X-Git-Url: https://iankelling.org/git/?a=blobdiff_plain;f=conflink;h=30d868e4dae606d244bc2decb19126fda8d70799;hb=f5bedaabc8ab8e0fa29238b70ab66bd7d37095d1;hp=ddf99010d2520f046014b349defba117b1c08331;hpb=dc9cf986307ee673850838d5bbcf9e5774bda2c3;p=distro-setup

diff --git a/conflink b/conflink
index ddf9901..30d868e 100755
--- a/conflink
+++ b/conflink
@@ -1,64 +1,148 @@
-#!/bin/bash -l
+#!/bin/bash
 
-set -eE -o pipefail
-trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" returned $?"' ERR
+source /a/bin/errhandle/err
+_errcatch_cleanup() {
+  echo 1 >~/.local/conflink
+}
+
+
+usage() {
+  cat <<EOF
+Usage: ${0##*/} [OPTIONS]
+Link or otherwise install configuration files.
+
+-f   For fast. Dont use lnf, use ln -sf. Good for updating existing files.
+EOF
+  exit $1
+}
 
 
-sysv() {
-    e "$@"
-    "$@"
+m() {
+  echo "$*"
+  "$@"
 }
+s() { sudo "$@"; }
 
+lnf() { /a/exe/lnf "$@"; }
+if [[ $1 == -f ]]; then
+  lnf() { ln -sf "$@"; }
+fi
 
 shopt -s nullglob
+shopt -s extglob
+shopt -s dotglob
 
-# if we make a link back to the root, traversing the subdirs stops.
-# This makes it so we can do subdir directories. Must call with absolute
-# paths.
+# If we make a link back to the root, we stop going deeper into subdir_files.
+# This makes it so we can do subdir directories.
+#
+# Also note, under filesystem/, symlinks are expanded.
 
 subdir-link-r() {
-    local root="$1"
-    local targets=()
-    if [[ $2 ]]; then
-        targets=( "$2"/* )
-    else
-        for f in "$1"/*; do
-            [[ -d $f ]] && targets+=("$f") ||:
-        done
-    fi
-    local below="$( readlink -f "$root/..")"
-    for path in "${targets[@]}"; do
-        local fullpath="$(readlink -f "$path")"
-        #e $fullpath $below # debug
-        if [[ -f $path || $(dirname $(readlink -f "$fullpath")) == "$below" ]]; then
-            if [[ $dir == /p/* ]]; then
-                homes=(/home/ian)
-            else
-                homes=(/home/*)
-            fi
-            for user in ${homes[@]}; do
-                sysv lnf -T "$path" "$user/${path#$root/}"
-            done
-        elif [[ -d "$path" ]]; then
-            subdir-link-r "$root" "$path"
-        fi
+  local root="$1"
+  local targets=()
+  if [[ $2 ]]; then
+    targets=( "$2"/!(.git|..|.) )
+  else
+    for f in "$1"/!(.git|..|.); do
+      if [[ -d $f ]]; then targets+=("$f"); fi
     done
+  fi
+  local below
+  below="$( readlink -f "$root/..")"
+  for path in "${targets[@]}"; do
+    local fullpath
+    fullpath="$(readlink -f "$path")"
+    #e $fullpath $below # debug
+    if [[ -f $path || $(dirname $(readlink -f "$fullpath")) == "$below" ]]; then
+      m lnf -T "$path" "$HOME/${path#$root/}"
+    elif [[ -d "$path" ]]; then
+      subdir-link-r "$root" "$path"
+    fi
+  done
 }
 
+
+
 common-file-setup() {
-    if [[ -e $1/subdir_files ]]; then
-        subdir-link-r $1/subdir_files
+  local dir fs x f
+  for dir in "$@"; do
+    fs=$dir/filesystem
+    if [[ -e $fs && $user =~ ^iank?$ ]]; then
+      # note, symlinks get resolved, not copied.
+      s tar --mode=g-s --owner=0 --group=0 -cz -C $fs . | s tar -xz -C /
     fi
-    local x=( $1/!(subdir_files|filesystem) )
-    (( ${#x[@]} >= 1 )) || return 0
-    sysv lnf ${x[@]} ~
-    # as of this writing, it doesn't exist in /a/c, but I've used it in the past.
-    if [[ -e $1/filesystem ]]; then
-        sysv s cp -R $1/filesystem/* /
+
+    if [[ -e $dir/subdir_files ]]; then
+      m subdir-link-r $dir/subdir_files
     fi
+    local x=( $dir/!(binds|subdir_files|filesystem|machine_specific|..|.) )
+    (( ${#x[@]} >= 1 )) || continue
+    m lnf ${x[@]} ~
+  done
 }
 
-# p needs to go first so .ssh link is created, then config link inside it
-for dir in {/a/c,/p/c}{,/machine_specific/$HOSTNAME}; do
-    common-file-setup $dir
+user=$(id -un)
+all_dirs=({/a/bin/ds,/p/c}{,/machine_specific/$HOSTNAME})
+# note, we assume a group of hosts does not have the
+# same name as a single host, which is no problem on our scale.
+for x in /p/c/machine_specific/*.hosts /a/bin/ds/machine_specific/*.hosts; do
+  if grep -qxF $HOSTNAME $x; then all_dirs+=( ${x%.hosts} ); fi
 done
+
+c_dirs=(/a/c{,/machine_specific/$HOSTNAME})
+case $user in
+  iank)
+    files=(/p/c/machine_specific/*/filesystem/etc/ssh/*_key
+           /p/c/filesystem/etc/openvpn/client/*.key
+           /p/c/filesystem/etc/openvpn/easy-rsa/keys/*.key
+           /p/c/machine_specific/kw/filesystem/etc/openvpn/client/*.key
+          )
+    if [[ -e ${files[0]} ]]; then
+      chmod 600 ${files[@]}
+    fi
+    # p needs to go first so .ssh link is created, then config link inside it
+    m common-file-setup ${all_dirs[@]}
+
+    #### begin special extra stuff ####
+    install -d -m700 ~/gpg-agent-socket
+
+    f=/var/lib/bind
+    if [[ -e $f ]]; then
+      # reset to the original permissions.
+      m s chgrp -R bind $f
+      m s chmod g+w $f
+    fi
+    sudo bash -c 'shopt -s nullglob; for f in /etc/bind/*.key /etc/bind/*.private /etc/bind/key.*; do chgrp bind $f; done'
+    if [[ -e /etc/davpass ]] && getent group www-data &>/dev/null; then
+      s chgrp www-data /etc/davpass
+    fi
+    if [[ -e /var/lib/znc ]] && getent group znc; then
+      s chown -R znc:znc /var/lib/znc
+    fi
+    /a/exe/lnf -T /p/arbtt-capture.log ~/.arbtt/capture.log
+    f=/etc/prometheus-htpasswd
+    if [[ -e $f ]]; then
+      s chmod 640 $f /etc/prometheus-pass
+      s chown root:www-data $f
+      if getent passwd prometheus; then
+        s chown root:prometheus /etc/prometheus-pass
+      fi
+    fi
+
+    ##### end special extra stuff #####
+
+    if [[ -e /etc/openvpn ]]; then
+      sudo bash -c 'shopt -s nullglob && cd /etc/openvpn && for f in client/* server/*; do ln -sf $f .; done'
+    fi
+
+    m sudo -H -u user2 "${BASH_SOURCE[0]}"
+    ;;
+  user2)
+    m common-file-setup ${c_dirs[@]}
+    ;;
+  *)
+    echo "$0: error: unexpected user"; exit 1
+    ;;
+esac
+
+echo 0 >~/.local/conflink