#!/bin/bash
+# I, Ian Kelling, follow the GNU license recommendations at
+# https://www.gnu.org/licenses/license-recommendations.en.html. They
+# recommend that small programs, < 300 lines, be licensed under the
+# Apache License 2.0. This file contains or is part of one or more small
+# programs. If a small program grows beyond 300 lines, I plan to switch
+# its license to GPL.
-source /a/bin/errhandle/err
+# Copyright 2024 Ian Kelling
+
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+
+# http://www.apache.org/licenses/LICENSE-2.0
+
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+
+source /a/bin/bash-bear-trap/bash-bear
err-cleanup() {
echo 1 >~/.local/conflink
}
Link or otherwise install configuration files.
-f For fast. Dont use lnf, use ln -sf. Good for updating existing files.
+-v Verbose show all the files getting linked and whatnot.
EOF
exit $1
}
+s() { sudo "$@"; }
m() {
+ "$@"
+}
+v() {
echo "$*"
"$@"
}
-s() { sudo "$@"; }
lnf() { /a/exe/lnf "$@"; }
+
+
+##### begin command line parsing ########
+
+# ensure we can handle args with spaces or empty.
+ret=0; getopt -T || ret=$?
+[[ $ret == 4 ]] || { echo "Install util-linux for enhanced getopt" >&2; exit 1; }
+
fast=false
-if [[ $1 == -f ]]; then # f for fast
- fast=true
+verbose=false
+temp=$(getopt -l help hvf "$@") || usage 1
+eval set -- "$temp"
+while true; do
+ case $1 in
+ -v) verbose=true ;;
+ -f) fast=true ;;
+ -h|--help) usage ;;
+ --) shift; break ;;
+ *) echo "$0: unexpected args: $*" >&2 ; usage 1 ;;
+ esac
shift
-elif
- [[ $1 ]]; then
- echo "error: unrecognized arguments" >&2
- exit 0
-fi
+done
+readonly fast verbose
+
+##### end command line parsing ########
+
+tmpf=$(mktemp)
if $fast; then
lnf() { ln -sf "$@"; }
fi
+if $verbose; then
+ m() {
+ echo "$*"
+ "$@"
+ }
+fi
+
shopt -s nullglob
shopt -s extglob
shopt -s dotglob
local fullpath
fullpath="$(readlink -f "$path")"
if [[ -f $path || $(dirname "$fullpath") == "$below" ]]; then
- m lnf -T "$path" "$HOME/${path#$root/}"
+ m lnf -T "$path" "$HOME/${path#"$root/"}"
elif [[ -d "$path" ]]; then
subdir-link-r "$root" "$path"
fi
common-file-setup() {
local dir fs x f reload_systemd
- local -a reload_services
local -a restart_services
reload_systemd=false
+ # note, i ran chmod -R g-s on the filesystem dirs
+ # so i could keep permissions of secret files
for dir in "$@"; do
fs=$dir/filesystem
if [[ -e $fs && $user =~ ^iank?$ ]]; then
# we dont want t, instead c for checksum.
# That way we dont set times on directories.
# -a = -rlptgoD
- cmd=( s rsync -rclpgoDiSAX --chown=root:root --chmod=g-s
+ # -A is acls, implies -p
+ cmd=( s rsync -rclgoDiSAX --chmod=Dg-s --chown=root:root
--exclude=/etc/dovecot/users
--exclude='/etc/exim4/passwd*'
--exclude='/etc/exim4/*.pem'
$fs/ / )
echo "${cmd[@]@Q}"
+ "${cmd[@]}" | tee $tmpf
while read -r line; do
file="${line:12}"
case $file in
- etc/prometheus/rules/iank.yml)
+ etc/prometheus/rules/iank.yml|etc/prometheus/prometheus.yml)
case $HOSTNAME in
kd)
if systemctl is-active prometheus &>/dev/null; then
- m s systemctl reload prometheus
+ v s systemctl reload prometheus
fi
;;
esac
# A = preserve acls
# X = preserve extended attributes
# i = itemize
- done < <("${cmd[@]}")
+ done <$tmpf
fi
if ! $fast && [[ -e $dir/subdir_files ]]; then
m lnf ${x[@]} ~
done
if $reload_systemd; then
- m s systemctl daemon-reload
+ v s systemctl daemon-reload
fi
for service in ${restart_services[@]}; do
if systemctl is-active $service >/dev/null; then
- m s systemctl restart $service
+ v s systemctl restart $service
fi
done
}
if grep -qxF $HOSTNAME $x; then all_dirs+=( ${x%.hosts} ); fi
done
-# old files 2022-03
-for t in systemstatus epanicclean btrfsmaintstop dynamicipupdate; do
- f=/etc/systemd/system/$t.timer
- if [[ -e $f ]]; then
- s systemctl stop $t.timer
- s systemctl disable $t.timer
- s rm -fv $f
- reload_systemd=true
- fi
-done
-rm -f /etc/cron.daily/check-lets-encrypt-ssl-settings
c_dirs=(/a/c{,/machine_specific/$HOSTNAME})
case $user in
iank)
+ # old files 2022-03
+ for t in systemstatus epanicclean btrfsmaintstop dynamicipupdate; do
+ f=/etc/systemd/system/$t.timer
+ if [[ -e $f ]]; then
+ v systemctl stop $t.timer
+ v systemctl disable $t.timer
+ s rm -fv $f
+ reload_systemd=true
+ fi
+ done
+ # old 2022-04
+ if [[ -e /etc/cron.daily/check-lets-encrypt-ssl-settings ]]; then
+ m s rm -f /etc/cron.daily/check-lets-encrypt-ssl-settings
+ fi
+ # conversion from whole folder subdir to individual files.
+ if [[ -L /home/iank/.config/copyq ]]; then
+ rm -fv /home/iank/.config/copyq
+ fi
+
/a/bin/ds/install-my-scripts
files=(/p/c/machine_specific/*/filesystem/etc/ssh/*_key
/p/c/machine_specific/*/filesystem/etc/openvpn/client/*.key
m s chgrp -R bind $f
m s chmod g+w $f
fi
- sudo bash -c 'shopt -s nullglob; for f in /etc/bind/*.key /etc/bind/*.private /etc/bind/key.*; do chgrp bind $f; done'
+ # shellcheck disable=SC2016 # obviously expected
+ s bash -c 'shopt -s nullglob; for f in /etc/bind/*.key /etc/bind/*.private /etc/bind/key.*; do chgrp bind $f; done'
if [[ -e /etc/caldav-htpasswd ]] && getent group www-data &>/dev/null; then
s chgrp www-data /etc/caldav-htpasswd
fi
if [[ -e /var/lib/znc ]] && getent group znc; then
s chown -R znc:znc /var/lib/znc
fi
- for f in /etc/prometheus-{,export-}htpasswd; do
- if [[ -e $f ]]; then
- s chmod 640 $f
- if getent passwd www-data &>/dev/null; then
- s chown root:www-data $f
- fi
- fi
- done
- f=/etc/prometheus-pass
- if [[ -e $f ]]; then
- # note: this is duplicative of the file's own permissions
- s chmod 640 $f /etc/prometheus-pass
+ if [[ -e /p/c/user-specific ]]; then
if getent passwd prometheus &>/dev/null; then
- s chown root:prometheus $f
+ v s rsync -clpgoDiSAX --chmod=Dg-s --chown=root:prometheus /p/c/user-specific/prometheus/prometheus-pass /etc
+ v s rsync -clpgoDiSAX --chmod=Dg-s --chown=root:prometheus /p/c/user-specific/prometheus/prometheus/ssl/* /etc/prometheus/ssl
fi
+ if getent passwd www-data &>/dev/null; then
+ v s rsync -clpgoDiSAX --chmod=Dg-s --chown=root:www-data /p/c/user-specific/www-data/* /etc
+ fi
+ fi
+
+ if [[ -d /var/lib/bitcoind && -d /p/c/user-specific/bitcoin ]]; then
+ s rsync -clpgoDiSAX --chmod=Dg-s --chown=bitcoin:bitcoin /p/c/user-specific/bitcoin/settings.json /var/lib/bitcoind
+ s rsync -rclpgoDiSAX --chmod=Dg-s --chown=root:bitcoin /p/c/user-specific/bitcoin/bitcoin /etc
+ fi
+ # this folder strangely requires ownership as icecast2
+ if [[ -d /etc/icecast2 && -f /p/c/icecast.xml ]]; then
+ m s rsync -rclgoDiSAX --chmod=0644 --chown=root:root /p/c/icecast.xml /etc/icecast2
fi
##### end special extra stuff #####
if ! $fast; then
- m sudo -H -u user2 "${BASH_SOURCE[0]}"
+ m s -H -u user2 "${BASH_SOURCE[0]}"
fi
f=/a/bin/distro-setup/system-status