X-Git-Url: https://iankelling.org/git/?a=blobdiff_plain;f=conflink;h=e20da6e94f743b607aac6a17553591ca569e6f00;hb=dc34d23c63cd83a7cc7a79525445aad3293c7241;hp=b045711f75dc04cf9ed7033b0137043a1c1437e8;hpb=774fe9ab8c8d5c71614feda5a283b4a91fb3f145;p=distro-setup

diff --git a/conflink b/conflink
index b045711..e20da6e 100755
--- a/conflink
+++ b/conflink
@@ -18,10 +18,10 @@ EOF
 }
 
 
+s() { sudo "$@"; }
 m() {
   "$@"
 }
-s() { sudo "$@"; }
 v() {
   echo "$*"
   "$@"
@@ -56,6 +56,7 @@ readonly fast verbose
 ##### end command line parsing ########
 
 
+tmpf=$(mktemp)
 if $fast; then
   lnf() { ln -sf "$@"; }
 fi
@@ -103,21 +104,23 @@ subdir-link-r() {
 
 common-file-setup() {
   local dir fs x f reload_systemd
-  local -a reload_services
   local -a restart_services
   reload_systemd=false
+  # note, i ran chmod -R g-s on the filesystem dirs
+  # so i could keep permissions of secret files
   for dir in "$@"; do
     fs=$dir/filesystem
     if [[ -e $fs && $user =~ ^iank?$ ]]; then
       # we dont want t, instead c for checksum.
       # That way we dont set times on directories.
       # -a = -rlptgoD
-      cmd=( s rsync -rclpgoDiSAX --chown=root:root --chmod=g-s
+      cmd=( s rsync -rclpgoDiSAX --chmod=Dg-s --chown=root:root
             --exclude=/etc/dovecot/users
             --exclude='/etc/exim4/passwd*'
             --exclude='/etc/exim4/*.pem'
             $fs/ / )
-      m "${cmd[@]@Q}"
+      echo "${cmd[@]@Q}"
+      "${cmd[@]}" | tee $tmpf
       while read -r line; do
         file="${line:12}"
         case $file in
@@ -147,7 +150,7 @@ common-file-setup() {
         # A = preserve acls
         # X = preserve extended attributes
         # i = itemize
-      done < <("${cmd[@]}")
+      done <$tmpf
     fi
 
     if ! $fast && [[ -e $dir/subdir_files ]]; then
@@ -219,33 +222,33 @@ case $user in
       m s chgrp -R bind $f
       m s chmod g+w $f
     fi
-    sudo bash -c 'shopt -s nullglob; for f in /etc/bind/*.key /etc/bind/*.private /etc/bind/key.*; do chgrp bind $f; done'
+    s bash -c 'shopt -s nullglob; for f in /etc/bind/*.key /etc/bind/*.private /etc/bind/key.*; do chgrp bind $f; done'
     if [[ -e /etc/caldav-htpasswd ]] && getent group www-data &>/dev/null; then
       s chgrp www-data /etc/caldav-htpasswd
     fi
     if [[ -e /var/lib/znc ]] && getent group znc; then
       s chown -R znc:znc /var/lib/znc
     fi
-    for f in /etc/prometheus-{,export-}htpasswd; do
-      if [[ -e $f ]]; then
-        s chmod 640 $f
-        if getent passwd www-data &>/dev/null; then
-          s chown root:www-data $f
-        fi
-      fi
-    done
-    f=/etc/prometheus-pass
-    if [[ -e $f ]]; then
-      # note: this is duplicative of the file's own permissions
-      s chmod 640 $f /etc/prometheus-pass
+    if [[ -e /p/c/user-specific ]]; then
       if getent passwd prometheus &>/dev/null; then
-        s chown root:prometheus $f
+        v s rsync -clpgoDiSAX --chmod=Dg-s --chown=root:prometheus /p/c/user-specific/prometheus/prometheus-pass /etc
+        v s rsync -clpgoDiSAX --chmod=Dg-s --chown=root:prometheus /p/c/user-specific/prometheus/prometheus/ssl/* /etc/prometheus/ssl
+      fi
+      if getent passwd www-data &>/dev/null; then
+        v s rsync -clpgoDiSAX --chmod=Dg-s --chown=root:www-data /p/c/user-specific/www-data/* /etc
       fi
     fi
+
+    if [[ -d /var/lib/bitcoind && -d /p/c/user-specific/bitcoin ]]; then
+      s rsync -clpgoDiSAX --chmod=Dg-s --chown=bitcoin:bitcoin /p/c/user-specific/bitcoin/settings.json /var/lib/bitcoind
+      # i'm not sure of the perfect permissions here, but
+      # 640 seems good.
+      s rsync -rclpgoDiSAX --chmod=Dg-s --chown=root:bitcoin /p/c/user-specific/bitcoin/bitcoin /etc
+    fi
     ##### end special extra stuff #####
 
     if ! $fast; then
-      m sudo -H -u user2 "${BASH_SOURCE[0]}"
+      m s -H -u user2 "${BASH_SOURCE[0]}"
     fi
 
     f=/a/bin/distro-setup/system-status