X-Git-Url: https://iankelling.org/git/?a=blobdiff_plain;f=conflink;h=da04cb9a93a55959b9dadd02febbfcbd1715f531;hb=HEAD;hp=e5cf3fbfda0d599f60c24435b8de356203831d8e;hpb=563cc41a1f3ddb95bedf595cc249f53aea6629c1;p=distro-setup

diff --git a/conflink b/conflink
index e5cf3fb..da04cb9 100755
--- a/conflink
+++ b/conflink
@@ -1,6 +1,27 @@
 #!/bin/bash
+# I, Ian Kelling, follow the GNU license recommendations at
+# https://www.gnu.org/licenses/license-recommendations.en.html. They
+# recommend that small programs, < 300 lines, be licensed under the
+# Apache License 2.0. This file contains or is part of one or more small
+# programs. If a small program grows beyond 300 lines, I plan to switch
+# its license to GPL.
 
-source /a/bin/errhandle/err
+# Copyright 2024 Ian Kelling
+
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+
+#     http://www.apache.org/licenses/LICENSE-2.0
+
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+
+source /a/bin/bash-bear-trap/bash-bear
 err-cleanup() {
   echo 1 >~/.local/conflink
 }
@@ -94,7 +115,7 @@ subdir-link-r() {
     local fullpath
     fullpath="$(readlink -f "$path")"
     if [[ -f $path || $(dirname "$fullpath") == "$below" ]]; then
-      m lnf -T "$path" "$HOME/${path#$root/}"
+      m lnf -T "$path" "$HOME/${path#"$root/"}"
     elif [[ -d "$path" ]]; then
       subdir-link-r "$root" "$path"
     fi
@@ -104,7 +125,6 @@ subdir-link-r() {
 
 common-file-setup() {
   local dir fs x f reload_systemd
-  local -a reload_services
   local -a restart_services
   reload_systemd=false
   # note, i ran chmod -R g-s on the filesystem dirs
@@ -115,7 +135,8 @@ common-file-setup() {
       # we dont want t, instead c for checksum.
       # That way we dont set times on directories.
       # -a = -rlptgoD
-      cmd=( s rsync -rclpgoDiSAX --chown=root:root
+      # -A is acls, implies -p
+      cmd=( s rsync -rclgoDiSAX --chmod=Dg-s --chown=root:root
             --exclude=/etc/dovecot/users
             --exclude='/etc/exim4/passwd*'
             --exclude='/etc/exim4/*.pem'
@@ -217,16 +238,13 @@ case $user in
     #### begin special extra stuff ####
     install -d -m700 ~/gpg-agent-socket
 
-    if [[ -e /etc/bitcoin ]] && getent group bitcoin &>/dev/null; then
-      s chown bitcoin:bitcoin /etc/bitcoin
-    fi
-
     f=/var/lib/bind
     if [[ -e $f ]]; then
       # reset to the original permissions.
       m s chgrp -R bind $f
       m s chmod g+w $f
     fi
+    # shellcheck disable=SC2016 # obviously expected
     s bash -c 'shopt -s nullglob; for f in /etc/bind/*.key /etc/bind/*.private /etc/bind/key.*; do chgrp bind $f; done'
     if [[ -e /etc/caldav-htpasswd ]] && getent group www-data &>/dev/null; then
       s chgrp www-data /etc/caldav-htpasswd
@@ -234,36 +252,23 @@ case $user in
     if [[ -e /var/lib/znc ]] && getent group znc; then
       s chown -R znc:znc /var/lib/znc
     fi
-    for f in /etc/prometheus-{,export-}htpasswd; do
-      if [[ -e $f ]]; then
-        # note: this is duplicative of the file's own permissions
-        s chmod 640 $f
-        if getent passwd www-data &>/dev/null; then
-          s chown root:www-data $f
-        fi
-      fi
-    done
-    f=/etc/prometheus-pass
-    if [[ -e $f ]]; then
-      # note: this is duplicative of the file's own permissions
-      s chmod 640 $f
+    if [[ -e /p/c/user-specific ]]; then
       if getent passwd prometheus &>/dev/null; then
-        s chown root:prometheus $f
+        v s rsync -clpgoDiSAX --chmod=Dg-s --chown=root:prometheus /p/c/user-specific/prometheus/prometheus-pass /etc
+        v s rsync -clpgoDiSAX --chmod=Dg-s --chown=root:prometheus /p/c/user-specific/prometheus/prometheus/ssl/* /etc/prometheus/ssl
       fi
-    fi
-    f=/etc/nagios4/htdigest.users
-    if [[ -e $f ]]; then
-      # note: this is duplicative of the file's own permissions
-      s chmod 640 $f /etc/prometheus-pass
-      if getent passwd nagios &>/dev/null; then
-        s chown nagios:www-data $f
+      if getent passwd www-data &>/dev/null; then
+        v s rsync -clpgoDiSAX --chmod=Dg-s --chown=root:www-data /p/c/user-specific/www-data/* /etc
       fi
     fi
-    f=/var/lib/bitcoind/settings.json
-    if [[ -e $f ]]; then
-      if getent passwd bitcoin &>/dev/null; then
-        s chown bitcoin:bitcoin $f
-      fi
+
+    if [[ -d /var/lib/bitcoind && -d /p/c/user-specific/bitcoin ]]; then
+      s rsync -clpgoDiSAX --chmod=Dg-s --chown=bitcoin:bitcoin /p/c/user-specific/bitcoin/settings.json /var/lib/bitcoind
+      s rsync -rclpgoDiSAX --chmod=Dg-s --chown=root:bitcoin /p/c/user-specific/bitcoin/bitcoin /etc
+    fi
+    # this folder strangely requires ownership as icecast2
+    if [[ -d /etc/icecast2 && -f /p/c/icecast.xml ]]; then
+      m s rsync -rclgoDiSAX --chmod=0644 --chown=root:root /p/c/icecast.xml /etc/icecast2
     fi
     ##### end special extra stuff #####