X-Git-Url: https://iankelling.org/git/?a=blobdiff_plain;f=conflink;h=da04cb9a93a55959b9dadd02febbfcbd1715f531;hb=HEAD;hp=d7323fdf0e9d1ee29ff4c3cf8e8d035cf752aacd;hpb=b18dade73dedfe69aa741f8417947d83c4208f2d;p=distro-setup diff --git a/conflink b/conflink index d7323fd..da04cb9 100755 --- a/conflink +++ b/conflink @@ -1,6 +1,27 @@ #!/bin/bash +# I, Ian Kelling, follow the GNU license recommendations at +# https://www.gnu.org/licenses/license-recommendations.en.html. They +# recommend that small programs, < 300 lines, be licensed under the +# Apache License 2.0. This file contains or is part of one or more small +# programs. If a small program grows beyond 300 lines, I plan to switch +# its license to GPL. -source /a/bin/errhandle/err +# Copyright 2024 Ian Kelling + +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at + +# http://www.apache.org/licenses/LICENSE-2.0 + +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + + +source /a/bin/bash-bear-trap/bash-bear err-cleanup() { echo 1 >~/.local/conflink } @@ -12,33 +33,62 @@ Usage: ${0##*/} [OPTIONS] Link or otherwise install configuration files. -f For fast. Dont use lnf, use ln -sf. Good for updating existing files. +-v Verbose show all the files getting linked and whatnot. EOF exit $1 } +s() { sudo "$@"; } m() { + "$@" +} +v() { echo "$*" "$@" } -s() { sudo "$@"; } lnf() { /a/exe/lnf "$@"; } + + +##### begin command line parsing ######## + +# ensure we can handle args with spaces or empty. +ret=0; getopt -T || ret=$? +[[ $ret == 4 ]] || { echo "Install util-linux for enhanced getopt" >&2; exit 1; } + fast=false -if [[ $1 == -f ]]; then # f for fast - fast=true +verbose=false +temp=$(getopt -l help hvf "$@") || usage 1 +eval set -- "$temp" +while true; do + case $1 in + -v) verbose=true ;; + -f) fast=true ;; + -h|--help) usage ;; + --) shift; break ;; + *) echo "$0: unexpected args: $*" >&2 ; usage 1 ;; + esac shift -elif - [[ $1 ]]; then - echo "error: unrecognized arguments" >&2 - exit 0 -fi +done +readonly fast verbose + +##### end command line parsing ######## + +tmpf=$(mktemp) if $fast; then lnf() { ln -sf "$@"; } fi +if $verbose; then + m() { + echo "$*" + "$@" + } +fi + shopt -s nullglob shopt -s extglob shopt -s dotglob @@ -65,7 +115,7 @@ subdir-link-r() { local fullpath fullpath="$(readlink -f "$path")" if [[ -f $path || $(dirname "$fullpath") == "$below" ]]; then - m lnf -T "$path" "$HOME/${path#$root/}" + m lnf -T "$path" "$HOME/${path#"$root/"}" elif [[ -d "$path" ]]; then subdir-link-r "$root" "$path" fi @@ -75,21 +125,36 @@ subdir-link-r() { common-file-setup() { local dir fs x f reload_systemd - local -a reload_services local -a restart_services reload_systemd=false + # note, i ran chmod -R g-s on the filesystem dirs + # so i could keep permissions of secret files for dir in "$@"; do fs=$dir/filesystem if [[ -e $fs && $user =~ ^iank?$ ]]; then - cmd=( s rsync -aiSAX --chown=root:root --chmod=g-s + # we dont want t, instead c for checksum. + # That way we dont set times on directories. + # -a = -rlptgoD + # -A is acls, implies -p + cmd=( s rsync -rclgoDiSAX --chmod=Dg-s --chown=root:root --exclude=/etc/dovecot/users --exclude='/etc/exim4/passwd*' --exclude='/etc/exim4/*.pem' $fs/ / ) echo "${cmd[@]@Q}" + "${cmd[@]}" | tee $tmpf while read -r line; do file="${line:12}" case $file in + etc/prometheus/rules/iank.yml|etc/prometheus/prometheus.yml) + case $HOSTNAME in + kd) + if systemctl is-active prometheus &>/dev/null; then + v s systemctl reload prometheus + fi + ;; + esac + ;; etc/systemd/system/*) reload_systemd=true ;; @@ -107,10 +172,10 @@ common-file-setup() { # A = preserve acls # X = preserve extended attributes # i = itemize - done < <("${cmd[@]}") + done <$tmpf fi - if [[ -e $dir/subdir_files ]]; then + if ! $fast && [[ -e $dir/subdir_files ]]; then m subdir-link-r $dir/subdir_files fi local x=( $dir/!(binds|subdir_files|filesystem|machine_specific|..|.|.#*) ) @@ -118,11 +183,11 @@ common-file-setup() { m lnf ${x[@]} ~ done if $reload_systemd; then - m s systemctl daemon-reload + v s systemctl daemon-reload fi for service in ${restart_services[@]}; do if systemctl is-active $service >/dev/null; then - m s systemctl restart $service + v s systemctl restart $service fi done } @@ -135,20 +200,29 @@ for x in /p/c/machine_specific/*.hosts /a/bin/ds/machine_specific/*.hosts; do if grep -qxF $HOSTNAME $x; then all_dirs+=( ${x%.hosts} ); fi done -# old files 2022-03 -for t in systemstatus epanicclean btrfsmaintstop dynamicipupdate; do - f=/etc/systemd/system/$t.timer - if [[ -e $f ]]; then - s systemctl stop $t.timer - s systemctl disable $t.timer - s rm -fv $f - reload_systemd=true - fi -done c_dirs=(/a/c{,/machine_specific/$HOSTNAME}) case $user in iank) + # old files 2022-03 + for t in systemstatus epanicclean btrfsmaintstop dynamicipupdate; do + f=/etc/systemd/system/$t.timer + if [[ -e $f ]]; then + v systemctl stop $t.timer + v systemctl disable $t.timer + s rm -fv $f + reload_systemd=true + fi + done + # old 2022-04 + if [[ -e /etc/cron.daily/check-lets-encrypt-ssl-settings ]]; then + m s rm -f /etc/cron.daily/check-lets-encrypt-ssl-settings + fi + # conversion from whole folder subdir to individual files. + if [[ -L /home/iank/.config/copyq ]]; then + rm -fv /home/iank/.config/copyq + fi + /a/bin/ds/install-my-scripts files=(/p/c/machine_specific/*/filesystem/etc/ssh/*_key /p/c/machine_specific/*/filesystem/etc/openvpn/client/*.key @@ -170,34 +244,37 @@ case $user in m s chgrp -R bind $f m s chmod g+w $f fi - sudo bash -c 'shopt -s nullglob; for f in /etc/bind/*.key /etc/bind/*.private /etc/bind/key.*; do chgrp bind $f; done' + # shellcheck disable=SC2016 # obviously expected + s bash -c 'shopt -s nullglob; for f in /etc/bind/*.key /etc/bind/*.private /etc/bind/key.*; do chgrp bind $f; done' if [[ -e /etc/caldav-htpasswd ]] && getent group www-data &>/dev/null; then s chgrp www-data /etc/caldav-htpasswd fi if [[ -e /var/lib/znc ]] && getent group znc; then s chown -R znc:znc /var/lib/znc fi - for f in /etc/prometheus-{,export-}htpasswd; do - if [[ -e $f ]]; then - s chmod 640 $f - if getent passwd www-data; then - s chown root:www-data $f - fi + if [[ -e /p/c/user-specific ]]; then + if getent passwd prometheus &>/dev/null; then + v s rsync -clpgoDiSAX --chmod=Dg-s --chown=root:prometheus /p/c/user-specific/prometheus/prometheus-pass /etc + v s rsync -clpgoDiSAX --chmod=Dg-s --chown=root:prometheus /p/c/user-specific/prometheus/prometheus/ssl/* /etc/prometheus/ssl fi - done - f=/etc/prometheus-pass - if [[ -e $f ]]; then - # note: this is duplicative of the file's own permissions - s chmod 640 $f /etc/prometheus-pass - if getent passwd prometheus; then - s chown root:prometheus $f + if getent passwd www-data &>/dev/null; then + v s rsync -clpgoDiSAX --chmod=Dg-s --chown=root:www-data /p/c/user-specific/www-data/* /etc fi fi - + if [[ -d /var/lib/bitcoind && -d /p/c/user-specific/bitcoin ]]; then + s rsync -clpgoDiSAX --chmod=Dg-s --chown=bitcoin:bitcoin /p/c/user-specific/bitcoin/settings.json /var/lib/bitcoind + s rsync -rclpgoDiSAX --chmod=Dg-s --chown=root:bitcoin /p/c/user-specific/bitcoin/bitcoin /etc + fi + # this folder strangely requires ownership as icecast2 + if [[ -d /etc/icecast2 && -f /p/c/icecast.xml ]]; then + m s rsync -rclgoDiSAX --chmod=0644 --chown=root:root /p/c/icecast.xml /etc/icecast2 + fi ##### end special extra stuff ##### - m sudo -H -u user2 "${BASH_SOURCE[0]}" + if ! $fast; then + m s -H -u user2 "${BASH_SOURCE[0]}" + fi f=/a/bin/distro-setup/system-status if [[ -x $f ]]; then