X-Git-Url: https://iankelling.org/git/?a=blobdiff_plain;f=conflink;h=8deae093a7bbee829a72ab1cc590ed8a91390372;hb=7f759d320592e791a62cd0a966350e8c53ee0976;hp=5ac563919661527a7242f42a60b7f37640064662;hpb=4f13ea60bec1126f54b9da543b549d29d5013a69;p=distro-setup diff --git a/conflink b/conflink index 5ac5639..8deae09 100755 --- a/conflink +++ b/conflink @@ -1,17 +1,47 @@ #!/bin/bash source /a/bin/errhandle/err +err-cleanup() { + echo 1 >~/.local/conflink +} + + +usage() { + cat <&2 + exit 0 +fi + +if $fast; then + lnf() { ln -sf "$@"; } +fi shopt -s nullglob -shopt -s extglob # note, already set with bash -l +shopt -s extglob +shopt -s dotglob # If we make a link back to the root, we stop going deeper into subdir_files. # This makes it so we can do subdir directories. @@ -25,12 +55,14 @@ subdir-link-r() { targets=( "$2"/!(.git|..|.) ) else for f in "$1"/!(.git|..|.); do - [[ -d $f ]] && targets+=("$f") ||: + if [[ -d $f ]]; then targets+=("$f"); fi done fi - local below="$( readlink -f "$root/..")" + local below + below="$( readlink -f "$root/..")" for path in "${targets[@]}"; do - local fullpath="$(readlink -f "$path")" + local fullpath + fullpath="$(readlink -f "$path")" #e $fullpath $below # debug if [[ -f $path || $(dirname $(readlink -f "$fullpath")) == "$below" ]]; then m lnf -T "$path" "$HOME/${path#$root/}" @@ -41,14 +73,36 @@ subdir-link-r() { } - common-file-setup() { - local dir fs x bdir f dst + local dir fs x f reload_systemd + local -a reload_services + local -a restart_services + reload_systemd=false for dir in "$@"; do fs=$dir/filesystem - if [[ -e $fs && $USER =~ ^iank?$ ]]; then - # note, symlinks get resolved, not copied. - s tar --mode=g-s --owner=0 --group=0 -cz -C $fs . | s tar -xz -C / + if [[ -e $fs && $user =~ ^iank?$ ]]; then + while read -r line; do + file="${line:12}" + case $file in + etc/systemd/system/*) + reload_systemd=true + ;; + etc/dnsmasq.d/*) + restart_services+=(dnsmasq) + ;; + esac + # Previously did this with tar, but it doesn't + # update directory permissions. + # + # S = do spare files efficiently + # A = preserve acls + # X = preserve extended attributes + # i = itemize + done < <(s rsync -aiSAX --chown=root:root --chmod=g-s \ + --exclude=/etc/dovecot/users \ + --exclude='/etc/exim4/passwd*' \ + --exclude='/etc/exim4/*.pem' \ + $fs/ /) fi if [[ -e $dir/subdir_files ]]; then @@ -58,30 +112,49 @@ common-file-setup() { (( ${#x[@]} >= 1 )) || continue m lnf ${x[@]} ~ done + if $reload_systemd; then + m s systemctl daemon-reload + fi + for service in ${restart_services[@]}; do + if systemctl is-active $service >/dev/null; then + m s systemctl reload $service + fi + done + } -all_dirs=({/a/c,/p/c}{,/machine_specific/$HOSTNAME}) +user=$(id -un) +all_dirs=({/a/bin/ds,/p/c}{,/machine_specific/$HOSTNAME}) # note, we assume a group of hosts does not have the # same name as a single host, which is no problem on our scale. -for x in /p/c/machine_specific/*.hosts; do +for x in /p/c/machine_specific/*.hosts /a/bin/ds/machine_specific/*.hosts; do if grep -qxF $HOSTNAME $x; then all_dirs+=( ${x%.hosts} ); fi done c_dirs=(/a/c{,/machine_specific/$HOSTNAME}) -case $USER in - ian|iank) +case $user in + iank) + files=(/p/c/machine_specific/*/filesystem/etc/ssh/*_key + /p/c/filesystem/etc/openvpn/client/*.key + /p/c/filesystem/etc/openvpn/easy-rsa/keys/*.key + /p/c/machine_specific/kw/filesystem/etc/openvpn/client/*.key + ) + if [[ -e ${files[0]} ]]; then + chmod 600 ${files[@]} + fi # p needs to go first so .ssh link is created, then config link inside it m common-file-setup ${all_dirs[@]} #### begin special extra stuff #### install -d -m700 ~/gpg-agent-socket - files=(/var/lib/bind) - if [[ -e $files ]]; then + f=/var/lib/bind + if [[ -e $f ]]; then # reset to the original permissions. - m s chgrp -R bind ${files[@]} - m s chmod g+w ${files[@]} + m s chgrp -R bind $f + m s chmod g+w $f fi + sudo bash -c 'shopt -s nullglob; for f in /etc/bind/*.key /etc/bind/*.private /etc/bind/key.*; do chgrp bind $f; done' if [[ -e /etc/davpass ]] && getent group www-data &>/dev/null; then s chgrp www-data /etc/davpass fi @@ -89,14 +162,32 @@ case $USER in s chown -R znc:znc /var/lib/znc fi /a/exe/lnf -T /p/arbtt-capture.log ~/.arbtt/capture.log + f=/etc/prometheus-htpasswd + if [[ -e $f ]]; then + s chmod 640 $f /etc/prometheus-pass + s chown root:www-data $f + if getent passwd prometheus; then + s chown root:prometheus /etc/prometheus-pass + fi + fi + ##### end special extra stuff ##### - sudo bash -c 'cd /etc/openvpn; for f in client/* server/*; do ln -sf $f .; done' - sudo bash -c 'cd /etc/openvpn; for f in server/*.key client/*.key; do chmod 600 $f; done' + if [[ -e /etc/openvpn ]]; then + sudo bash -c 'shopt -s nullglob && cd /etc/openvpn && for f in client/* server/*; do ln -sf $f .; done' + fi + + m sudo -H -u user2 "${BASH_SOURCE[0]}" + + f=/a/bin/distro-setup/system-status + if [[ -x $f ]]; then + $f _ + fi + mkdir -p ~/.local + echo 0 >~/.local/conflink - m sudo -H -u traci "$BASH_SOURCE" ;; - traci) + user2) m common-file-setup ${c_dirs[@]} ;; *)