sudo install -m 400 -o root -g root \
"$tool"/var/pub/x509/$vm_domainname/imap/crt+crl.self-signed.pem \
/etc/dovecot/$vm_domainname/imap/x509/crt+crl.self-signed.pem
- sudo install -d -m 770 -o root -g adm \
+ sudo install -d -m 770 -o root -g root \
/etc/skel/etc/mail \
/etc/skel/etc/sieve
sudo install -d -m 1777 -o root -g root \
${vm_lvm_lv}_home_deciphered /dev/$vm_lvm_vg/${vm_lvm_lv}_home ${vm_lvm_lv}_root_deciphered luks,lvm=$vm_lvm_vg,keyscript=/lib/cryptsetup/scripts/decrypt_derived
${vm_lvm_lv}_swap_deciphered /dev/$vm_lvm_vg/${vm_lvm_lv}_swap ${vm_lvm_lv}_root_deciphered luks,lvm=$vm_lvm_vg,keyscript=/lib/cryptsetup/scripts/decrypt_derived
EOF
- sudo install -m 644 -o root -g root /dev/stdin /etc/default/tmpfs <<-EOF
- LOCK_SIZE=5242880 # NOTE: 5MiB
- RAMLOCK=yes
- RAMSHM=yes
- RAMTMP=yes
- RUN_SIZE=10%
- SHM_SIZE=
- TMP_MODE=1777,nr_inodes=1000k,noatime
- TMP_OVERFLOW_LIMIT=1024
- # NOTE: mount tmpfs on /tmp if there is less than the limit size (in kiB)
- # on the root filesystem (overriding RAMTMP).
- TMP_SIZE=200m
- TMPFS_SIZE=20%VM
- EOF
- sudo install -m 775 -o root -g root \
- "$tool"/etc/init.d/tmpfs \
- /etc/init.d/tmpfs
- sudo update-rc.d tmpfs defaults
+ rule tmpfs_configure
}
rule_initramfs_configure () {
sudo install -m 644 -o root -g root /dev/stdin /etc/initramfs-tools/initramfs.conf <<-EOF
#sudo sv restart spawn-fcgi.git.80.git.heureux-cyclage.org
#sudo sv restart git-daemon.git.9418
}
-rule_locale_configure () {
+rule_locales_configure () {
sudo debconf-set-selections <<-EOF
locales locales/default_environment_locale select None
locales locales/locales_to_be_generated multiselect fr_FR.UTF-8 UTF-8
# Xen hypervisor console
hvc:2345:respawn:/sbin/getty 38400 hvc0
#xvc:2345:respawn:/sbin/getty 38400 xvc0
+
+ #-- runit begin
+ SV:123456:respawn:/usr/sbin/runsvdir-start
+ #-- runit end
EOF
sudo install -m 644 -o root -g root /dev/stdin /etc/login.defs <<-EOF
MAIL_DIR /var/mail
}
rule_procmail_configure () {
rule apt_get_install procmail
- sudo install -d -m 770 -o root -g adm \
+ sudo install -d -m 770 -o root -g root \
/etc/skel/etc/mail \
/etc/skel/var/cache/mail \
/etc/skel/var/log/mail \
/etc/skel/var/mail
- sudo install -m 660 -o root -g adm \
+ sudo install -m 660 -o root -g root \
"$tool"/etc/skel/etc/mail/delivery.procmailrc \
/etc/skel/etc/mail/delivery.procmailrc
}
+rule_runit_configure () {
+ rule apt_get_install runit
+ local -; set +f
+ rm -f /etc/service/*
+ # NOTE: runsvdir éteindra les services qui n'apparaîtront plus ici.
+ for sv in "$tool"/etc/sv/*
+ do sv=${sv#"$tool"/etc/sv/}
+ sudo install -d -m 770 -o root -g root \
+ /etc/sv/"$sv"
+ sudo install -m 770 -o root -g root \
+ "$tool"/etc/sv/"$sv"/run \
+ /etc/sv/"$sv"/run
+ if test -e "$tool"/etc/sv/"$sv"/log/run
+ then
+ sudo install -d -m 770 -o root -g root \
+ /etc/sv/"$sv"/log
+ sudo install -m 770 -o root -g root \
+ "$tool"/etc/sv/"$sv"/log/run \
+ /etc/sv/"$sv"/log/run
+ fi
+ if test ! -x "$tool"/etc/sv/"$sv"/configure ||
+ "$tool"/etc/sv/"$sv"/configure
+ then
+ ln -fns ../sv/"$sv" /etc/service/"$sv"
+ sv restart "$sv"
+ else
+ done
+ }
rule_ssh_configure () {
ssh-keygen -F "$vm_fqdn" -f "$tool"/etc/openssh/known_hosts |
( while IFS= read -r line
done
sudo sysctl --system
}
+rule_tmpfs_configure () {
+ sudo install -m 644 -o root -g root /dev/stdin /etc/default/tmpfs <<-EOF
+ LOCK_SIZE=5242880 # NOTE: 5MiB
+ RAMLOCK=yes
+ RAMSHM=yes
+ RAMTMP=yes
+ RUN_SIZE=10%
+ SHM_SIZE=
+ TMP_MODE=1777,nr_inodes=1000k,noatime
+ TMP_OVERFLOW_LIMIT=1024
+ # NOTE: mount tmpfs on /tmp if there is less than the limit size (in kiB)
+ # on the root filesystem (overriding RAMTMP).
+ TMP_SIZE=200m
+ TMPFS_SIZE=20%VM
+ EOF
+ sudo install -m 775 -o root -g root \
+ "$tool"/etc/init.d/tmpfs \
+ /etc/init.d/tmpfs
+ sudo update-rc.d tmpfs defaults
+ }
rule_time_configure () {
sudo install -m 644 -o root -g root /dev/stdin /etc/timezone <<-EOF
Europe/Paris
done
}
rule_user_configure () {
- true
+ sudo install -m 660 -o root -g root /dev/stdin \
+ /etc/adduser.conf <<-EOF
+ ADD_EXTRA_GROUPS=1
+ DHOME=/home
+ DIR_MODE=0750
+ DSHELL=/bin/bash
+ EXTRA_GROUPS="users"
+ FIRST_GID=1000
+ FIRST_SYSTEM_GID=100
+ FIRST_SYSTEM_UID=100
+ FIRST_UID=1000
+ GROUPHOMES=no
+ LAST_GID=29999
+ LAST_SYSTEM_GID=999
+ LAST_SYSTEM_UID=999
+ LAST_UID=29999
+ LETTERHOMES=no
+ NAME_REGEX="^[a-z][-a-z0-9_.]*\$"
+ QUOTAUSER="" # TODO: init
+ SETGID_HOME=no
+ SKEL=/etc/skel
+ SKEL_IGNORE_REGEX="dpkg-(old|new|dist|save)"
+ USERGROUPS=yes
+ USERS_GID=100
+ EOF
}
rule_user_admin_add () { # SYNTAX: $user
rule user_configure
local user=$1
- id "$user" >/dev/null ||
+ getent passwd "$user" >/dev/null ||
sudo adduser --disabled-password "$user"
eval local home\; home="~$user"
sudo adduser "$user" sudo
- sudo adduser "$user" users
sudo install -m 640 -o root -g root \
"$tool"/var/pub/ssh/"$user".key \
"$home"/etc/ssh/authorized_keys
rule user_root_configure
}
rule_user_configure () {
- sudo install -d -m 750 -o root -g adm \
+ sudo install -d -m 750 -o root -g root \
+ /etc/skel \
/etc/skel/etc \
/etc/skel/etc/gpg \
/etc/skel/etc/ssh
- sudo install -d -m 770 -o root -g adm \
+ sudo install -d -m 770 -o root -g root \
/etc/skel/var \
/etc/skel/var/cache \
/etc/skel/var/log \
/etc/screenrc
}
rule_user_root_configure () {
- sudo install -d -m 750 -o root -g adm \
+ sudo install -d -m 750 -o root -g root \
/root/etc \
/root/etc/gpg \
/root/etc/ssh
do sudo gpg --import "$key"
done
}
-rule_xinetd_configure () {
- rule apt_get_install xinetd
- local -; set +f
- for conf in "$tool"/etc/xinetd.d/*
- do conf=${conf#"$tool"/etc/xinetd.d/}
- sudo install -m 660 -o root -g root \
- "$tool"/etc/xinetd.d/"$conf" \
- /etc/xinetd.d/"$conf"
- done
- sudo service xinetd restart
- }
rule_configure () {
rule apt_configure
rule git_configure
rule etckeeper_configure
- rule locale_configure
+ rule locales_configure
rule time_configure
rule network_configure
rule filesystem_configure
rule nginx_configure
rule php5_fpm_configure
rule gitolite_configure
- rule xinetd_configure
+ rule runit_configure
}
rule_luks_key_change () {
dépôts / lhc / ateliers.git / blobdiff