From 0d705d8e2a919ee40866307aa3e18b1a5c4e7583 Mon Sep 17 00:00:00 2001 From: Julien Moutinho Date: Sat, 20 Apr 2013 07:00:45 +0200 Subject: [PATCH] Modification : $vm_ -> $local_ . --- .gitmodules | 3 - README | 30 +++--- etc/apticron/apticron.conf.m4 | 4 +- etc/bash.bashrc | 2 - etc/crypttab.m4 | 8 +- etc/dovecot/local.conf.m4 | 10 +- etc/fstab.m4 | 10 +- etc/host.sh | 24 ++--- etc/local.sh | 64 ++++++------- etc/network/interfaces.m4 | 12 +-- etc/nginx/site.d/gitweb-tls/local.sh | 7 +- .../site.d/lhc-questionnaires-tls/local.sh | 7 +- etc/nginx/site.d/lhc-remorque/local.sh | 6 +- etc/nginx/site.d/lhc-stats-tls/local.sh | 7 +- etc/nginx/site.d/lhc-www-tls/local.sh | 7 +- etc/nginx/site.d/sympa/local.sh | 5 +- etc/postfix/aliases.m4 | 8 +- etc/ssh/sshd_config.m4 | 2 +- etc/sv/dovecot/local.sh | 12 ++- etc/sv/dovecot/remote.sh | 12 +-- etc/sv/git-daemon/local.sh | 4 +- etc/sv/gitweb/local.sh | 2 +- etc/sv/nsd3/local.sh | 4 +- etc/sv/postfix/local.sh | 91 ++++++++++--------- etc/sv/postfix/remote.sh | 14 +-- etc/sv/sshd/local.sh | 4 +- etc/sv/sympa/local.sh | 8 +- etc/sv/unbound/local.sh | 6 +- etc/sympa/sympa.conf.m4 | 8 +- host/chroot | 22 ++--- host/chroot-clean | 16 ++-- host/debootstrap | 4 +- host/disk-format | 34 +++---- host/disk-mount | 4 +- host/disk-umount | 10 +- host/lib.sh | 2 +- host/part-boot-format | 6 +- host/part-boot-mount | 8 +- host/part-boot-umount | 4 +- host/part-home-format | 8 +- host/part-home-mount | 4 +- host/part-home-umount | 4 +- host/part-luks-format | 6 +- host/part-luks-mount | 8 +- host/part-luks-umount | 6 +- host/part-lvm-format | 16 ++-- host/part-lvm-mount | 4 +- host/part-lvm-umount | 6 +- host/part-randomize | 2 +- host/part-randomize-stats | 2 +- host/part-root-format | 40 ++++---- host/part-root-mount | 8 +- host/part-root-umount | 8 +- host/part-swap-format | 4 +- host/part-var-format | 8 +- host/part-var-mount | 4 +- host/part-var-umount | 4 +- host/xen-vm-attach | 4 +- host/xen-vm-configure | 10 +- host/xen-vm-start | 4 +- host/xen-vm-stop | 2 +- host/xen-vm-stop-force | 2 +- local/apt-configure | 12 +-- local/boot-configure | 6 +- local/filesystem-configure | 8 +- local/gitolite-configure | 4 +- local/initramfs-configure | 2 +- local/lib.sh | 2 +- local/luks-key-change | 2 +- local/network-configure | 8 +- local/sysctl-configure | 4 +- remote/duplicity-configure | 6 +- remote/duplicity-key-send | 2 +- remote/git-configure | 4 +- remote/git-push | 2 +- remote/lib.sh | 4 +- remote/luks-key-backup | 4 +- remote/luks-key-send | 6 +- remote/mosh | 2 +- 79 files changed, 364 insertions(+), 369 deletions(-) diff --git a/.gitmodules b/.gitmodules index b7d3fdb..dea3a2b 100644 --- a/.gitmodules +++ b/.gitmodules @@ -1,6 +1,3 @@ -[submodule "lib/tool/sh"] - path = lib/tool/sh - url = git://git.autogeree.net/tool/sh [submodule "lib/tool/openssl"] path = lib/tool/openssl url = git://git.autogeree.net/tool/openssl diff --git a/README b/README index be0145e..a52bf87 100644 --- a/README +++ b/README @@ -12,27 +12,27 @@ NOTE: TASK: obtenir une installation chrootable @host % export TRACE=1 - @host % ~/tool/ateliers/vm_host disk_mount - @host % ~/tool/ateliers/vm_host disk_format - @host % ~/tool/ateliers/vm_host part_lvm_format - @host % ~/tool/ateliers/vm_host part_root_format - @host % ~/tool/ateliers/vm_host part_boot_format - @host % ~/tool/ateliers/vm_host part_swap_format - @host % ~/tool/ateliers/vm_host part_var_format - @host % ~/tool/ateliers/vm_host part_home_format - @host % ~/tool/ateliers/vm_host debian_install - @host % ~/tool/ateliers/vm_host disk_umount + @host % ~/tool/ateliers/host/disk-mount + @host % ~/tool/ateliers/host/disk-format + @host % ~/tool/ateliers/host/part-lvm-format + @host % ~/tool/ateliers/host/part-root-format + @host % ~/tool/ateliers/host/part-boot-format + @host % ~/tool/ateliers/host/part-swap-format + @host % ~/tool/ateliers/host/part-var-format + @host % ~/tool/ateliers/host/part-home-format + @host % ~/tool/ateliers/host/debootstrap + @host % ~/tool/ateliers/host/disk-umount TASK: obtenir une installation démarable - @host % ~/tool/ateliers/vm_host chroot + @host % ~/tool/ateliers/host/chroot @host % export TRACE=1 LANG=C LC_CTYPE=C @host % /root/tool/vm/local/init # TODO: revoir ça @host % exit TASK: initialiser la VM - @host % ~/tool/ateliers/vm_host vm_configure - @host % ~/tool/ateliers/vm_host vm_start + @host % ~/tool/ateliers/xen-vm-configure + @host % ~/tool/ateliers/xen-vm-start @local % local/user-configure TASK: démarrer la VM - @host % vm_host vm_start + @host % host/xen-vm-start TASK: ajouter un-e administrateurice $user @remote % cp .../id_rsa var/pub/ssh/$user.key @remote % gpg --armor --export --export-options export-clean >var/pub/openpgp/$user.key @@ -42,7 +42,7 @@ TASK: ajouter un-e administrateurice $user @local % local/git-reset @local % local/user-admin-add $user TASK: démarrer la VM - @host % vm_host vm_start + @host % host/xen-vm-start @remote % remote/luks-key-disk-send TASK: pousser des changements locaux sur la VM @remote % remote/git-push diff --git a/etc/apticron/apticron.conf.m4 b/etc/apticron/apticron.conf.m4 index 9144169..f50ee3b 100644 --- a/etc/apticron/apticron.conf.m4 +++ b/etc/apticron/apticron.conf.m4 @@ -1,4 +1,4 @@ -EMAIL="admin@VM_DOMAINNAME" +EMAIL="admin@LOCAL_DOMAINNAME" # DIFF_ONLY="1" # LISTCHANGES_PROFILE="apticron" # ALL_FQDNS="1" @@ -10,4 +10,4 @@ EMAIL="admin@VM_DOMAINNAME" # NOTIFY_NO_UPDATES="0" # CUSTOM_SUBJECT="" # CUSTOM_NO_UPDATES_SUBJECT="" -# CUSTOM_FROM="root@VM_DOMAINNAME" +# CUSTOM_FROM="root@LOCAL_DOMAINNAME" diff --git a/etc/bash.bashrc b/etc/bash.bashrc index 4ca40fe..b7fcf16 100644 --- a/etc/bash.bashrc +++ b/etc/bash.bashrc @@ -124,8 +124,6 @@ alias setfacl='setfacl --no-mask' alias sl='ls' alias vi='vim' alias vim='vim -p' -alias vm_hosted='~/src/vm/vm_hosted' -alias vm='vm_hosted' alias :e='vim' alias :q='exit' diff --git a/etc/crypttab.m4 b/etc/crypttab.m4 index c145737..984b716 100644 --- a/etc/crypttab.m4 +++ b/etc/crypttab.m4 @@ -1,5 +1,5 @@ # -VM_LVM_LV`'_root_deciphered /dev/VM_LVM_VG/VM_LVM_LV`'_root none luks,lvm=VM_LVM_VG -VM_LVM_LV`'_var_deciphered /dev/VM_LVM_VG/VM_LVM_LV`'_var VM_LVM_LV`'_root_deciphered luks,lvm=VM_LVM_VG,keyscript=/lib/cryptsetup/scripts/decrypt_derived -VM_LVM_LV`'_home_deciphered /dev/VM_LVM_VG/VM_LVM_LV`'_home VM_LVM_LV`'_root_deciphered luks,lvm=VM_LVM_VG,keyscript=/lib/cryptsetup/scripts/decrypt_derived -VM_LVM_LV`'_swap_deciphered /dev/VM_LVM_VG/VM_LVM_LV`'_swap VM_LVM_LV`'_root_deciphered luks,lvm=VM_LVM_VG,keyscript=/lib/cryptsetup/scripts/decrypt_derived +LOCAL_LLOCAL_LV`'_root_deciphered /dev/LOCAL_LLOCAL_VG/LOCAL_LLOCAL_LV`'_root none luks,lvm=LOCAL_LLOCAL_VG +LOCAL_LLOCAL_LV`'_var_deciphered /dev/LOCAL_LLOCAL_VG/LOCAL_LLOCAL_LV`'_var LOCAL_LLOCAL_LV`'_root_deciphered luks,lvm=LOCAL_LLOCAL_VG,keyscript=/lib/cryptsetup/scripts/decrypt_derived +LOCAL_LLOCAL_LV`'_home_deciphered /dev/LOCAL_LLOCAL_VG/LOCAL_LLOCAL_LV`'_home LOCAL_LLOCAL_LV`'_root_deciphered luks,lvm=LOCAL_LLOCAL_VG,keyscript=/lib/cryptsetup/scripts/decrypt_derived +LOCAL_LLOCAL_LV`'_swap_deciphered /dev/LOCAL_LLOCAL_VG/LOCAL_LLOCAL_LV`'_swap LOCAL_LLOCAL_LV`'_root_deciphered luks,lvm=LOCAL_LLOCAL_VG,keyscript=/lib/cryptsetup/scripts/decrypt_derived diff --git a/etc/dovecot/local.conf.m4 b/etc/dovecot/local.conf.m4 index 953ece5..50f3394 100644 --- a/etc/dovecot/local.conf.m4 +++ b/etc/dovecot/local.conf.m4 @@ -27,11 +27,11 @@ protocol imap { } protocol lda { auth_socket_path = /var/run/dovecot/auth-master - hostname = VM_DOMAINNAME + hostname = LOCAL_DOMAINNAME info_log_path = log_path = mail_plugins = $mail_plugins sieve - postmaster_address = contact+dovecot+lda@VM_DOMAINNAME + postmaster_address = contact+dovecot+lda@LOCAL_DOMAINNAME syslog_facility = mail } protocols = imap sieve @@ -43,10 +43,10 @@ service auth { group = postfix } } -ssl_ca = -LABEL=VM_LVM_LV`'_boot /boot ext2 defaults 0 0 +LABEL=LOCAL_LLOCAL_LV`'_boot /boot ext2 defaults 0 0 proc /proc proc defaults 0 0 sysfs /sys sysfs defaults 0 0 -/dev/mapper/VM_LVM_LV`'_root_deciphered / ext4 defaults,errors=remount-ro,acl,barrier=1,noatime 0 1 -/dev/mapper/VM_LVM_LV`'_var_deciphered /var ext4 defaults,errors=remount-ro,acl,barrier=1,noatime 0 1 -/dev/mapper/VM_LVM_LV`'_home_deciphered /home ext4 defaults,errors=remount-ro,acl,barrier=1,noatime,usrquota,grpquota 0 0 +/dev/mapper/LOCAL_LLOCAL_LV`'_root_deciphered / ext4 defaults,errors=remount-ro,acl,barrier=1,noatime 0 1 +/dev/mapper/LOCAL_LLOCAL_LV`'_var_deciphered /var ext4 defaults,errors=remount-ro,acl,barrier=1,noatime 0 1 +/dev/mapper/LOCAL_LLOCAL_LV`'_home_deciphered /home ext4 defaults,errors=remount-ro,acl,barrier=1,noatime,usrquota,grpquota 0 0 # NOTE: barrier=1 réduit drastiquement les performances d'écriture, mais garantit la cohérence du système de fichiers. -/dev/mapper/VM_LVM_LV`'_swap_deciphered swap swap sw 0 0 +/dev/mapper/LOCAL_LLOCAL_LV`'_swap_deciphered swap swap sw 0 0 diff --git a/etc/host.sh b/etc/host.sh index d89bb2f..56d798f 100644 --- a/etc/host.sh +++ b/etc/host.sh @@ -1,21 +1,21 @@ . "$tool"/etc/local.sh -readonly vm_dev_disk=/dev/mapper/domU-$(printf %s "$vm_fqdn-disk" | sed -e 's/-/--/g') -readonly vm_dev_disk_boot="${vm_dev_disk}1" +readonly local_dev_disk=/dev/mapper/domU-$(printf %s "$local_fqdn-disk" | sed -e 's/-/--/g') +readonly local_dev_disk_boot="${local_dev_disk}1" -case $vm_use_lvm in +case $local_use_lvm in (no) - readonly vm_dev_disk_swap="${vm_dev_disk}5" - readonly vm_dev_disk_root="${vm_dev_disk}6" - readonly vm_dev_disk_var="${vm_dev_disk}7" - readonly vm_dev_disk_home="${vm_dev_disk}8" + readonly local_dev_disk_swap="${local_dev_disk}5" + readonly local_dev_disk_root="${local_dev_disk}6" + readonly local_dev_disk_var="${local_dev_disk}7" + readonly local_dev_disk_home="${local_dev_disk}8" ;; (yes) - readonly vm_lvm_pv="${vm_dev_disk}2" - readonly vm_dev_disk_swap=/dev/$vm_lvm_vg/${vm_lvm_lv}_swap - readonly vm_dev_disk_root=/dev/$vm_lvm_vg/${vm_lvm_lv}_root - readonly vm_dev_disk_var=/dev/$vm_lvm_vg/${vm_lvm_lv}_var - readonly vm_dev_disk_home=/dev/$vm_lvm_vg/${vm_lvm_lv}_home + readonly local_lvm_pv="${local_dev_disk}2" + readonly local_dev_disk_swap=/dev/$local_lvm_vg/${local_lvm_lv}_swap + readonly local_dev_disk_root=/dev/$local_lvm_vg/${local_lvm_lv}_root + readonly local_dev_disk_var=/dev/$local_lvm_vg/${local_lvm_lv}_var + readonly local_dev_disk_home=/dev/$local_lvm_vg/${local_lvm_lv}_home ;; (*) exit 1;; esac diff --git a/etc/local.sh b/etc/local.sh index 9eff864..2e43d8f 100644 --- a/etc/local.sh +++ b/etc/local.sh @@ -1,21 +1,21 @@ readonly PATH=$PATH:/usr/sbin:/sbin -readonly vm_domainname="heureux-cyclage.org" -readonly vm_hostname="ateliers" -readonly vm_fqdn="$vm_hostname.$vm_domainname" -readonly vm=$vm_hostname -readonly vm_host="rouf.grenode.net" -readonly vm_host_nameserver="91.216.110.110" +readonly local_domainname="heureux-cyclage.org" +readonly local_hostname="ateliers" +readonly local_fqdn="$local_hostname.$local_domainname" +readonly vm=$local_hostname +readonly local_host="rouf.grenode.net" +readonly local_host_nameserver="91.216.110.110" -readonly vm_use_lvm="yes" +readonly local_use_lvm="yes" # - sans LVM : # - on a accès au LVM de l'hôte, mais c'est pas très propre. # - pour l'extension de mémoire, on peut soit : - # 1.1. étendre avec lvresize /dev/domU/$vm_fqdn-disk - # 1.2. étendre avec sfdisk $vm_dev_disk_home - # 1.3. étendre avec resize2fs /dev/mapper/${vm_lvm_lv}_home_deciphered + # 1.1. étendre avec lvresize /dev/domU/$local_fqdn-disk + # 1.2. étendre avec sfdisk $local_dev_disk_home + # 1.3. étendre avec resize2fs /dev/mapper/${local_lvm_lv}_home_deciphered # soit : # 2.1. créer une nouvelle partition sur le LVM de l'hôte - # 2.2. l'ajouter comme un disque supplémentaire dans /etc/xen/$vm_fqdn.cfg + # 2.2. l'ajouter comme un disque supplémentaire dans /etc/xen/$local_fqdn.cfg # 2.3. le monter sur /home2 en pensant à changer DHOME=/home2 dans /etc/adduser.conf # - pour la sauvegarde: on peut soit : # 1. sauvegarder au niveau applicatif (pgdump, mysqldump, etckeeper, git) @@ -24,10 +24,10 @@ readonly vm_use_lvm="yes" # - avec LVM : # - question ouverte de la performance du LVM dans du LVM. # - pour l'extension de mémoire, on peut soit : - # 1.1. étendre avec lvresize /dev/domU/$vm_fqdn-disk - # 1.1. étendre avec pvextend $vm_lvm_pv - # 1.1. étendre avec lvresize /dev/${vm_lvm_vg}/${vm_lvm_lv}_home - # 1.3. étendre avec resize2fs /dev/mapper/${vm_lvm_lv}_home_deciphered + # 1.1. étendre avec lvresize /dev/domU/$local_fqdn-disk + # 1.1. étendre avec pvextend $local_lvm_pv + # 1.1. étendre avec lvresize /dev/${local_lvm_vg}/${local_lvm_lv}_home + # 1.3. étendre avec resize2fs /dev/mapper/${local_lvm_lv}_home_deciphered # - pour la sauvegarde: on peut soit : # 1. sauvegarder au niveau applicatif (pgdump, mysqldump, etckeeper, git) # 2. sauvegarder incrémentalement avec (duplicity, backup-ninja, BackupPC), @@ -43,46 +43,46 @@ readonly vm_use_lvm="yes" # /dev/sd{a,b}3 -> /dev/md2 # LVM # /dev/md0 -> dom0 -# /dev/md2 -> domU -> /dev/mapper/$vm_fqdn-disk +# /dev/md2 -> domU -> /dev/mapper/$local_fqdn-disk # LVM -# /dev/mapper/$vm_fqdn-disk -> /dev/xvda{1,2} -# /dev/xvda2 -> /dev/mapper/${vm_lvm_vg}-${vm_lvm_lv}_{swap,root,var,home} +# /dev/mapper/$local_fqdn-disk -> /dev/xvda{1,2} +# /dev/xvda2 -> /dev/mapper/${local_lvm_vg}-${local_lvm_lv}_{swap,root,var,home} -case $vm_use_lvm in +case $local_use_lvm in (no) ;; (yes) - readonly vm_lvm_vg=$vm_fqdn - readonly vm_lvm_lv=$vm + readonly local_lvm_vg=$local_fqdn + readonly local_lvm_lv=$vm ;; (*) exit 1;; esac -readonly vm_raid_effective_disks=1 # NOTE: RAID1 (mirroring) +readonly local_raid_effective_disks=1 # NOTE: RAID1 (mirroring) # NOTE: julm@rouf:~$ sudo pvs /dev/md2 -o+pe_start # PV VG Fmt Attr PSize PFree 1st PE # /dev/md2 domU lvm2 a- 925,64g 470,64g 192,00k <- pas adapté au TRIM SSD, mais on utilise du SATA2 -readonly vm_e2fs_block_size=4096 +readonly local_e2fs_block_size=4096 # NOTE: valeur standard pour un disque avec des secteurs de 512 octets : # julm@rouf:~$ grep . /sys/block/sd{a,b}/queue/*_block_size # /sys/block/sda/queue/logical_block_size:512 # /sys/block/sda/queue/physical_block_size:512 # /sys/block/sdb/queue/logical_block_size:512 # /sys/block/sdb/queue/physical_block_size:512 -readonly vm_e2fs_stripe_size= +readonly local_e2fs_stripe_size= # NOTE: égal au chunk size de mdadm --detail ; # mais ne concerne pas RAID1 où il n'y a pas de changement de disque à effectuer, # et donc pas de chunk size. -readonly vm_e2fs_stride=${vm_e2fs_stripe_size:+$((vm_e2fs_stripe_size / vm_e2fs_block_size))} -readonly vm_e2fs_stripe_width=${vm_e2fs_stride:+$((vm_e2fs_stride * vm_raid_effective_disks))} -vm_e2fs_extended_options=${vm_e2fs_stride:+,stride=$vm_e2fs_stride}${vm_e2fs_stripe_width:+,stripe_width=$vm_e2fs_stripe_width} +readonly local_e2fs_stride=${local_e2fs_stripe_size:+$((local_e2fs_stripe_size / local_e2fs_block_size))} +readonly local_e2fs_stripe_width=${local_e2fs_stride:+$((local_e2fs_stride * local_raid_effective_disks))} +local_e2fs_extended_options=${local_e2fs_stride:+,stride=$local_e2fs_stride}${local_e2fs_stripe_width:+,stripe_width=$local_e2fs_stripe_width} -readonly vm_arch="amd64" -readonly vm_bridge="br-gresille" -readonly vm_ipv4="91.216.110.42" # NOTE: IPv4 publique assignée par Grésille -readonly vm_lsb_name="wheezy" -readonly vm_mac="00:16:3E:E5:98:42" # NOTE: addresse MAC assignée par Grésille +readonly local_arch="amd64" +readonly local_bridge="br-gresille" +readonly local_ipv4="91.216.110.42" # NOTE: IPv4 publique assignée par Grésille +readonly local_lsb_name="wheezy" +readonly local_mac="00:16:3E:E5:98:42" # NOTE: addresse MAC assignée par Grésille # NOTE: on part sur wheezy dès le début # dans l'idée de ne pas s'embêter avec # une migration squeeze -> wheezy dans deux mois ; diff --git a/etc/network/interfaces.m4 b/etc/network/interfaces.m4 index 73ff494..f8d9f55 100644 --- a/etc/network/interfaces.m4 +++ b/etc/network/interfaces.m4 @@ -3,10 +3,10 @@ iface lo inet loopback auto eth0=grenode iface grenode inet static - address VM_IPV4 - gateway VM_IPV4 # NOTE: proxy_arp sur la passerelle permet d'utiliser la même adresse - network VM_IPV4 - broadcast VM_IPV4 + address LOCAL_IPV4 + gateway LOCAL_IPV4 # NOTE: proxy_arp sur la passerelle permet d'utiliser la même adresse + network LOCAL_IPV4 + broadcast LOCAL_IPV4 netmask 255.255.255.255 mtu 1300 # NOTE: il y a besoin de ça en l'état actuel du réseau de Grenode @@ -25,5 +25,5 @@ iface grenode inet static # # --- soupirail.grenode.net ping statistics --- # 0 packets transmitted, 0 received, +1 errors - post-up ip address add VM_IPV4/32 dev $IFACE - pre-down ip address delete VM_IPV4/32 dev $IFACE + post-up ip address add LOCAL_IPV4/32 dev $IFACE + pre-down ip address delete LOCAL_IPV4/32 dev $IFACE diff --git a/etc/nginx/site.d/gitweb-tls/local.sh b/etc/nginx/site.d/gitweb-tls/local.sh index e278d17..8a1a8b6 100644 --- a/etc/nginx/site.d/gitweb-tls/local.sh +++ b/etc/nginx/site.d/gitweb-tls/local.sh @@ -1,7 +1,6 @@ -#!/bin/sh -set -e -f -u -x -local hint="run before: ./vm_remote runit_configure nginx -- $site" -assert "sudo test -f /etc/nginx/x509.d/\"$site\"/key.pem" hint +sudo test -f /etc/nginx/x509.d/\"$site\"/key.pem || +printf '%s\n' "$(tput rev)run before: remote/runit-configure nginx -- $site$(tput sggr0)" && exit 1 + sudo install -m 664 -o www -g www \ "$tool"/var/pub/x509/git.heureux-cyclage.org/crt+ca.pem \ /etc/nginx/x509.d/"$site"/crt.pem diff --git a/etc/nginx/site.d/lhc-questionnaires-tls/local.sh b/etc/nginx/site.d/lhc-questionnaires-tls/local.sh index 6e48ba1..2219391 100644 --- a/etc/nginx/site.d/lhc-questionnaires-tls/local.sh +++ b/etc/nginx/site.d/lhc-questionnaires-tls/local.sh @@ -1,7 +1,6 @@ -#!/bin/sh -set -e -f -u -x -local hint="run vm_remote nginx_configure before" -assert "sudo test -f /etc/nginx/x509.d/\"$site\"/key.pem" hint +sudo test -f /etc/nginx/x509.d/\"$site\"/key.pem || +printf '%s\n' "$(tput rev)run before: remote/runit-configure nginx -- $site$(tput sgr0)" && exit 1 + sudo install -m 664 -o www -g www \ "$tool"/var/pub/x509/questionnaires.heureux-cyclage.org/crt+ca.pem \ /etc/nginx/x509.d/"$site"/crt.pem diff --git a/etc/nginx/site.d/lhc-remorque/local.sh b/etc/nginx/site.d/lhc-remorque/local.sh index 410743e..ee73d00 100644 --- a/etc/nginx/site.d/lhc-remorque/local.sh +++ b/etc/nginx/site.d/lhc-remorque/local.sh @@ -1,6 +1,6 @@ -local hint="run before: ./vm_remote runit_configure nginx -- $site" -assert "sudo getent passwd wiki-\"$site\" >/dev/null" hint -assert "sudo test -f ~wiki-$site/etc/ssh/id_rsa" hint +sudo test -f /etc/nginx/x509.d/\"$site\"/key.pem && +sudo test -f ~wiki-$site/etc/ssh/id_rsa || +printf '%s\n' "$(tput rev)run before: remote/runit-configure nginx -- $site$(tput sgr0)" && exit 1 "$tool"/local/apt-get-install ikiwiki \ libsearch-xapian-perl diff --git a/etc/nginx/site.d/lhc-stats-tls/local.sh b/etc/nginx/site.d/lhc-stats-tls/local.sh index da52d33..cc04380 100644 --- a/etc/nginx/site.d/lhc-stats-tls/local.sh +++ b/etc/nginx/site.d/lhc-stats-tls/local.sh @@ -1,7 +1,6 @@ -#!/bin/sh -set -e -f -u -x -local hint="run before: ./vm_remote runit_configure nginx -- $site" -assert "sudo test -f /etc/nginx/x509.d/\"$site\"/key.pem" hint +sudo test -f /etc/nginx/x509.d/\"$site\"/key.pem || +printf '%s\n' "$(tput rev)run before: remote/runit-configure nginx -- $site$(tput sgr0)" && exit 1 + sudo install -m 664 -o www -g www \ "$tool"/var/pub/x509/stats.heureux-cyclage.org/crt+ca.pem \ /etc/nginx/x509.d/"$site"/crt.pem diff --git a/etc/nginx/site.d/lhc-www-tls/local.sh b/etc/nginx/site.d/lhc-www-tls/local.sh index 5fc0ce1..aed7539 100644 --- a/etc/nginx/site.d/lhc-www-tls/local.sh +++ b/etc/nginx/site.d/lhc-www-tls/local.sh @@ -1,7 +1,6 @@ -#!/bin/sh -set -e -f -u -x -local hint="run before: ./vm_remote runit_configure nginx -- $site" -assert "sudo test -f /etc/nginx/x509.d/\"$site\"/key.pem" hint +sudo test -f /etc/nginx/x509.d/\"$site\"/key.pem || +printf '%s\n' "$(tput rev)run before: remote/runit-configure nginx -- $site$(tput sgr0)" && exit 1 + sudo install -m 664 -o www -g www \ "$tool"/var/pub/x509/www.heureux-cyclage.org/crt+ca.pem \ /etc/nginx/x509.d/"$site"/crt.pem diff --git a/etc/nginx/site.d/sympa/local.sh b/etc/nginx/site.d/sympa/local.sh index fd85c70..5b6dcba 100644 --- a/etc/nginx/site.d/sympa/local.sh +++ b/etc/nginx/site.d/sympa/local.sh @@ -1,5 +1,6 @@ -local hint="run before: ./vm_remote runit_configure nginx -- $site" -assert "sudo test -f /etc/nginx/x509.d/\"$site\"/key.pem" hint +sudo test -f /etc/nginx/x509.d/\"$site\"/key.pem || +printf '%s\n' "$(tput rev)run before: remote/runit-configure nginx -- $site$(tput sgr0)" && exit 1 + sudo install -m 664 -o www -g www \ "$tool"/var/pub/x509/sympa.heureux-cyclage.org/crt+ca.pem \ /etc/nginx/x509.d/"$site"/crt.pem diff --git a/etc/postfix/aliases.m4 b/etc/postfix/aliases.m4 index ac569ec..02790e7 100644 --- a/etc/postfix/aliases.m4 +++ b/etc/postfix/aliases.m4 @@ -11,10 +11,10 @@ root: esyscmd(getent group sudo | cut -f 4 -d : | tr '\054' ' ') sympa-owner: postmaster sympa-request: postmaster -abuse-feedback-report: "| /usr/lib/sympa/bin/bouncequeue sympa@VM_DOMAINNAME" -bounce+*: "| /usr/lib/sympa/bin/bouncequeue sympa@VM_DOMAINNAME" -listmaster: "| /usr/lib/sympa/bin/queue listmaster@VM_DOMAINNAME" -sympa: "| /usr/lib/sympa/bin/queue sympa@VM_DOMAINNAME" +abuse-feedback-report: "| /usr/lib/sympa/bin/bouncequeue sympa@LOCAL_DOMAINNAME" +bounce+*: "| /usr/lib/sympa/bin/bouncequeue sympa@LOCAL_DOMAINNAME" +listmaster: "| /usr/lib/sympa/bin/queue listmaster@LOCAL_DOMAINNAME" +sympa: "| /usr/lib/sympa/bin/queue sympa@LOCAL_DOMAINNAME" # NOTE: compatibilité avec d'autres gestionnaires de listes listserv: sympa diff --git a/etc/ssh/sshd_config.m4 b/etc/ssh/sshd_config.m4 index 5bfe0d0..219b335 100644 --- a/etc/ssh/sshd_config.m4 +++ b/etc/ssh/sshd_config.m4 @@ -13,7 +13,7 @@ KerberosAuthentication no KeyRegenerationInterval 3600 Port 22 ListenAddress 127.0.0.1 -ListenAddress VM_IPV4 +ListenAddress LOCAL_IPV4 LogLevel INFO LoginGraceTime 120 MaxAuthTries 3 diff --git a/etc/sv/dovecot/local.sh b/etc/sv/dovecot/local.sh index 7f68365..9b0f37b 100644 --- a/etc/sv/dovecot/local.sh +++ b/etc/sv/dovecot/local.sh @@ -1,10 +1,12 @@ "$tool"/local/apt-get-install dovecot-imapd dovecot-managesieved dovecot-sieve "$tool"/local/insserv-remove dovecot -local hint="run before: ./vm_remote runit_configure dovecot" -assert "sudo test -f /etc/dovecot/\"$vm_domainname\"/imap/x509/key.pem" hint + +sudo test -f /etc/dovecot/\"$local_domainname\"/imap/x509/key.pem || +printf '%s\n' "$(tput rev)run before: remote/runit-configure dovecot$(tput sgr0)" && exit 1 + sudo install -m 400 -o root -g root \ - "$tool"/var/pub/x509/imap."$vm_domainname"/crt+crl.self-signed.pem \ - /etc/dovecot/"$vm_domainname"/imap/x509/crt+crl.self-signed.pem + "$tool"/var/pub/x509/imap."$local_domainname"/crt+crl.self-signed.pem \ + /etc/dovecot/"$local_domainname"/imap/x509/crt+crl.self-signed.pem sudo install -d -m 770 -o root -g root \ /etc/skel/etc/mail \ /etc/skel/etc/sieve @@ -12,7 +14,7 @@ sudo install -d -m 1777 -o root -g root \ /var/lib/dovecot-control \ /var/lib/dovecot-index m4 \ - --define=VM_DOMAINNAME=$vm_domainname \ + --define=LOCAL_DOMAINNAME=$local_domainname \ <"$tool"/etc/dovecot/local.conf.m4 | sudo install -m 644 -o root -g root /dev/stdin \ /etc/dovecot/local.conf diff --git a/etc/sv/dovecot/remote.sh b/etc/sv/dovecot/remote.sh index d28f0f6..622e4dd 100644 --- a/etc/sv/dovecot/remote.sh +++ b/etc/sv/dovecot/remote.sh @@ -1,14 +1,14 @@ -"$tool"/remote/site-x509-key-decrypt imap."$vm_domainname" | +"$tool"/remote/site-x509-key-decrypt imap."$local_domainname" | "$tool"/remote/ssh -l root ' \ sudo install -d -m 770 -o root -g root \ - /etc/dovecot/'"$vm_domainname"'/ \ - /etc/dovecot/'"$vm_domainname"'/imap \ - /etc/dovecot/'"$vm_domainname"'/imap/x509 ; \ + /etc/dovecot/'"$local_domainname"'/ \ + /etc/dovecot/'"$local_domainname"'/imap \ + /etc/dovecot/'"$local_domainname"'/imap/x509 ; \ sudo install -m 644 -o root -g root /dev/stdin \ - /etc/dovecot/'"$vm_domainname"'/imap/x509/.gitignore <<-EOF + /etc/dovecot/'"$local_domainname"'/imap/x509/.gitignore <<-EOF key.pem EOF sudo install -m 400 -o root -g root \ /dev/stdin \ - /etc/dovecot/"$vm_domainname"/imap/x509/key.pem + /etc/dovecot/"$local_domainname"/imap/x509/key.pem ' diff --git a/etc/sv/git-daemon/local.sh b/etc/sv/git-daemon/local.sh index ceab6dc..cd4b6eb 100644 --- a/etc/sv/git-daemon/local.sh +++ b/etc/sv/git-daemon/local.sh @@ -14,8 +14,8 @@ sudo adduser "$sv" git-data sudo ln -fns \ ../pub \ - "$home"/git.$vm_domainname + "$home"/git.$local_domainname sudo ln -fns \ ../pub \ - "$home"/burette.$vm_domainname + "$home"/burette.$local_domainname # NOTE : rétro-compatibilité diff --git a/etc/sv/gitweb/local.sh b/etc/sv/gitweb/local.sh index a40ce52..6623321 100644 --- a/etc/sv/gitweb/local.sh +++ b/etc/sv/gitweb/local.sh @@ -41,7 +41,7 @@ sudo install -m 400 -o fcgi-"$sv" -g fcgi-"$sv" /dev/stdin \ \$search_str = "Filtre :"; \$site_footer = "/etc/gitweb/site_footer.html"; \$site_header = "/etc/gitweb/site_header.html"; - \$site_name = "git.$vm_domainname"; + \$site_name = "git.$local_domainname"; @stylesheets = ("static/gitweb.css");# EOF sudo install -m 400 -o fcgi-"$sv" -g fcgi-"$sv" /dev/stdin \ diff --git a/etc/sv/nsd3/local.sh b/etc/sv/nsd3/local.sh index b05c73e..81028b9 100644 --- a/etc/sv/nsd3/local.sh +++ b/etc/sv/nsd3/local.sh @@ -6,7 +6,7 @@ sudo install -d -m 750 -o root -g nsd \ { cat <<-EOF server: - ip-address: $vm_ipv4 + ip-address: $local_ipv4 ip4-only: yes EOF cat "$tool"/etc/nsd3/nsd.conf @@ -19,7 +19,7 @@ sudo install -d -m 750 -o root -g nsd \ then m4 \ --define=ZONE_DOMAIN=$zone \ --define=ZONE_SERIAL=$(cd "$tool" && git log -1 --format="%ct" -- etc/nsd3/zone.d/"$zone".zone.m4) \ - --define=VM_IP4=$vm_ipv4 \ + --define=LOCAL_IP4=$local_ipv4 \ "$tool"/etc/nsd3/zone.d/"$zone".zone.m4 else cat "$tool"/etc/nsd3/zone.d/"$zone".zone fi | diff --git a/etc/sv/postfix/local.sh b/etc/sv/postfix/local.sh index 0f5b134..8d6230d 100644 --- a/etc/sv/postfix/local.sh +++ b/etc/sv/postfix/local.sh @@ -1,43 +1,44 @@ -local hint="run before: ./vm_remote runit_configure postfix" -assert "sudo test -f /etc/postfix/$vm_domainname/smtpd/x509/key.pem" hint -#warn "lors de l'installation Debian, ne sélectionner aucune configuration pour postfix" +sudo test -f /etc/postfix/$local_domainname/smtpd/x509/key.pem || +printf '%s\n' "$(tput rev)run before: remote/runit-configure dovecot$(tput sgr0)" && exit 1 + sudo debconf-set-selections <<-EOF postfix postfix/main_mailer_type select No configuration EOF "$tool"/local/apt-get-install postfix procmail postfix-pcre "$tool"/local/insserv-remove postfix + sudo install -m 640 -o root -g root /dev/stdin /etc/postfix/.gitignore <<-EOF *.db EOF sudo install -d -m 771 -o root -g root \ /etc/postfix/ \ - /etc/postfix/$vm_domainname/ \ - /etc/postfix/$vm_domainname/smtp \ - /etc/postfix/$vm_domainname/smtp/x509 \ - /etc/postfix/$vm_domainname/smtp/x509/ca \ - /etc/postfix/$vm_domainname/smtpd \ - /etc/postfix/$vm_domainname/smtpd/x509 \ - /etc/postfix/$vm_domainname/smtpd/x509/ca + /etc/postfix/$local_domainname/ \ + /etc/postfix/$local_domainname/smtp \ + /etc/postfix/$local_domainname/smtp/x509 \ + /etc/postfix/$local_domainname/smtp/x509/ca \ + /etc/postfix/$local_domainname/smtpd \ + /etc/postfix/$local_domainname/smtpd/x509 \ + /etc/postfix/$local_domainname/smtpd/x509/ca sudo ln -fns \ ../crt+crl.self-signed.pem \ - /etc/postfix/$vm_domainname/smtpd/x509/ca/crt.pem + /etc/postfix/$local_domainname/smtpd/x509/ca/crt.pem sudo install -m 400 -o root -g root \ - "$tool"/var/pub/x509/smtpd.$vm_domainname/crt+crl.self-signed.pem \ - /etc/postfix/$vm_domainname/smtpd/x509/crt+crl.self-signed.pem + "$tool"/var/pub/x509/smtpd.$local_domainname/crt+crl.self-signed.pem \ + /etc/postfix/$local_domainname/smtpd/x509/crt+crl.self-signed.pem sudo install -m 400 -o root -g root \ - "$tool"/var/pub/x509/smtpd.$vm_domainname/crt.pem \ - /etc/postfix/$vm_domainname/smtpd/x509/crt.pem + "$tool"/var/pub/x509/smtpd.$local_domainname/crt.pem \ + /etc/postfix/$local_domainname/smtpd/x509/crt.pem sudo install -m 400 -o root -g root \ - "$tool"/var/pub/x509/smtpd.$vm_domainname/crt+ca.pem \ - /etc/postfix/$vm_domainname/smtpd/x509/crt+ca.pem + "$tool"/var/pub/x509/smtpd.$local_domainname/crt+ca.pem \ + /etc/postfix/$local_domainname/smtpd/x509/crt+ca.pem sudo install -m 400 -o root -g root \ - "$tool"/var/pub/x509/smtpd.$vm_domainname/crt+crl.self-signed.pem \ - /etc/postfix/$vm_domainname/smtpd/x509/crt+crl.self-signed.pem + "$tool"/var/pub/x509/smtpd.$local_domainname/crt+crl.self-signed.pem \ + /etc/postfix/$local_domainname/smtpd/x509/crt+crl.self-signed.pem sudo install -m 640 -o root -g root \ - "$tool"/etc/postfix/$vm_domainname/header_checks \ - /etc/postfix/$vm_domainname/header_checks + "$tool"/etc/postfix/$local_domainname/header_checks \ + /etc/postfix/$local_domainname/header_checks m4 \ - --define=VM_DOMAINNAME="$vm_domainname" \ + --define=LOCAL_DOMAINNAME="$local_domainname" \ <"$tool"/etc/postfix/aliases.m4 | sudo install -m 644 -o root -g root /dev/stdin \ /etc/postfix/aliases @@ -46,11 +47,11 @@ sudo ln -fns \ /etc/postfix/aliases \ /etc/aliases cat /dev/stdin "$tool"/etc/postfix/main.cf <<-EOF | - mydomain = $vm_domainname + mydomain = $local_domainname myorigin = \$mydomain - myhostname = $vm_hostname.\$mydomain + myhostname = $local_hostname.\$mydomain mail_name = \$myhostname - mydestination = $vm_hostname \$myhostname \$myorigin + mydestination = $local_hostname \$myhostname \$myorigin EOF sudo install -m 644 -o root -g root /dev/stdin \ /etc/postfix/main.cf @@ -58,32 +59,32 @@ sudo install -m 640 -o root -g root \ "$tool"/etc/postfix/master.cf \ /etc/postfix/master.cf sudo install -m 640 -o root -g root \ - "$tool"/etc/postfix/$vm_domainname/smtp/x509/policy \ - /etc/postfix/$vm_domainname/smtp/x509/policy -sudo postmap hash:/etc/postfix/$vm_domainname/smtp/x509/policy + "$tool"/etc/postfix/$local_domainname/smtp/x509/policy \ + /etc/postfix/$local_domainname/smtp/x509/policy +sudo postmap hash:/etc/postfix/$local_domainname/smtp/x509/policy sudo install -m 640 -o root -g root \ - "$tool"/etc/postfix/$vm_domainname/smtp/header_checks \ - /etc/postfix/$vm_domainname/smtp/header_checks + "$tool"/etc/postfix/$local_domainname/smtp/header_checks \ + /etc/postfix/$local_domainname/smtp/header_checks sudo install -m 640 -o root -g root \ - "$tool"/etc/postfix/$vm_domainname/smtpd/sender_access \ - /etc/postfix/$vm_domainname/smtpd/sender_access -sudo postmap hash:/etc/postfix/$vm_domainname/smtpd/sender_access + "$tool"/etc/postfix/$local_domainname/smtpd/sender_access \ + /etc/postfix/$local_domainname/smtpd/sender_access +sudo postmap hash:/etc/postfix/$local_domainname/smtpd/sender_access sudo install -m 640 -o root -g root \ - "$tool"/etc/postfix/$vm_domainname/smtpd/client_blacklist \ - /etc/postfix/$vm_domainname/smtpd/client_blacklist -sudo postmap hash:/etc/postfix/$vm_domainname/smtpd/client_blacklist + "$tool"/etc/postfix/$local_domainname/smtpd/client_blacklist \ + /etc/postfix/$local_domainname/smtpd/client_blacklist +sudo postmap hash:/etc/postfix/$local_domainname/smtpd/client_blacklist sudo install -m 640 -o root -g root \ - "$tool"/etc/postfix/$vm_domainname/smtpd/relay_clientcerts \ - /etc/postfix/$vm_domainname/smtpd/relay_clientcerts -sudo postmap hash:/etc/postfix/$vm_domainname/smtpd/relay_clientcerts + "$tool"/etc/postfix/$local_domainname/smtpd/relay_clientcerts \ + /etc/postfix/$local_domainname/smtpd/relay_clientcerts +sudo postmap hash:/etc/postfix/$local_domainname/smtpd/relay_clientcerts sudo install -m 640 -o root -g root \ - "$tool"/etc/postfix/$vm_domainname/transport \ - /etc/postfix/$vm_domainname/transport -sudo postmap hash:/etc/postfix/$vm_domainname/transport + "$tool"/etc/postfix/$local_domainname/transport \ + /etc/postfix/$local_domainname/transport +sudo postmap hash:/etc/postfix/$local_domainname/transport sudo install -m 640 -o root -g root \ - "$tool"/etc/postfix/$vm_domainname/virtual_alias \ - /etc/postfix/$vm_domainname/virtual_alias -sudo postmap hash:/etc/postfix/$vm_domainname/virtual_alias + "$tool"/etc/postfix/$local_domainname/virtual_alias \ + /etc/postfix/$local_domainname/virtual_alias +sudo postmap hash:/etc/postfix/$local_domainname/virtual_alias sudo install -d -m 770 -o root -g root \ /etc/skel/etc/mail \ /etc/skel/var/cache/mail \ diff --git a/etc/sv/postfix/remote.sh b/etc/sv/postfix/remote.sh index af2dcdb..0b610c0 100644 --- a/etc/sv/postfix/remote.sh +++ b/etc/sv/postfix/remote.sh @@ -1,19 +1,19 @@ "$tool"/remote/site-x509-key-decrypt \ - smtpd."$vm_domainname" | + smtpd."$local_domainname" | "$tool"/remote/ssh -l root ' \ sudo install -d -m 770 -o root -g root \ - /etc/postfix/'"$vm_domainname"'/ \ - /etc/postfix/'"$vm_domainname"'/smtpd \ - /etc/postfix/'"$vm_domainname"'/smtpd/x509; \ + /etc/postfix/'"$local_domainname"'/ \ + /etc/postfix/'"$local_domainname"'/smtpd \ + /etc/postfix/'"$local_domainname"'/smtpd/x509; \ sudo install -m 644 -o root -g root /dev/stdin \ - /etc/postfix/'"$vm_domainname"'/smtp/x509/.gitignore <<-EOF + /etc/postfix/'"$local_domainname"'/smtp/x509/.gitignore <<-EOF key.pem EOF sudo install -m 644 -o root -g root /dev/stdin \ - /etc/postfix/'"$vm_domainname"'/smtpd/x509/.gitignore <<-EOF + /etc/postfix/'"$local_domainname"'/smtpd/x509/.gitignore <<-EOF key.pem EOF install -m 400 -o root -g root \ /dev/stdin \ - /etc/postfix/'"'$vm_domainname'"'/smtpd/x509/key.pem + /etc/postfix/'"'$local_domainname'"'/smtpd/x509/key.pem ' diff --git a/etc/sv/sshd/local.sh b/etc/sv/sshd/local.sh index d3d6933..2abe7d1 100644 --- a/etc/sv/sshd/local.sh +++ b/etc/sv/sshd/local.sh @@ -1,6 +1,6 @@ "$tool"/local/apt-get-install openssh-server "$tool"/local/insserv-remove ssh -ssh-keygen -F "$vm_fqdn" -f "$tool"/etc/openssh/known_hosts | +ssh-keygen -F "$local_fqdn" -f "$tool"/etc/openssh/known_hosts | ( while IFS= read -r line do case $line in (*" RSA") return 0; break;; esac done; return 1 ) || @@ -12,7 +12,7 @@ sudo rm -f \ /etc/ssh/ssh_host_ecdsa_key.pub # NOTE: clefs générées par Debian m4 \ - --define=VM_IPV4=$vm_ipv4 \ + --define=LOCAL_IPV4=$local_ipv4 \ <"$tool"/etc/ssh/sshd_config.m4 | sudo install -m 640 -o root -g root /dev/stdin \ /etc/ssh/sshd_config diff --git a/etc/sv/sympa/local.sh b/etc/sv/sympa/local.sh index a82f18a..06f436a 100644 --- a/etc/sv/sympa/local.sh +++ b/etc/sv/sympa/local.sh @@ -44,7 +44,7 @@ sudo install -m 644 -o root -g root \ key_passwd EOF m4 \ - --define=VM_DOMAINNAME="$vm_domainname" \ + --define=LOCAL_DOMAINNAME="$local_domainname" \ --define=HOME="$home" \ "$tool"/etc/sympa/sympa.conf.m4 | sudo install -m 640 -o "$sv" -g "$sv" /dev/stdin \ @@ -83,8 +83,8 @@ sudo debconf-set-selections <<-EOF || true sympa sympa/dbconfig-install boolean true # Nom d'hôte du serveur pour sympa : sympa sympa/remote/newhost string - sympa sympa/listmaster string postmaster@$vm_domainname - sympa wwsympa/wwsympa_url string https://$sv.$vm_domainname/wws + sympa sympa/listmaster string postmaster@$local_domainname + sympa wwsympa/wwsympa_url string https://$sv.$local_domainname/wws sympa wwsympa/webserver_restart boolean false sympa sympa/remote/port string sympa sympa/pgsql/manualconf note @@ -92,7 +92,7 @@ sudo debconf-set-selections <<-EOF || true sympa sympa/upgrade-backup boolean true sympa sympa/pgsql/changeconf boolean false # Nom d'hôte du serveur « sympa » : - sympa sympa/hostname string $sv.$vm_domainname + sympa sympa/hostname string $sv.$local_domainname sympa sympa/pgsql/authmethod-user select unix socket # Faut-il mettre à jour la base de données pour sympa avec dbconfig-common ? sympa sympa/dbconfig-upgrade boolean true diff --git a/etc/sv/unbound/local.sh b/etc/sv/unbound/local.sh index 0b68dca..319df49 100644 --- a/etc/sv/unbound/local.sh +++ b/etc/sv/unbound/local.sh @@ -2,16 +2,16 @@ sudo apt-get install unbound "$tool"/local/insserv-remove unbound sudo install -m 644 -o root -g root /dev/stdin /etc/resolv.conf <<-EOF - search ${vm_host#*.} + search ${local_host#*.} nameserver 127.0.0.1 - #nameserver ${vm_host_nameserver} + #nameserver ${local_host_nameserver} EOF sudo install -m 440 -o unbound -g unbound \ "$tool"/etc/unbound/named.cache \ /etc/unbound/named.cache m4 \ - --define=OUTGOING_INTERFACE=$vm_ipv4 \ + --define=OUTGOING_INTERFACE=$local_ipv4 \ <"$tool"/etc/unbound/unbound.conf | sudo install -m 440 -o unbound -g unbound /dev/stdin \ /etc/unbound/unbound.conf diff --git a/etc/sympa/sympa.conf.m4 b/etc/sympa/sympa.conf.m4 index 514190f..d3b21e2 100644 --- a/etc/sympa/sympa.conf.m4 +++ b/etc/sympa/sympa.conf.m4 @@ -31,11 +31,11 @@ syslog `cat /etc/sympa/facility` ###\\\\ General definition ////### create_list public_listmaster -domain VM_DOMAINNAME +domain LOCAL_DOMAINNAME edit_list owner email sympa -#host VM_DOMAINNAME -#http_host sympa.VM_DOMAINNAME +#host LOCAL_DOMAINNAME +#http_host sympa.LOCAL_DOMAINNAME listmaster esyscmd(getent passwd $(getent group sudo | cut -d : -f 4 | tr '\054' ' ') | cut -d : -f 5 | cut -d $(printf '\054') -f 5 | tr '\n' '\054' | sed -e 's/\x2C$//') @@ -114,4 +114,4 @@ antispam_tag_header_spam_regexp ^\s*Yes max_wrong_password 19 soap_url http://--HOST--/sympasoap spam_status x-spam-status -#wwsympa_url https://sympa.VM_DOMAINNAME +#wwsympa_url https://sympa.LOCAL_DOMAINNAME diff --git a/host/chroot b/host/chroot index ce1bda3..3ea00c4 100755 --- a/host/chroot +++ b/host/chroot @@ -9,18 +9,18 @@ tool=$(readlink -e "${0%/*}/..") "$tool"/host/part-var-mount #"$tool"/host/part-home-mount -mountpoint -q /mnt/$vm_fqdn/proc || -sudo mount -t proc proc /mnt/$vm_fqdn/proc -mountpoint -q /mnt/$vm_fqdn/sys || -sudo mount -t sysfs sys /mnt/$vm_fqdn/sys -mountpoint -q /mnt/$vm_fqdn/dev || -sudo mount --bind /dev /mnt/$vm_fqdn/dev -if test -d /mnt/$vm_fqdn/root/src/vm/.git +mountpoint -q /mnt/$local_fqdn/proc || +sudo mount -t proc proc /mnt/$local_fqdn/proc +mountpoint -q /mnt/$local_fqdn/sys || +sudo mount -t sysfs sys /mnt/$local_fqdn/sys +mountpoint -q /mnt/$local_fqdn/dev || +sudo mount --bind /dev /mnt/$local_fqdn/dev +if test -d /mnt/$local_fqdn/root/src/vm/.git then - mountpoint -q /mnt/$vm_fqdn/root/src/vm || - sudo mount --bind "$tool" /mnt/$vm_fqdn/root/src/vm + mountpoint -q /mnt/$local_fqdn/root/src/vm || + sudo mount --bind "$tool" /mnt/$local_fqdn/root/src/vm else - sudo rsync -a "$tool"/ /mnt/$vm_fqdn/root/src/vm + sudo rsync -a "$tool"/ /mnt/$local_fqdn/root/src/vm fi -sudo chroot /mnt/$vm_fqdn /bin/bash || true +sudo chroot /mnt/$local_fqdn /bin/bash || true "$tool"/host/chroot-clean diff --git a/host/chroot-clean b/host/chroot-clean index ecf8449..4c8acfe 100755 --- a/host/chroot-clean +++ b/host/chroot-clean @@ -2,14 +2,14 @@ tool=$(readlink -e "${0%/*}/..") . "$tool"/host/lib.sh -! sudo mountpoint -q /mnt/$vm_fqdn/root/src/vm || -sudo umount -v /mnt/$vm_fqdn/root/src/vm -! mountpoint -q /mnt/$vm_fqdn/dev || -sudo umount -v /mnt/$vm_fqdn/dev -! mountpoint -q /mnt/$vm_fqdn/sys || -sudo umount -v /mnt/$vm_fqdn/sys -! mountpoint -q /mnt/$vm_fqdn/proc || -sudo umount -v /mnt/$vm_fqdn/proc +! sudo mountpoint -q /mnt/$local_fqdn/root/src/vm || +sudo umount -v /mnt/$local_fqdn/root/src/vm +! mountpoint -q /mnt/$local_fqdn/dev || +sudo umount -v /mnt/$local_fqdn/dev +! mountpoint -q /mnt/$local_fqdn/sys || +sudo umount -v /mnt/$local_fqdn/sys +! mountpoint -q /mnt/$local_fqdn/proc || +sudo umount -v /mnt/$local_fqdn/proc "$tool"/host/part-home-umount "$tool"/host/part-var-umount "$tool"/host/part-boot-umount diff --git a/host/debootstrap b/host/debootstrap index 50e24ea..1226ed4 100755 --- a/host/debootstrap +++ b/host/debootstrap @@ -8,7 +8,7 @@ tool=$(readlink -e "${0%/*}/..") "$tool"/host/part-boot-mount "$tool"/host/part-var-mount sudo DEBOOTSTRAP_DIR=/usr/share/debootstrap/ LANG=C LC_CTYPE=C debootstrap \ - --arch=$vm_arch --verbose --keyring=/usr/share/keyrings/debian-archive-keyring.gpg \ + --arch=$local_arch --verbose --keyring=/usr/share/keyrings/debian-archive-keyring.gpg \ --exclude=vim-tiny \ --include=$(printf '%s,' \ acl \ @@ -50,7 +50,7 @@ sudo DEBOOTSTRAP_DIR=/usr/share/debootstrap/ LANG=C LC_CTYPE=C debootstrap \ wget \ zsh \ ) \ - $vm_lsb_name /mnt/$vm_fqdn/ \ + $local_lsb_name /mnt/$local_fqdn/ \ http://ftp.fr.debian.org/debian/ "$tool"/host/part-var-umount "$tool"/host/part-boot-umount diff --git a/host/disk-format b/host/disk-format index 880a497..fe38bd6 100755 --- a/host/disk-format +++ b/host/disk-format @@ -2,32 +2,32 @@ tool=$(readlink -e "${0%/*}/..") . "$tool"/host/lib.sh -case $vm_use_lvm in +case $local_use_lvm in (no) - sudo sfdisk $vm_dev_disk <<-EOF - # partition table of $vm_dev_disk + sudo sfdisk $local_dev_disk <<-EOF + # partition table of $local_dev_disk unit: sectors - ${vm_dev_disk}1 : start= 63, size= 497952, Id=83, bootable - ${vm_dev_disk}2 : start= 498015, size=418927005, Id= 5 - ${vm_dev_disk}3 : start= 0, size= 0, Id= 0 - ${vm_dev_disk}4 : start= 0, size= 0, Id= 0 - ${vm_dev_disk}5 : start= 498078, size= 1959867, Id=82 - ${vm_dev_disk}6 : start= 2458008, size= 29302497, Id=83 - ${vm_dev_disk}7 : start= 31760568, size= 9767457, Id=83 - ${vm_dev_disk}8 : start= 41528088, size=377896932, Id=83 + ${local_dev_disk}1 : start= 63, size= 497952, Id=83, bootable + ${local_dev_disk}2 : start= 498015, size=418927005, Id= 5 + ${local_dev_disk}3 : start= 0, size= 0, Id= 0 + ${local_dev_disk}4 : start= 0, size= 0, Id= 0 + ${local_dev_disk}5 : start= 498078, size= 1959867, Id=82 + ${local_dev_disk}6 : start= 2458008, size= 29302497, Id=83 + ${local_dev_disk}7 : start= 31760568, size= 9767457, Id=83 + ${local_dev_disk}8 : start= 41528088, size=377896932, Id=83 EOF ;; (yes) - sudo sfdisk $vm_dev_disk <<-EOF - # partition table of $vm_dev_disk + sudo sfdisk $local_dev_disk <<-EOF + # partition table of $local_dev_disk unit: sectors - ${vm_dev_disk}1 : start= 63, size= 497952, Id=83, bootable - ${vm_dev_disk}2 : start= 498015, size=418927005, Id=8E + ${local_dev_disk}1 : start= 63, size= 497952, Id=83, bootable + ${local_dev_disk}2 : start= 498015, size=418927005, Id=8E EOF ;; (*) exit 1;; esac -#sudo partprobe $vm_dev_disk -sudo kpartx -u -v /dev/domU/$vm_fqdn-disk +#sudo partprobe $local_dev_disk +sudo kpartx -u -v /dev/domU/$local_fqdn-disk diff --git a/host/disk-mount b/host/disk-mount index 9b2bf14..a52480f 100755 --- a/host/disk-mount +++ b/host/disk-mount @@ -2,5 +2,5 @@ tool=$(readlink -e "${0%/*}/..") . "$tool"/host/lib.sh -sudo kpartx -a -v /dev/domU/$vm_fqdn-disk -#sudo xm block-attach 0 phy:/dev/domU/$vm_fqdn-disk $vm_dev_disk w +sudo kpartx -a -v /dev/domU/$local_fqdn-disk +#sudo xm block-attach 0 phy:/dev/domU/$local_fqdn-disk $local_dev_disk w diff --git a/host/disk-umount b/host/disk-umount index 7bc737b..d0033c0 100755 --- a/host/disk-umount +++ b/host/disk-umount @@ -3,7 +3,7 @@ tool=$(readlink -e "${0%/*}/..") . "$tool"/host/lib.sh "$tool"/host/part-boot-umount -case $vm_use_lvm in +case $local_use_lvm in (yes) "$tool"/host/part-lvm-umount ;; @@ -14,12 +14,12 @@ case $vm_use_lvm in ;; (*) exit 1;; esac -sudo kpartx -d -v /dev/domU/$vm_fqdn-disk -#sudo xm block-detach 0 $vm_dev_disk +sudo kpartx -d -v /dev/domU/$local_fqdn-disk +#sudo xm block-detach 0 $local_dev_disk # XXX: DANGEREUX ; si jamais il bloque parce que le disque était encore utilisé : -# utiliser xm block-detach 0 $vm_dev_disk --force ; +# utiliser xm block-detach 0 $local_dev_disk --force ; # ôter les éventuels mappages LVM concernés avec dmsetup table et dmsetup remove --force ; # ôter les mappages concernés dans /etc/lvm/cache/.cache, # et pour bien trouver tous les mappages : -# % sudo find /dev -type l -exec sh -c 'printf "%s -> " "$@"; readlink "$@"' - {} \; | grep $vm_dev_disk +# % sudo find /dev -type l -exec sh -c 'printf "%s -> " "$@"; readlink "$@"' - {} \; | grep $local_dev_disk # enfin, ôter l'éventuel verrou dans /var/lock/lvm/ diff --git a/host/lib.sh b/host/lib.sh index 81f7438..8eb2dfa 100644 --- a/host/lib.sh +++ b/host/lib.sh @@ -1,3 +1,3 @@ . "$tool"/etc/host.sh set -x -test "$(hostname --fqdn)" = "$vm_host" +test "$(hostname --fqdn)" = "$local_host" diff --git a/host/part-boot-format b/host/part-boot-format index c292f23..ca8249f 100755 --- a/host/part-boot-format +++ b/host/part-boot-format @@ -2,7 +2,7 @@ tool=$(readlink -e "${0%/*}/..") . "$tool"/host/lib.sh -mount | grep -q "^$vm_dev_disk_boot " || +mount | grep -q "^$local_dev_disk_boot " || sudo mke2fs -t ext2 -c -c -m 5 -T small \ - -E resize=1G${vm_e2fs_extended_options} \ - -L ${vm_lvm_lv}_boot $vm_dev_disk_boot + -E resize=1G${local_e2fs_extended_options} \ + -L ${local_lvm_lv}_boot $local_dev_disk_boot diff --git a/host/part-boot-mount b/host/part-boot-mount index 82a6cef..6f3ec0a 100755 --- a/host/part-boot-mount +++ b/host/part-boot-mount @@ -2,7 +2,7 @@ tool=$(readlink -e "${0%/*}/..") . "$tool"/host/lib.sh -mountpoint -q /mnt/$vm_fqdn -test -d /mnt/$vm_fqdn/boot -mountpoint -q /mnt/$vm_fqdn/boot || -sudo mount -v -t ext2 $vm_dev_disk_boot /mnt/$vm_fqdn/boot +mountpoint -q /mnt/$local_fqdn +test -d /mnt/$local_fqdn/boot +mountpoint -q /mnt/$local_fqdn/boot || +sudo mount -v -t ext2 $local_dev_disk_boot /mnt/$local_fqdn/boot diff --git a/host/part-boot-umount b/host/part-boot-umount index bc09e4d..149d409 100755 --- a/host/part-boot-umount +++ b/host/part-boot-umount @@ -2,5 +2,5 @@ tool=$(readlink -e "${0%/*}/..") . "$tool"/host/lib.sh -! mountpoint -q /mnt/$vm_fqdn/boot || -sudo umount -v /mnt/$vm_fqdn/boot +! mountpoint -q /mnt/$local_fqdn/boot || +sudo umount -v /mnt/$local_fqdn/boot diff --git a/host/part-home-format b/host/part-home-format index cedffbc..a56d868 100755 --- a/host/part-home-format +++ b/host/part-home-format @@ -4,9 +4,9 @@ tool=$(readlink -e "${0%/*}/..") "$tool"/host/part-luks-format home "$tool"/host/part-luks-mount home -sudo mke2fs -t ext4 -c -c -m 0 -T ext4 -b $vm_e2fs_block_size \ - -E resize=400G${vm_e2fs_extended_options} \ - -L ${vm_lvm_lv}_home \ - /dev/mapper/${vm_lvm_lv}_home_deciphered +sudo mke2fs -t ext4 -c -c -m 0 -T ext4 -b $local_e2fs_block_size \ + -E resize=400G${local_e2fs_extended_options} \ + -L ${local_lvm_lv}_home \ + /dev/mapper/${local_lvm_lv}_home_deciphered # NOTE: -O quota pas supporté par e2fsprogs/squeeze "$tool"/host/part-luks-umount home diff --git a/host/part-home-mount b/host/part-home-mount index f1558d0..dcebf86 100755 --- a/host/part-home-mount +++ b/host/part-home-mount @@ -3,5 +3,5 @@ tool=$(readlink -e "${0%/*}/..") . "$tool"/host/lib.sh "$tool"/host/part-luks-mount home -mountpoint -q /mnt/$vm_fqdn/home || -sudo mount -v -t ext4 /dev/mapper/${vm_lvm_lv}_home_deciphered /mnt/$vm_fqdn/home +mountpoint -q /mnt/$local_fqdn/home || +sudo mount -v -t ext4 /dev/mapper/${local_lvm_lv}_home_deciphered /mnt/$local_fqdn/home diff --git a/host/part-home-umount b/host/part-home-umount index 8fd1be7..ec92f86 100755 --- a/host/part-home-umount +++ b/host/part-home-umount @@ -2,6 +2,6 @@ tool=$(readlink -e "${0%/*}/..") . "$tool"/host/lib.sh -! mountpoint -q /mnt/$vm_fqdn/home || -sudo umount -v /mnt/$vm_fqdn/home +! mountpoint -q /mnt/$local_fqdn/home || +sudo umount -v /mnt/$local_fqdn/home "$tool"/host/part-luks-umount home diff --git a/host/part-luks-format b/host/part-luks-format index 3ed5ebd..b7772e6 100755 --- a/host/part-luks-format +++ b/host/part-luks-format @@ -5,8 +5,8 @@ tool=$(readlink -e "${0%/*}/..") # NOTE: la clef de chiffrement est dérivée de celle de /, # / doit être déchiffrée pour que cela fonctionne. part="$1" -eval "dev=\"\$vm_dev_disk_$part\"" -test ! -e /dev/mapper/${vm_lvm_lv}_root_deciphered || -sudo /bin/sh -c "/lib/cryptsetup/scripts/decrypt_derived ${vm_lvm_lv}_root_deciphered | +eval "dev=\"\$local_dev_disk_$part\"" +test ! -e /dev/mapper/${local_lvm_lv}_root_deciphered || +sudo /bin/sh -c "/lib/cryptsetup/scripts/decrypt_derived ${local_lvm_lv}_root_deciphered | cryptsetup luksFormat --hash=sha512 --key-size=512 \ --cipher=aes-xts-essiv:sha256 --key-file=- --align-payload=8 $dev" diff --git a/host/part-luks-mount b/host/part-luks-mount index e1d26d9..dd40d08 100755 --- a/host/part-luks-mount +++ b/host/part-luks-mount @@ -3,7 +3,7 @@ tool=$(readlink -e "${0%/*}/..") . "$tool"/host/lib.sh part="$1" -eval "dev=\"\$vm_dev_disk_$part\"" -test -e /dev/mapper/${vm_lvm_lv}_${part}_deciphered || -sudo /bin/sh -c "/lib/cryptsetup/scripts/decrypt_derived ${vm_lvm_lv}_root_deciphered | -cryptsetup luksOpen --key-file=- $dev ${vm_lvm_lv}_${part}_deciphered" +eval "dev=\"\$local_dev_disk_$part\"" +test -e /dev/mapper/${local_lvm_lv}_${part}_deciphered || +sudo /bin/sh -c "/lib/cryptsetup/scripts/decrypt_derived ${local_lvm_lv}_root_deciphered | +cryptsetup luksOpen --key-file=- $dev ${local_lvm_lv}_${part}_deciphered" diff --git a/host/part-luks-umount b/host/part-luks-umount index f2924c5..0de00f5 100755 --- a/host/part-luks-umount +++ b/host/part-luks-umount @@ -3,6 +3,6 @@ tool=$(readlink -e "${0%/*}/..") . "$tool"/host/lib.sh part="$1" -eval "dev=\"\$vm_dev_disk_$part\"" -test ! -e /dev/mapper/${vm_lvm_lv}_${part}_deciphered || -sudo cryptsetup luksClose ${vm_lvm_lv}_${part}_deciphered +eval "dev=\"\$local_dev_disk_$part\"" +test ! -e /dev/mapper/${local_lvm_lv}_${part}_deciphered || +sudo cryptsetup luksClose ${local_lvm_lv}_${part}_deciphered diff --git a/host/part-lvm-format b/host/part-lvm-format index b13012e..95c9ce4 100755 --- a/host/part-lvm-format +++ b/host/part-lvm-format @@ -3,12 +3,12 @@ tool=$(readlink -e "${0%/*}/..") . "$tool"/host/lib.sh "$tool"/host/part-lvm-umount -! sudo vgs | grep -q "^ $vm_lvm_vg " || -sudo vgremove $vm_lvm_vg -sudo pvcreate --dataalignment 512k $vm_lvm_pv -sudo vgcreate --dataalignment 512k $vm_lvm_vg $vm_lvm_pv -sudo lvcreate --contiguous y -n ${vm_lvm_lv}_swap -L 1G $vm_lvm_vg -sudo lvcreate --contiguous y -n ${vm_lvm_lv}_root -L 15G $vm_lvm_vg -sudo lvcreate --contiguous y -n ${vm_lvm_lv}_var -L 5G $vm_lvm_vg -sudo lvcreate --contiguous y -n ${vm_lvm_lv}_home -l 99%FREE $vm_lvm_vg +! sudo vgs | grep -q "^ $local_lvm_vg " || +sudo vgremove $local_lvm_vg +sudo pvcreate --dataalignment 512k $local_lvm_pv +sudo vgcreate --dataalignment 512k $local_lvm_vg $local_lvm_pv +sudo lvcreate --contiguous y -n ${local_lvm_lv}_swap -L 1G $local_lvm_vg +sudo lvcreate --contiguous y -n ${local_lvm_lv}_root -L 15G $local_lvm_vg +sudo lvcreate --contiguous y -n ${local_lvm_lv}_var -L 5G $local_lvm_vg +sudo lvcreate --contiguous y -n ${local_lvm_lv}_home -l 99%FREE $local_lvm_vg "$tool"/host/part-lvm-umount diff --git a/host/part-lvm-mount b/host/part-lvm-mount index 16a93c1..217a257 100755 --- a/host/part-lvm-mount +++ b/host/part-lvm-mount @@ -2,9 +2,9 @@ tool=$(readlink -e "${0%/*}/..") . "$tool"/host/lib.sh -case $vm_use_lvm in +case $local_use_lvm in (yes) - sudo vgchange -a y $vm_lvm_vg + sudo vgchange -a y $local_lvm_vg ;; (*) exit 1;; esac diff --git a/host/part-lvm-umount b/host/part-lvm-umount index 3bf535b..dfd318d 100755 --- a/host/part-lvm-umount +++ b/host/part-lvm-umount @@ -2,13 +2,13 @@ tool=$(readlink -e "${0%/*}/..") . "$tool"/host/lib.sh -case $vm_use_lvm in +case $local_use_lvm in (yes) "$tool"/host/part-root-umount "$tool"/host/part-var-umount "$tool"/host/part-home-umount - ! sudo vgs | grep -q "^ $vm_lvm_vg " || - sudo vgchange -a n $vm_lvm_vg + ! sudo vgs | grep -q "^ $local_lvm_vg " || + sudo vgchange -a n $local_lvm_vg ;; (*) exit 1;; esac diff --git a/host/part-randomize b/host/part-randomize index 6a9796f..87ec52e 100755 --- a/host/part-randomize +++ b/host/part-randomize @@ -3,4 +3,4 @@ tool=$(readlink -e "${0%/*}/..") . "$tool"/host/lib.sh part="$1" -eval "sudo dd if=/dev/urandom of=\$vm_dev_disk_$part" +eval "sudo dd if=/dev/urandom of=\$local_dev_disk_$part" diff --git a/host/part-randomize-stats b/host/part-randomize-stats index 7b691fc..533558c 100755 --- a/host/part-randomize-stats +++ b/host/part-randomize-stats @@ -3,4 +3,4 @@ tool=$(readlink -e "${0%/*}/..") . "$tool"/host/lib.sh part="$1" -eval "pkill -USR1 -f \"^dd if=/dev/urandom of=\$vm_dev_disk_$part\"" +eval "pkill -USR1 -f \"^dd if=/dev/urandom of=\$local_dev_disk_$part\"" diff --git a/host/part-root-format b/host/part-root-format index b959501..97e69d0 100755 --- a/host/part-root-format +++ b/host/part-root-format @@ -2,27 +2,27 @@ tool=$(readlink -e "${0%/*}/..") . "$tool"/host/lib.sh -if ! mount | grep -q "^$vm_dev_disk_root " +if ! mount | grep -q "^$local_dev_disk_root " then sudo cryptsetup luksFormat --hash=sha512 --key-size=512 \ - --cipher=aes-xts-essiv:sha256 --align-payload=8 $vm_dev_disk_root - sudo cryptsetup luksOpen $vm_dev_disk_root ${vm_lvm_lv}_root_deciphered - sudo mke2fs -t ext4 -c -c -m 5 -T ext4 -b $vm_e2fs_block_size \ - -E resize=30G${vm_e2fs_extended_options} \ - -L ${vm_lvm_lv}_root \ - /dev/mapper/${vm_lvm_lv}_root_deciphered - ! mountpoint -q /mnt/$vm_fqdn - sudo mount -v /dev/mapper/${vm_lvm_lv}_root_deciphered /mnt/$vm_fqdn + --cipher=aes-xts-essiv:sha256 --align-payload=8 $local_dev_disk_root + sudo cryptsetup luksOpen $local_dev_disk_root ${local_lvm_lv}_root_deciphered + sudo mke2fs -t ext4 -c -c -m 5 -T ext4 -b $local_e2fs_block_size \ + -E resize=30G${local_e2fs_extended_options} \ + -L ${local_lvm_lv}_root \ + /dev/mapper/${local_lvm_lv}_root_deciphered + ! mountpoint -q /mnt/$local_fqdn + sudo mount -v /dev/mapper/${local_lvm_lv}_root_deciphered /mnt/$local_fqdn sudo install -d -m 770 -o root -g root \ - /mnt/$vm_fqdn/boot \ - /mnt/$vm_fqdn/dev \ - /mnt/$vm_fqdn/home \ - /mnt/$vm_fqdn/proc \ - /mnt/$vm_fqdn/root \ - /mnt/$vm_fqdn/root/src \ - /mnt/$vm_fqdn/root/src/$vm \ - /mnt/$vm_fqdn/sys \ - /mnt/$vm_fqdn/var - sudo umount -v /mnt/$vm_fqdn - sudo cryptsetup luksClose ${vm_lvm_lv}_root_deciphered + /mnt/$local_fqdn/boot \ + /mnt/$local_fqdn/dev \ + /mnt/$local_fqdn/home \ + /mnt/$local_fqdn/proc \ + /mnt/$local_fqdn/root \ + /mnt/$local_fqdn/root/src \ + /mnt/$local_fqdn/root/src/$vm \ + /mnt/$local_fqdn/sys \ + /mnt/$local_fqdn/var + sudo umount -v /mnt/$local_fqdn + sudo cryptsetup luksClose ${local_lvm_lv}_root_deciphered fi diff --git a/host/part-root-mount b/host/part-root-mount index 0d0bafc..919dc53 100755 --- a/host/part-root-mount +++ b/host/part-root-mount @@ -2,7 +2,7 @@ tool=$(readlink -e "${0%/*}/..") . "$tool"/host/lib.sh -test -e /dev/mapper/${vm_lvm_lv}_root_deciphered || -sudo cryptsetup luksOpen $vm_dev_disk_root ${vm_lvm_lv}_root_deciphered -mountpoint -q /mnt/$vm_fqdn || -sudo mount -v -t ext4 /dev/mapper/${vm_lvm_lv}_root_deciphered /mnt/$vm_fqdn +test -e /dev/mapper/${local_lvm_lv}_root_deciphered || +sudo cryptsetup luksOpen $local_dev_disk_root ${local_lvm_lv}_root_deciphered +mountpoint -q /mnt/$local_fqdn || +sudo mount -v -t ext4 /dev/mapper/${local_lvm_lv}_root_deciphered /mnt/$local_fqdn diff --git a/host/part-root-umount b/host/part-root-umount index 77beda8..f81781a 100755 --- a/host/part-root-umount +++ b/host/part-root-umount @@ -2,7 +2,7 @@ tool=$(readlink -e "${0%/*}/..") . "$tool"/host/lib.sh -! mountpoint -q /mnt/$vm_fqdn || -sudo umount -v /mnt/$vm_fqdn -! test -e /dev/mapper/${vm_lvm_lv}_root_deciphered || -sudo cryptsetup luksClose ${vm_lvm_lv}_root_deciphered +! mountpoint -q /mnt/$local_fqdn || +sudo umount -v /mnt/$local_fqdn +! test -e /dev/mapper/${local_lvm_lv}_root_deciphered || +sudo cryptsetup luksClose ${local_lvm_lv}_root_deciphered diff --git a/host/part-swap-format b/host/part-swap-format index d82abec..712cd62 100755 --- a/host/part-swap-format +++ b/host/part-swap-format @@ -4,6 +4,6 @@ tool=$(readlink -e "${0%/*}/..") "$tool"/host/part-luks-format swap "$tool"/host/part-luks-mount swap -sudo mkswap -f -L ${vm_lvm_lv}_swap \ - /dev/mapper/${vm_lvm_lv}_swap_deciphered +sudo mkswap -f -L ${local_lvm_lv}_swap \ + /dev/mapper/${local_lvm_lv}_swap_deciphered "$tool"/host/part-luks-umount swap diff --git a/host/part-var-format b/host/part-var-format index 3aa0574..87b49ef 100755 --- a/host/part-var-format +++ b/host/part-var-format @@ -4,8 +4,8 @@ tool=$(readlink -e "${0%/*}/..") "$tool"/host/part-luks-format var "$tool"/host/part-luks-mount var -sudo mke2fs -t ext4 -c -c -m 5 -T ext4 -b $vm_e2fs_block_size \ - -E resize=10G${vm_e2fs_extended_options} \ - -L ${vm_lvm_lv}_var \ - /dev/mapper/${vm_lvm_lv}_var_deciphered +sudo mke2fs -t ext4 -c -c -m 5 -T ext4 -b $local_e2fs_block_size \ + -E resize=10G${local_e2fs_extended_options} \ + -L ${local_lvm_lv}_var \ + /dev/mapper/${local_lvm_lv}_var_deciphered "$tool"/host/part-luks-umount var diff --git a/host/part-var-mount b/host/part-var-mount index b8455e6..b89f457 100755 --- a/host/part-var-mount +++ b/host/part-var-mount @@ -3,5 +3,5 @@ tool=$(readlink -e "${0%/*}/..") . "$tool"/host/lib.sh "$tool"/host/part-luks-mount var -mountpoint -q /mnt/$vm_fqdn/var || -sudo mount -v -t ext4 /dev/mapper/${vm_lvm_lv}_var_deciphered /mnt/$vm_fqdn/var +mountpoint -q /mnt/$local_fqdn/var || +sudo mount -v -t ext4 /dev/mapper/${local_lvm_lv}_var_deciphered /mnt/$local_fqdn/var diff --git a/host/part-var-umount b/host/part-var-umount index fe9f34a..f8b993f 100755 --- a/host/part-var-umount +++ b/host/part-var-umount @@ -2,6 +2,6 @@ tool=$(readlink -e "${0%/*}/..") . "$tool"/host/lib.sh -! mountpoint -q /mnt/$vm_fqdn/var || -sudo umount -v /mnt/$vm_fqdn/var +! mountpoint -q /mnt/$local_fqdn/var || +sudo umount -v /mnt/$local_fqdn/var "$tool"/host/part-luks-umount var diff --git a/host/xen-vm-attach b/host/xen-vm-attach index 5c83ce2..d57cc41 100755 --- a/host/xen-vm-attach +++ b/host/xen-vm-attach @@ -2,6 +2,6 @@ tool=$(readlink -e "${0%/*}/..") . "$tool"/host/lib.sh -! pgrep -f "sudo xm console $vm_fqdn" +! pgrep -f "sudo xm console $local_fqdn" info 'Ctrl-] pour se détacher de la console' -sudo xm console $vm_fqdn +sudo xm console $local_fqdn diff --git a/host/xen-vm-configure b/host/xen-vm-configure index 1f3e9a6..3350e21 100755 --- a/host/xen-vm-configure +++ b/host/xen-vm-configure @@ -3,19 +3,19 @@ tool=$(readlink -e "${0%/*}/..") . "$tool"/host/lib.sh sudo install -m 644 -u root -g root /dev/stdin \ - /etc/xen/$vm_fqdn.cfg <<-EOF + /etc/xen/$local_fqdn.cfg <<-EOF # -*- mode: python; -*- - # DOC: http://wiki.xen.org/wiki/Xen_Linux_PV_on_HVM_drivers + # DOC: http://wiki.xen.org/wiki/Xen_Linux_PV_on_HLOCAL_drivers import os, re - name = "$vm_fqdn" + name = "$local_fqdn" arch = os.uname()[4] memory = 2048 vcpus = 1 pae = 1 acpi = 1 apic = 1 - vif = ['mac=$vm_mac,bridge=$vm_bridge'] - disk = ['phy:/dev/domU/$vm_fqdn-disk,hda,w'] + vif = ['mac=$local_mac,bridge=$local_bridge'] + disk = ['phy:/dev/domU/$local_fqdn-disk,hda,w'] device_model = 'qemu-dm' # HVM : #kernel = "/usr/lib/xen-4.0/boot/hvmloader" diff --git a/host/xen-vm-start b/host/xen-vm-start index 8b84913..43be72b 100755 --- a/host/xen-vm-start +++ b/host/xen-vm-start @@ -2,6 +2,6 @@ tool=$(readlink -e "${0%/*}/..") . "$tool"/host/lib.sh -test ! -e /dev/domU/$vm_fqdn-disk1 -sudo xm create $vm_fqdn.cfg +test ! -e /dev/domU/$local_fqdn-disk1 +sudo xm create $local_fqdn.cfg "$tool"/host/xen-vm-attach diff --git a/host/xen-vm-stop b/host/xen-vm-stop index 7672338..03a7ba3 100755 --- a/host/xen-vm-stop +++ b/host/xen-vm-stop @@ -2,4 +2,4 @@ tool=$(readlink -e "${0%/*}/..") . "$tool"/host/lib.sh -sudo xm shutdown $vm_fqdn +sudo xm shutdown $local_fqdn diff --git a/host/xen-vm-stop-force b/host/xen-vm-stop-force index 32ea204..3c68eb5 100755 --- a/host/xen-vm-stop-force +++ b/host/xen-vm-stop-force @@ -2,4 +2,4 @@ tool=$(readlink -e "${0%/*}/..") . "$tool"/host/lib.sh -sudo xm destroy $vm_fqdn +sudo xm destroy $local_fqdn diff --git a/local/apt-configure b/local/apt-configure index bbfd1e3..c02c7b1 100755 --- a/local/apt-configure +++ b/local/apt-configure @@ -3,27 +3,27 @@ tool=$(readlink -e "${0%/*}/..") . "$tool"/local/lib.sh sudo install -m 664 -o root -g root /dev/stdin /etc/apt/sources.list <<-EOF - deb http://ftp.rezopole.net/debian $vm_lsb_name main + deb http://ftp.rezopole.net/debian $local_lsb_name main EOF -sudo install -m 664 -o root -g root /dev/stdin /etc/apt/sources.list.d/$vm_lsb_name-backports.list <<-EOF - deb http://ftp.rezopole.net/debian $vm_lsb_name-backports main +sudo install -m 664 -o root -g root /dev/stdin /etc/apt/sources.list.d/$local_lsb_name-backports.list <<-EOF + deb http://ftp.rezopole.net/debian $local_lsb_name-backports main EOF sudo install -m 664 -o root -g root /dev/stdin /etc/apt/sources.list.d/openerp.list <<-EOF deb http://nightly.openerp.com/7.0/nightly/deb/ ./ EOF sudo install -m 664 -o root -g root /dev/stdin /etc/apt/preferences <<-EOF Package: * - Pin: release a=$vm_lsb_name + Pin: release a=$local_lsb_name Pin-Priority: 200 Package: * - Pin: release a=$vm_lsb_name-backports + Pin: release a=$local_lsb_name-backports Pin-Priority: 170 EOF sudo apt-get update "$tool"/local/apt-get-install apticron m4 \ - --define=VM_DOMAINNAME=$vm_domainname \ + --define=LOCAL_DOMAINNAME=$local_domainname \ <"$tool"/etc/apticron/apticron.conf.m4 | sudo install -m 644 -o root -g root /dev/stdin \ /etc/apticron/apticron.conf diff --git a/local/boot-configure b/local/boot-configure index a0d5ae2..ce32562 100755 --- a/local/boot-configure +++ b/local/boot-configure @@ -7,21 +7,21 @@ sudo debconf-set-selections <<-EOF EOF "$tool"/local/apt-get-install grub-pc sudo install -d -m 644 -o root -g root /boot/grub -"$tool"/local/apt-get-install linux-image-$vm_arch +"$tool"/local/apt-get-install linux-image-$local_arch sudo install -m 644 -o root -g root /dev/stdin \ /etc/default/grub <<-EOF GRUB_DEFAULT=0 GRUB_TIMEOUT=5 GRUB_DISTRIBUTOR=\`lsb_release -i -s 2> /dev/null || echo Debian\` GRUB_CMDLINE_LINUX_DEFAULT="quiet" - GRUB_CMDLINE_LINUX="vt.default_utf8=1 rootfstype=ext4 loglevel=5 console=hvc0 ip=$vm_ipv4::$vm_ipv4:255.255.255.254:$vm:eth0:off resume=/dev/mapper/${vm}_swap_deciphered" + GRUB_CMDLINE_LINUX="vt.default_utf8=1 rootfstype=ext4 loglevel=5 console=hvc0 ip=$local_ipv4::$local_ipv4:255.255.255.254:$vm:eth0:off resume=/dev/mapper/${vm}_swap_deciphered" GRUB_DISABLE_RECOVERY="true" #GRUB_PRELOAD_MODULES="lvm" EOF sudo install -m 644 -o root -g root /dev/stdin \ /boot/grub/device.map <<-EOF (hd0) /dev/xvda - (hd0) /dev/mapper/domU-$(printf %s $vm_fqdn-disk | sed -e 's/-/--/g') + (hd0) /dev/mapper/domU-$(printf %s $local_fqdn-disk | sed -e 's/-/--/g') EOF sudo update-grub2 # NOTE: prend en compte /boot/grub/device.map "$tool"/local/initramfs-configure diff --git a/local/filesystem-configure b/local/filesystem-configure index c6f3cf8..adcc113 100755 --- a/local/filesystem-configure +++ b/local/filesystem-configure @@ -3,14 +3,14 @@ tool=$(readlink -e "${0%/*}/..") . "$tool"/local/lib.sh m4 \ - --define=VM_LVM_LV=$vm_lvm_lv \ - --define=VM_LVM_VG=$vm_lvm_vg \ + --define=LOCAL_LLOCAL_LV=$local_lvm_lv \ + --define=LOCAL_LLOCAL_VG=$local_lvm_vg \ <"$tool"/etc/fstab.m4 | sudo install -m 644 -o root -g root /dev/stdin \ /etc/fstab m4 \ - --define=VM_LVM_LV=$vm_lvm_lv \ - --define=VM_LVM_VG=$vm_lvm_vg \ + --define=LOCAL_LLOCAL_LV=$local_lvm_lv \ + --define=LOCAL_LLOCAL_VG=$local_lvm_vg \ <"$tool"/etc/crypttab.m4 | sudo install -m 644 -o root -g root /dev/stdin \ /etc/crypttab diff --git a/local/gitolite-configure b/local/gitolite-configure index 0be27e6..bd25ec3 100755 --- a/local/gitolite-configure +++ b/local/gitolite-configure @@ -66,7 +66,7 @@ sudo install -m 770 -o git -g git /dev/stdin \ \$GL_CONF_COMPILED = "\$GL_ADMINDIR/conf/gitolite.conf.pm"; #\$GL_GET_MEMBERSHIPS_PGM = "/usr/local/bin/expand-ldap-user-to-groups" \$GL_GITCONFIG_KEYS = "gitweb\\..* hooks\\..*"; - #\$GL_HOSTNAME = "git.$vm_domainname"; + #\$GL_HOSTNAME = "git.$local_domainname"; # NOTE: read doc/mirroring.mkd COMPLETELY before setting this. #\$GL_HTTP_ANON_USER = "mob"; \$GL_KEYDIR = "\$GL_ADMINDIR/keydir"; @@ -79,7 +79,7 @@ sudo install -m 770 -o git -g git /dev/stdin \ \$GL_PACKAGE_HOOKS = "/usr/share/gitolite/hooks"; #\$GL_PERFLOGT = \$ENV{HOME} . "/log/gitolite/perf/%y-%m-%d.log"; #\$GL_REF_OR_FILENAME_PATT = qr(^[0-9a-zA-Z][0-9a-zA-Z._\\@/+ :,-]*\$); - \$GL_SITE_INFO = "git.$vm_domainname"; + \$GL_SITE_INFO = "git.$local_domainname"; #\$GL_SLAVE_MODE = 0; \$GL_WILDREPOS = 0; #\$GL_WILDREPOS_DEFPERMS = 'R @all'; diff --git a/local/initramfs-configure b/local/initramfs-configure index 8fa1075..683a0f7 100755 --- a/local/initramfs-configure +++ b/local/initramfs-configure @@ -31,7 +31,7 @@ sudo install -m 644 -o root -g root /dev/stdin \ sudo sed -e '/^configure_networking /s/ &$//' \ -i /usr/share/initramfs-tools/scripts/init-premount/dropbear # NOTE: corrige une vermine : dropbear doit attendre que le réseau soit configuré.. -ssh-keygen -F "init.$vm_fqdn" -f "$tool"/etc/openssh/known_hosts | +ssh-keygen -F "init.$local_fqdn" -f "$tool"/etc/openssh/known_hosts | ( while IFS= read -r line do case $line in (*" RSA") return 0; break;; esac done; return 1 ) || diff --git a/local/lib.sh b/local/lib.sh index f1d4c3d..4f000ac 100644 --- a/local/lib.sh +++ b/local/lib.sh @@ -1,3 +1,3 @@ . "$tool"/etc/local.sh set -x -test "$(hostname --fqdn)" = "$vm_fqdn" +test "$(hostname --fqdn)" = "$local_fqdn" diff --git a/local/luks-key-change b/local/luks-key-change index f4a0f57..7e53632 100755 --- a/local/luks-key-change +++ b/local/luks-key-change @@ -2,4 +2,4 @@ tool=$(readlink -e "${0%/*}/..") . "$tool"/local/lib.sh -sudo cryptsetup luksChangeKey /dev/$vm_lvm_vg/${vm_lvm_lv}_root +sudo cryptsetup luksChangeKey /dev/$local_lvm_vg/${local_lvm_lv}_root diff --git a/local/network-configure b/local/network-configure index d70b6ff..5b412c6 100755 --- a/local/network-configure +++ b/local/network-configure @@ -10,15 +10,15 @@ grep -q " $vm\$" /etc/hosts || sudo install -m 644 -o root -g root /dev/stdin \ /etc/hosts <<-EOF $(cat /etc/hosts) - 127.0.0.1 $vm_fqdn $vm + 127.0.0.1 $local_fqdn $vm EOF sudo install -m 644 -o root -g root /dev/stdin \ /etc/resolv.conf <<-EOF - search ${vm_host#*.} - nameserver ${vm_host_nameserver} + search ${local_host#*.} + nameserver ${local_host_nameserver} EOF m4 \ - --define=VM_IPV4=$vm_ipv4 \ + --define=LOCAL_IPV4=$local_ipv4 \ <"$tool"/etc/network/interfaces.m4 | sudo install -m 640 -o root -g root /dev/stdin \ /etc/network/interfaces diff --git a/local/sysctl-configure b/local/sysctl-configure index a33bad9..09fd41c 100755 --- a/local/sysctl-configure +++ b/local/sysctl-configure @@ -10,7 +10,7 @@ for conf in "$tool"/etc/sysctl.d/*.conf done sudo install -m 660 -o root -g root /dev/stdin \ /etc/sysctl.d/local-kernel-name.conf <<-EOF - kernel.hostname = $vm_hostname - kernel.domainname = $vm_domainname + kernel.hostname = $local_hostname + kernel.domainname = $local_domainname EOF sudo sysctl --system diff --git a/remote/duplicity-configure b/remote/duplicity-configure index 6a1850b..972afbd 100755 --- a/remote/duplicity-configure +++ b/remote/duplicity-configure @@ -3,9 +3,9 @@ tool=$(readlink -e "${0%/*}/..") . "$tool"/remote/lib.sh subkey_caps="e s" \ -"$tool"/remote/gpg-gen-key "backup+$vm_hostname@$vm_domainname" <<-EOF - Name-Real: $vm_fqdn - Name-Email: backup+$vm_hostname@$vm_domainname +"$tool"/remote/gpg-gen-key "backup+$local_hostname@$local_domainname" <<-EOF + Name-Real: $local_fqdn + Name-Email: backup+$local_hostname@$local_domainname Name-Comment: (duplicity) Expire-Date: 0 EOF diff --git a/remote/duplicity-key-send b/remote/duplicity-key-send index 0580e1b..650e219 100755 --- a/remote/duplicity-key-send +++ b/remote/duplicity-key-send @@ -3,5 +3,5 @@ tool=$(readlink -e "${0%/*}/..") . "$tool"/remote/lib.sh gpg --export-options export-reset-subkey-passwd \ - --export-secret-subkeys "backup+$vm_hostname@$vm_domainname" | + --export-secret-subkeys "backup+$local_hostname@$local_domainname" | "$tool"/remote/ssh gpg --import - diff --git a/remote/git-configure b/remote/git-configure index c0c9c9e..0601208 100755 --- a/remote/git-configure +++ b/remote/git-configure @@ -3,9 +3,9 @@ tool=$(readlink -e "${0%/*}/..") . "$tool"/remote/lib.sh git remote rm host || true -git remote add host $vm_host:src/vm +git remote add host $local_host:src/vm git config --replace remote.host.push HEAD:refs/remotes/master git remote rm local || true -git remote add local $vm_fqdn:src/vm +git remote add local $local_fqdn:src/vm git config --replace remote.local.push HEAD:refs/remotes/master git submodule update --init diff --git a/remote/git-push b/remote/git-push index 9bd0782..8c6a241 100755 --- a/remote/git-push +++ b/remote/git-push @@ -2,5 +2,5 @@ tool=$(readlink -e "${0%/*}/..") . "$tool"/remote/lib.sh -remote=${1:-$vm_fqdn}; shift +remote=${1:-$local_fqdn}; shift GIT_SSH="$tool"/remote/ssh git push -v "$remote" "$@" diff --git a/remote/lib.sh b/remote/lib.sh index 58ffb63..c87432d 100644 --- a/remote/lib.sh +++ b/remote/lib.sh @@ -1,4 +1,4 @@ . "$tool"/etc/local.sh set -x -test ! "$(hostname --fqdn)" = "$vm_fqdn" -test ! "$(hostname --fqdn)" = "$vm_host" +test ! "$(hostname --fqdn)" = "$local_fqdn" +test ! "$(hostname --fqdn)" = "$local_host" diff --git a/remote/luks-key-backup b/remote/luks-key-backup index b99146f..8f24ece 100755 --- a/remote/luks-key-backup +++ b/remote/luks-key-backup @@ -13,11 +13,11 @@ for part in root var home exec 2>/dev/null; tmp=$(mktemp -t "luks.'"$part"'.XXXXXXXX.tmp" --dry-run); cryptsetup luksHeaderBackup >/dev/null \ - /dev/'"$vm_lvm_vg"'/'"$vm_lvm_lv"'_'"$part"' \ + /dev/'"$local_lvm_vg"'/'"$local_lvm_lv"'_'"$part"' \ --header-backup-file "$tmp"; \ cat "$tmp"; shred >/dev/null --remove "$tmp"; \ ' | gpg "$@" --encrypt \ - -o var/sec/luks/${vm_lvm_lv}_${part}.luks.gpg + -o var/sec/luks/${local_lvm_lv}_${part}.luks.gpg done diff --git a/remote/luks-key-send b/remote/luks-key-send index 869e436..525c287 100755 --- a/remote/luks-key-send +++ b/remote/luks-key-send @@ -3,8 +3,8 @@ tool=$(readlink -e "${0%/*}/..") . "$tool"/remote/lib.sh -gpg --decrypt "$tool"/var/sec/luks/$vm_fqdn.key.gpg | -"$tool"/remote/ssh root@$vm_fqdn "$@" \ +gpg --decrypt "$tool"/var/sec/luks/$local_fqdn.key.gpg | +"$tool"/remote/ssh root@$local_fqdn "$@" \ -o CheckHostIP=no \ - -o HostKeyAlias=init.$vm_fqdn \ + -o HostKeyAlias=init.$local_fqdn \ tee /lib/cryptsetup/passfifo \>/dev/null diff --git a/remote/mosh b/remote/mosh index 4f6f24e..197f4f9 100755 --- a/remote/mosh +++ b/remote/mosh @@ -2,4 +2,4 @@ tool=$(readlink -e "${0%/*}/..") . "$tool"/remote/lib.sh -mosh --ssh="$tool/remote/ssh ${ssh_options-}" -- $vm_fqdn "$@" +mosh --ssh="$tool/remote/ssh ${ssh_options-}" -- $local_fqdn "$@" -- 2.20.1