X-Git-Url: https://git.cyclocoop.org/?p=lhc%2Fateliers.git;a=blobdiff_plain;f=vm_hosted;h=4cf4b9d14c113463ad1c6fac846fa05870a890ca;hp=4ae72230cdfe9c721e1ce5f00c7dd0969a3978d7;hb=22f04b9fac14adc3d3fc98273ba126c3a51792c3;hpb=6f1326c3e20e40d34c80bf308bd7075f00b3b943 diff --git a/vm_hosted b/vm_hosted index 4ae7223..4cf4b9d 100755 --- a/vm_hosted +++ b/vm_hosted @@ -305,6 +305,39 @@ rule_boot_configure () { # et davantage sécurisant. EOF } +rule_duplicity_configure () { + rule apt_get_install duplicity + home="/home/backup" + rule adduser backup \ + --disabled-password \ + --group \ + --home "$home" \ + --shell /bin/bash \ + --system + sudo usermod --home "$home" backup + sudo install -d -m 750 -o backup -g backup \ + "$home" \ + "$home"/etc \ + "$home"/etc/gpg \ + "$home"/etc/ssh + sudo install -d -m 770 -o backup -g backup \ + "$home"/mysql \ + "$home"/postgres + getent group sudo backup | + while IFS=: read -r group x x users + do while test -n "$users" && IFS=, read -r user users <<-EOF + $users + EOF + do eval local home\; home="~$user" + sudo cat "$home"/etc/ssh/authorized_keys + done + done | + sudo install -m 640 -o backup -g backup /dev/stdin \ + "$home"/etc/ssh/authorized_keys + sudo ln -fns etc/gpg "$home"/.gnupg + #sudo adduser backup mysql-data + #sudo adduser backup postgres-data + } rule_etckeeper_configure () { sudo install -m 644 -o root -g root /dev/stdin /etc/etckeeper/etckeeper.conf <<-EOF VCS=git @@ -726,10 +759,12 @@ rule_user_add () { # SYNTAX: $user sudo install -m 640 -o "$user" -g "$user" \ "$tool"/var/pub/ssh/"$user".key \ "$home"/etc/ssh/authorized_keys - local key; local -; set +f - for key in "$tool"/var/pub/openpgp/*.key - do sudo -u "$user" gpg --import - <"$key" - done + gpg \ + --homedir "$tool"/var/pub/openpgp/ \ + --no-default-keyring \ + --secret-keyring /dev/null \ + --export | + sudo -u "$user" gpg --import - } rule_user_configure () { rule apt_get_install bash-completion @@ -799,10 +834,12 @@ rule_user_admin_add () { # SYNTAX: $user sudo install -m 640 -o root -g root \ "$tool"/var/pub/ssh/"$user".key \ "$home"/etc/ssh/authorized_keys - local key; local -; set +f - for key in "$tool"/var/pub/openpgp/*.key - do sudo -u "$user" gpg --import - <"$key" - done + gpg \ + --homedir "$tool"/var/pub/openpgp/ \ + --no-default-keyring \ + --secret-keyring /dev/null \ + --export | + sudo -u "$user" gpg --import - rule user_admin_configure } rule_user_admin_configure () { @@ -825,11 +862,14 @@ rule_user_root_configure () { sudo cat "$home"/etc/ssh/authorized_keys done done | - sudo install -m 640 -o root -g root /dev/stdin /root/etc/ssh/authorized_keys - local key; local -; set +f - for key in "$tool"/var/pub/openpgp/*.key - do sudo gpg --import "$key" - done + sudo install -m 640 -o root -g root /dev/stdin \ + /root/etc/ssh/authorized_keys + gpg \ + --homedir "$tool"/var/pub/openpgp/ \ + --no-default-keyring \ + --secret-keyring /dev/null \ + --export | + sudo gpg --import - } rule__www_configure () { rule adduser www \