#!/bin/sh
set -e -f ${DRY_RUN:+-n} -u
-tool=${0%/*}
+tool=$(cd "${0%/*}"; cd -)
. "$tool"/lib/rule.sh
. "$tool"/etc/vm.sh
cd "$tool"
local remote=${1#remote=}; shift
GIT_SSH=./lib/ssh git push -v "$remote" "$@"
- info "penser à faire : vm_hosted git_reset"
)
}
rule__x509_service_key_send_deciphered () { # SYNTAX: $service $remote_destination ${ssh_options-}
local service="$1"; shift
local remote_destination="$1"; shift
- gpg --decrypt "var/sec/x509/service/$service/key.pass.gpg" |
+ gpg --decrypt "var/sec/x509/$vm_domainname/$service/key.pass.gpg" |
openssl rsa -passin 'stdin' \
- -in "var/sec/x509/service/$service/key.pem" \
+ -in "var/sec/x509/$vm_domainname/$service/key.pem" \
-out '/dev/stdout' |
rule ssh "$@" ' \
install -m 400 -o root -g root \
/dev/stdin \
- "'"$remote_destination"'" \
+ '"$remote_destination"' \
'
}
-o var/sec/luks/${vm_lvm_lv}_${part}.luks.gpg
done
}
+
+rule_apache2_key_send () {
+ local -; set +f
+ for conf in "$tool"/etc/apache2/site.d/*/VirtualHost.conf
+ do conf=${conf#"$tool"/etc/apache2/site.d/}
+ local port domain
+ IFS=. read -r port domain <<-EOF
+ ${conf%\/VirtualHost\.conf}
+ EOF
+ assert 'test "${port:+set}"'
+ assert 'test "${domain:+set}"'
+ local site="$port.$domain"
+ case $port in
+ (443)
+ rule ssh -l root ' \
+ sudo install -d -m 770 -o '"$user"' -g '"$user"' \
+ /etc/apache2 \
+ /etc/apache2/site.d/'"$site"' \
+ /etc/apache2/site.d/'"$site"'/x509; \
+ sudo install -m 644 -o '"$user"' -g '"$user"' /dev/stdin \
+ /etc/apache2/site.d/'"$site"'/x509/.gitignore <<-EOF
+ key.pem
+ EOF
+ '
+ rule _x509_service_key_send_deciphered $service \
+ /etc/apache2/"$site"/x509/key.pem -l root "$@"
+ ;;
+ esac
+ done
+ }
rule_dovecot_key_send () {
rule ssh -l root ' \
sudo install -d -m 770 -o root -g root \
EOF
'
rule _x509_service_key_send_deciphered imap \
- /etc/dovecot/$vm_domainname/imap/x509/key.pem -l root "$@"
+ /etc/dovecot/$vm_domainname/$service/x509/key.pem -l root "$@"
+ }
+rule_gitolite_configure () {
+ (
+ cd "$tool"/etc/gitolite
+ GIT_SSH=../../lib/ssh \
+ ssh-agent sh -c ' \
+ SSH_ASKPASS='"$tool"'/lib/ssh-pass \
+ SSH_ID=git \
+ ssh-add '"$tool"'/var/sec/ssh/git </dev/null && \
+ git push -v origin '"$*"
+ )
+ }
+rule_nginx_key_send () {
+ local -; set +f
+ for conf in "$tool"/etc/nginx/site.d/*/server.conf
+ do conf=${conf#"$tool"/etc/nginx/site.d/}
+ local port domain
+ IFS=. read -r port domain <<-EOF
+ ${conf%\/server\.conf}
+ EOF
+ assert 'test "${port:+set}"'
+ assert 'test "${domain:+set}"'
+ local site="$port.$domain"
+ case $port in
+ (443)
+ rule ssh -l root ' \
+ sudo install -d -m 770 -o root -g root \
+ /etc/nginx \
+ /etc/nginx/site.d \
+ /etc/nginx/site.d/'"$site"' \
+ /etc/nginx/site.d/'"$site"'/x509; \
+ sudo install -m 644 -o root -g root /dev/stdin \
+ /etc/nginx/site.d/'"$site"'/x509/.gitignore <<-EOF
+ key.pem
+ EOF
+ '
+ rule _x509_service_key_send_deciphered $service \
+ /etc/nginx/"$site"/x509/key.pem -l root "$@"
+ ;;
+ esac
+ done
}
rule_postfix_key_send () {
rule ssh -l root ' \
sudo install -d -m 770 -o root -g root \
/etc/postfix/'"$vm_domainname"'/ \
- /etc/postfix/'"$vm_domainname"'/smptd \
- /etc/postfix/'"$vm_domainname"'/smptd/x509; \
+ /etc/postfix/'"$vm_domainname"'/smtpd \
+ /etc/postfix/'"$vm_domainname"'/smtpd/x509; \
sudo install -m 644 -o root -g root /dev/stdin \
/etc/postfix/'"$vm_domainname"'/smtp/x509/.gitignore <<-EOF
key.pem