$home"/postgres
+ getent group sudo backup |
+ while IFS=: read -r group x x users
+ do while test -n "$users" && IFS=, read -r user users <<-EOF
+ $users
+ EOF
+ do eval local home\; home="~$user"
+ sudo cat "$home"/etc/ssh/authorized_keys
+ done
+ done |
+ sudo install -m 640 -o backup -g backup /dev/stdin \
+ "$home"/etc/ssh/authorized_keys
+ sudo ln -fns etc/gpg "$home"/.gnupg
+ #sudo adduser backup mysql-data
+ #sudo adduser backup postgres-data
+ }
rule_etckeeper_configure () {
sudo install -m 644 -o root -g root /dev/stdin /etc/etckeeper/etckeeper.conf <<-EOF
VCS=git
sudo install -m 640 -o root -g root /dev/stdin \
/etc/network/interfaces
}
-rule_runit_configure () { # SYNTAX: $sv -- $configure_options
- #rule apt_get_install runit
+rule_runit_configure () { # SYNTAX: $sv [...] -- $configure_options
+ rule apt_get_install runit
if test $# = 0
then
set +x
-false $(printf -- '-or -name %s\n' $services) \
-printf '%f\n')
do
- rule runit_sv_configure "$sv" "$@"
- rule runit_sv_start "$sv"
+ rule _runit_sv_configure "$sv" "$@"
+ rule _runit_sv_start "$sv"
done
#sleep 3
#sudo find -L /etc/service -type l -delete
fi
}
-rule_runit_sv_configure () { # SYNTAX: $sv $configure_options
+rule__runit_sv_configure () { # SYNTAX: $sv $configure_options
local sv="$1"; shift
sudo install -d -m 770 -o root -g root \
/etc/sv/"$sv"
../sv/"$sv" \
/etc/service/"$sv"
}
-rule_runit_sv_restart () { # SYNTAX: $sv
+rule__runit_sv_restart () { # SYNTAX: $sv
local sv="$1"
while true
do case $(sudo sv restart "$sv" | tee /dev/stderr) in
esac
done
}
-rule_runit_sv_start () { # SYNTAX: $sv
+rule__runit_sv_start () { # SYNTAX: $sv
local sv="$1"
while true
do case $(sudo sv start "$sv" | tee /dev/stderr) in
sudo install -m 640 -o "$user" -g "$user" \
"$tool"/var/pub/ssh/"$user".key \
"$home"/etc/ssh/authorized_keys
- local key; local -; set +f
- for key in "$tool"/var/pub/openpgp/*.key
- do sudo -u "$user" gpg --import - <"$key"
- done
+ gpg \
+ --homedir "$tool"/var/pub/openpgp/ \
+ --no-default-keyring \
+ --secret-keyring /dev/null \
+ --export |
+ sudo -u "$user" gpg --import -
}
rule_user_configure () {
rule apt_get_install bash-completion
sudo install -m 644 -o root -g root \
"$tool"/etc/bash.bashrc \
/etc/bash.bashrc
+ sudo install -m 644 -o root -g root \
+ "$tool"/etc/inputrc \
+ /etc/inputrc
sudo install -m 644 -o root -g root \
"$tool"/etc/screenrc \
/etc/screenrc
sudo install -m 640 -o root -g root \
"$tool"/var/pub/ssh/"$user".key \
"$home"/etc/ssh/authorized_keys
- local key; local -; set +f
- for key in "$tool"/var/pub/openpgp/*.key
- do sudo -u "$user" gpg --import - <"$key"
- done
+ gpg \
+ --homedir "$tool"/var/pub/openpgp/ \
+ --no-default-keyring \
+ --secret-keyring /dev/null \
+ --export |
+ sudo -u "$user" gpg --import -
rule user_admin_configure
}
rule_user_admin_configure () {
sudo cat "$home"/etc/ssh/authorized_keys
done
done |
- sudo install -m 640 -o root -g root /dev/stdin /root/etc/ssh/authorized_keys
- local key; local -; set +f
- for key in "$tool"/var/pub/openpgp/*.key
- do sudo gpg --import "$key"
- done
- }
-rule_www_configure () {
+ sudo install -m 640 -o root -g root /dev/stdin \
+ /root/etc/ssh/authorized_keys
+ gpg \
+ --homedir "$tool"/var/pub/openpgp/ \
+ --no-default-keyring \
+ --secret-keyring /dev/null \
+ --export |
+ sudo gpg --import -
+ }
+rule__www_configure () {
rule adduser www \
--disabled-login \
--disabled-password \
dépôts / lhc / ateliers.git / blobdiff