#!/bin/bash
-source /a/bin/errhandle/errcatch-function
-source /a/bin/errhandle/bash-trace-function
-
-errcatch
+source /a/bin/errhandle/err
m() {
- echo "$*"
- "$@"
+ echo "$*"
+ "$@"
}
s() { sudo "$@"; }
lnf() { /a/exe/lnf "$@"; }
# Also note, under filesystem/, symlinks are expanded.
subdir-link-r() {
- local root="$1"
- local targets=()
- if [[ $2 ]]; then
- targets=( "$2"/!(.git|..|.) )
- else
- for f in "$1"/!(.git|..|.); do
- [[ -d $f ]] && targets+=("$f") ||:
- done
- fi
- local below="$( readlink -f "$root/..")"
- for path in "${targets[@]}"; do
- local fullpath="$(readlink -f "$path")"
- #e $fullpath $below # debug
- if [[ -f $path || $(dirname $(readlink -f "$fullpath")) == "$below" ]]; then
- m lnf -T "$path" "$HOME/${path#$root/}"
- elif [[ -d "$path" ]]; then
- subdir-link-r "$root" "$path"
- fi
+ local root="$1"
+ local targets=()
+ if [[ $2 ]]; then
+ targets=( "$2"/!(.git|..|.) )
+ else
+ for f in "$1"/!(.git|..|.); do
+ [[ -d $f ]] && targets+=("$f") ||:
done
+ fi
+ local below="$( readlink -f "$root/..")"
+ for path in "${targets[@]}"; do
+ local fullpath="$(readlink -f "$path")"
+ #e $fullpath $below # debug
+ if [[ -f $path || $(dirname $(readlink -f "$fullpath")) == "$below" ]]; then
+ m lnf -T "$path" "$HOME/${path#$root/}"
+ elif [[ -d "$path" ]]; then
+ subdir-link-r "$root" "$path"
+ fi
+ done
}
common-file-setup() {
- local dir fs x bdir f dst
- for dir in "$@"; do
- fs=$dir/filesystem
- if [[ -e $fs && $USER == ian ]]; then
- # note, symlinks get resolved, not copied.
- m s cp -RLT --preserve=mode,timestamps $fs /
- fi
-
- if [[ -e $dir/subdir_files ]]; then
- subdir-link-r $dir/subdir_files
- fi
- local x=( $dir/!(binds|subdir_files|filesystem|machine_specific|..|.) )
- (( ${#x[@]} >= 1 )) || continue
- m lnf ${x[@]} ~
- done
+ local dir fs x bdir f dst
+ for dir in "$@"; do
+ fs=$dir/filesystem
+ if [[ -e $fs && $USER =~ ^iank?$ ]]; then
+ # note, symlinks get resolved, not copied.
+ s tar --mode=g-s --owner=0 --group=0 -cz -C $fs . | s tar -xz -C /
+ fi
+
+ if [[ -e $dir/subdir_files ]]; then
+ m subdir-link-r $dir/subdir_files
+ fi
+ local x=( $dir/!(binds|subdir_files|filesystem|machine_specific|..|.) )
+ (( ${#x[@]} >= 1 )) || continue
+ m lnf ${x[@]} ~
+ done
}
all_dirs=({/a/c,/p/c}{,/machine_specific/$HOSTNAME})
# note, we assume a group of hosts does not have the
# same name as a single host, which is no problem on our scale.
-for x in /p/c/machine_specific/*.hosts; do
- if grep -qxF $HOSTNAME $x; then all_dirs+=( ${x%.hosts} ); fi
+for x in /p/c/machine_specific/*.hosts /a/bin/ds/machine_specific/*.hosts; do
+ if grep -qxF $HOSTNAME $x; then all_dirs+=( ${x%.hosts} ); fi
done
c_dirs=(/a/c{,/machine_specific/$HOSTNAME})
case $USER in
- ian)
- # p needs to go first so .ssh link is created, then config link inside it
- common-file-setup ${all_dirs[@]}
- if [[ -d /etc/bind/bind-writable ]]; then
- # need bind writable dir for nsupdate, or else we get
- # named[20823]: /etc/bind/db.iank.pw.jnl: create: permission denied
- s chgrp bind /etc/bind/bind-writable
- fi
- if [[ -e /etc/davpass ]] && getent group www-data &>/dev/null; then
- s chgrp www-data /etc/davpass
- fi
- sudo -u traci "$BASH_SOURCE"
- ;;
- traci)
- common-file-setup ${c_dirs[@]}
- ;;
- *)
- echo "$0: error: unexpected user"; exit 1
- ;;
+ iank)
+ files=(/p/c/machine_specific/*/filesystem/etc/ssh/*_key
+ /p/c/filesystem/etc/openvpn/client/*.key
+ /p/c/filesystem/etc/openvpn/easy-rsa/keys/*.key
+ /p/c/machine_specific/kw/filesystem/etc/openvpn/client/*.key
+ )
+ if [[ -e $files ]]; then
+ chmod 600 ${files[@]}
+ fi
+ # p needs to go first so .ssh link is created, then config link inside it
+ m common-file-setup ${all_dirs[@]}
+
+ #### begin special extra stuff ####
+ install -d -m700 ~/gpg-agent-socket
+
+ f=/var/lib/bind
+ if [[ -e $f ]]; then
+ # reset to the original permissions.
+ m s chgrp -R bind $f
+ m s chmod g+w $f
+ fi
+ sudo bash -c 'shopt -s nullglob; for f in /etc/bind/*.key /etc/bind/*.private /etc/bind/key.*; do chgrp bind $f; done'
+ if [[ -e /etc/davpass ]] && getent group www-data &>/dev/null; then
+ s chgrp www-data /etc/davpass
+ fi
+ if [[ -e /var/lib/znc ]] && getent group znc; then
+ s chown -R znc:znc /var/lib/znc
+ fi
+ /a/exe/lnf -T /p/arbtt-capture.log ~/.arbtt/capture.log
+ f=/etc/prometheus-htpasswd
+ if [[ -e $f ]]; then
+ s chmod 640 $f /etc/prometheus-pass
+ s chown root:www-data $f
+ if getent passwd prometheus; then
+ s chown root:prometheus /etc/prometheus-pass
+ fi
+ fi
+
+ ##### end special extra stuff #####
+
+ sudo bash -c 'shopt -s nullglob; cd /etc/openvpn; for f in client/* server/*; do ln -sf $f .; done'
+
+ m sudo -H -u traci "$BASH_SOURCE"
+ ;;
+ traci)
+ m common-file-setup ${c_dirs[@]}
+ ;;
+ *)
+ echo "$0: error: unexpected user"; exit 1
+ ;;
esac