rule_git_reset () {
(
cd "$tool"
- git checkout -f -B master origin
+ git checkout -f -B master remotes/master
git clean -f -d -x
)
}
-rule_chrooted () {
+rule__chrooted_configure () { # NOTE: est-ce bien utile à un moment ?
export LANG=C
export LC_CTYPE=C
. /etc/profile
}
-rule_apt_init () {
+rule_apt_configure () {
mk_reg mod= own= /etc/apt/sources.list <<-EOF
deb http://ftp.fr.debian.org/debian $vm_lsb_name main contrib non-free
EOF
deb http://nightly.openerp.com/trunk/nightly/deb/ ./
EOF
}
-rule_apticron_init () {
+rule_apticron_configure () {
sudo apt-get install --reinstall apticron
mk_reg mod=644 own=root:root /etc/apticron/apticron.conf <<-EOF
EMAIL="admin@heureux-cyclage.org"
EOF
sudo service apticron restart
}
-rule_boot_init () {
+rule_boot_configure () {
sudo apt-get install --reinstall grub-pc # XXX: attention à n'installer GRUB sur AUCUN disque proposé !
mk_dir mod=644 own=root:root /boot/grub
sudo apt-get install --reinstall linux-image-$vm_arch
(hd0) /dev/mapper/domU-$(printf %s $vm_fqdn-disk | sed -e 's/-/--/g')
EOF
sudo update-grub2 # NOTE: prend en compte /boot/grub/device.map
- rule initramfs_init
+ rule initramfs_configure
}
-rule_etckeeper_init () {
+rule_etckeeper_configure () {
mk_reg mod=644 own=root:root /etc/etckeeper/etckeeper.conf <<-EOF
VCS=git
GIT_COMMIT_OPTIONS=""
LOWLEVEL_PACKAGE_MANAGER=dpkg
EOF
}
-rule_filesystem_init () {
+rule_filesystem_configure () {
mk_reg mod=644 own=root:root /etc/fstab <<-EOF
# <file system> <mount point> <type> <options> <dump> <pass>
LABEL=${vm_lvm_lv}_boot /boot ext2 defaults 0 0
vm.vfs_cache_pressure=50
EOF
}
-rule_initramfs_init () {
+rule_initramfs_configure () {
mk_reg mod=644 own=root:root /etc/initramfs-tools/initramfs.conf <<-EOF
MODULES=most
BUSYBOX=y
sudo sed -e '/^configure_networking /s/ &$//' \
-i /usr/share/initramfs-tools/scripts/init-premount/dropbear
# NOTE: corrige une vermine : dropbear doit attendre que le réseau soit configuré..
- sudo rm -f \
- /etc/initramfs-tools/etc/dropbear/dropbear_dss_host_key \
- /etc/initramfs-tools/etc/dropbear/dropbear_dss_host_key.pub \
- /etc/initramfs-tools/etc/dropbear/dropbear_rsa_host_key \
- /etc/initramfs-tools/etc/dropbear/dropbear_rsa_host_key.pub
ssh-keygen -F "init.$vm_fqdn" -f "$tool"/etc/openssh/known_hosts |
( while IFS= read -r line
do case $line in (*" RSA") return 0; break;; esac
done; return 1 ) ||
+ {
+ sudo rm -f \
+ /etc/initramfs-tools/etc/dropbear/dropbear_rsa_host_key \
+ /etc/initramfs-tools/etc/dropbear/dropbear_rsa_host_key.pub
sudo dropbearkey -t rsa -s 4096 -f \
/etc/initramfs-tools/etc/dropbear/dropbear_rsa_host_key
- ssh-keygen -F "init.$vm_fqdn" -f "$tool"/etc/openssh/known_hosts |
- ( while IFS= read -r line
- do case $line in (*" DSA") return 0; break;; esac
- done; return 1 ) ||
- sudo dropbearkey -t dss -s 1024 -f \
- /etc/initramfs-tools/etc/dropbear/dropbear_dss_host_key
+ }
+ # NOTE: ne se préoccupe pas de dropbear_dss_host_key ; Debian la génère et l'utilise néamoins.
mk_dir mod=640 own=root:root \
/etc/initramfs-tools/root \
/etc/initramfs-tools/root/.ssh
# NOTE: clefs générées par Debian
sudo update-initramfs -u
}
-rule_locale_init () {
+rule_locale_configure () {
mk_reg mod=644 own=root:root /etc/locale.gen <<-EOF
fr_FR.UTF-8 UTF-8
EOF
sudo update-locale
}
-rule_login_init () {
+rule_login_configure () {
grep -q '^hvc0$' /etc/securetty ||
mk_reg mod= own= --append /etc/securetty <<-EOF
hvc0
session optional pam_umask.so
EOF
}
-rule_network_init () {
+rule_network_configure () {
mk_reg mod= own= /etc/hostname <<-EOF
$vm
EOF
pre-down ip address delete $vm_ipv4/32 dev \$IFACE
EOF
}
-rule_user_init () {
+rule_user_configure () {
mk_dir mod=750 own="root:adm" /etc/skel/etc
mk_dir mod=770 own="root:adm" /etc/skel/etc/apache2
mk_dir mod=770 own="root:adm" /etc/skel/etc/ssh
'case \$(/usr/bin/passwd --status "\$SUDO_USER") in ("\$SUDO_USER L "*) /usr/bin/passwd \$SUDO_USER;; esac'
EOF
}
-rule_user_root_init () {
+rule_user_root_configure () {
mk_dir mod=750 own=root:root /root/etc
mk_dir mod=750 own=root:root /root/etc/ssh
mk_dir mod=750 own=root:root /root/etc/gpg
done
done |
mk_reg mod=640 own=root:root /root/etc/ssh/authorized_keys
- local key
+ local key; local -; set +f
for key in "$tool"/var/pub/openpgp/*.key
do sudo gpg --import "$key"
done
}
-rule_bin_init () {
+rule_bin_configure () {
mk_lnk "$tool"/vm_hosted /usr/local/sbin/
}
-rule_init () {
- rule etckeeper_init
- rule locale_init
- rule network_init
- rule apt_init
- rule filesystem_init
- rule login_init
- rule user_root_init
- rule boot_init
- rule bin_init
+rule_configure () {
+ rule etckeeper_configure
+ rule locale_configure
+ rule network_configure
+ rule apt_configure
+ rule filesystem_configure
+ rule login_configure
+ rule user_root_configure
+ rule boot_configure
+ rule bin_configure
}
rule_disk_key_change () {
sudo cryptsetup luksChangeKey /dev/$vm_lvm_vg/${vm_lvm_lv}_root
}
+rule_user_admin_configure () {
+ rule initramfs_configure
+ rule user_root_configure
+ }
rule_user_admin_add () { # SYNTAX: $user
local user=$1
id "$user" >/dev/null ||
sudo adduser "$user" sudo
mk_reg mod=640 own=$user:$user "$home"/etc/ssh/authorized_keys \
<"$tool"/var/pub/ssh/"$user".key
- rule initramfs_init
- rule user_root_init
local key; local -; set +f
for key in "$tool"/var/pub/openpgp/*.key
do sudo -u "$user" gpg --import "$key"
done
+ rule user_admin_configure
}
rule_user_mail_format () {
mk_dir mod=770 own=root:adm /etc/skel/etc/procmail
mk_reg mod=664 own=root:root /etc/postgrey/whitelist_recipients.local <<-EOF
EOF
}
-rule_mail_init () {
+rule_mail_configure () {
sudo apt-get install postfix postgrey dovecot
}
(help);;
(*)
assert 'test "$(hostname --fqdn)" = "$vm_fqdn"' vm_fqdn
- ${TRACE:+set -x}
;;
esac
rule $rule "$@"
dépôts / lhc / ateliers.git / blobdiff