X-Git-Url: https://iankelling.org/git/?a=blobdiff_plain;f=conflink;h=e5cf3fbfda0d599f60c24435b8de356203831d8e;hb=563cc41a1f3ddb95bedf595cc249f53aea6629c1;hp=e53605e2ae884abf341b7e7edd73ac579ba7d585;hpb=56c55d8e02cdd6ec67d2fe53cc03785d8876442e;p=distro-setup diff --git a/conflink b/conflink index e53605e..e5cf3fb 100755 --- a/conflink +++ b/conflink @@ -12,33 +12,62 @@ Usage: ${0##*/} [OPTIONS] Link or otherwise install configuration files. -f For fast. Dont use lnf, use ln -sf. Good for updating existing files. +-v Verbose show all the files getting linked and whatnot. EOF exit $1 } +s() { sudo "$@"; } m() { + "$@" +} +v() { echo "$*" "$@" } -s() { sudo "$@"; } lnf() { /a/exe/lnf "$@"; } + + +##### begin command line parsing ######## + +# ensure we can handle args with spaces or empty. +ret=0; getopt -T || ret=$? +[[ $ret == 4 ]] || { echo "Install util-linux for enhanced getopt" >&2; exit 1; } + fast=false -if [[ $1 == -f ]]; then # f for fast - fast=true +verbose=false +temp=$(getopt -l help hvf "$@") || usage 1 +eval set -- "$temp" +while true; do + case $1 in + -v) verbose=true ;; + -f) fast=true ;; + -h|--help) usage ;; + --) shift; break ;; + *) echo "$0: unexpected args: $*" >&2 ; usage 1 ;; + esac shift -elif - [[ $1 ]]; then - echo "error: unrecognized arguments" >&2 - exit 0 -fi +done +readonly fast verbose + +##### end command line parsing ######## + +tmpf=$(mktemp) if $fast; then lnf() { ln -sf "$@"; } fi +if $verbose; then + m() { + echo "$*" + "$@" + } +fi + shopt -s nullglob shopt -s extglob shopt -s dotglob @@ -78,26 +107,29 @@ common-file-setup() { local -a reload_services local -a restart_services reload_systemd=false + # note, i ran chmod -R g-s on the filesystem dirs + # so i could keep permissions of secret files for dir in "$@"; do fs=$dir/filesystem if [[ -e $fs && $user =~ ^iank?$ ]]; then # we dont want t, instead c for checksum. # That way we dont set times on directories. # -a = -rlptgoD - cmd=( s rsync -rclpgoDiSAX --chown=root:root --chmod=g-s + cmd=( s rsync -rclpgoDiSAX --chown=root:root --exclude=/etc/dovecot/users --exclude='/etc/exim4/passwd*' --exclude='/etc/exim4/*.pem' $fs/ / ) echo "${cmd[@]@Q}" + "${cmd[@]}" | tee $tmpf while read -r line; do file="${line:12}" case $file in - etc/prometheus/rules/iank.yml) + etc/prometheus/rules/iank.yml|etc/prometheus/prometheus.yml) case $HOSTNAME in kd) if systemctl is-active prometheus &>/dev/null; then - m s systemctl reload prometheus + v s systemctl reload prometheus fi ;; esac @@ -119,7 +151,7 @@ common-file-setup() { # A = preserve acls # X = preserve extended attributes # i = itemize - done < <("${cmd[@]}") + done <$tmpf fi if ! $fast && [[ -e $dir/subdir_files ]]; then @@ -130,11 +162,11 @@ common-file-setup() { m lnf ${x[@]} ~ done if $reload_systemd; then - m s systemctl daemon-reload + v s systemctl daemon-reload fi for service in ${restart_services[@]}; do if systemctl is-active $service >/dev/null; then - m s systemctl restart $service + v s systemctl restart $service fi done } @@ -155,8 +187,8 @@ case $user in for t in systemstatus epanicclean btrfsmaintstop dynamicipupdate; do f=/etc/systemd/system/$t.timer if [[ -e $f ]]; then - s systemctl stop $t.timer - s systemctl disable $t.timer + v systemctl stop $t.timer + v systemctl disable $t.timer s rm -fv $f reload_systemd=true fi @@ -165,7 +197,10 @@ case $user in if [[ -e /etc/cron.daily/check-lets-encrypt-ssl-settings ]]; then m s rm -f /etc/cron.daily/check-lets-encrypt-ssl-settings fi - + # conversion from whole folder subdir to individual files. + if [[ -L /home/iank/.config/copyq ]]; then + rm -fv /home/iank/.config/copyq + fi /a/bin/ds/install-my-scripts files=(/p/c/machine_specific/*/filesystem/etc/ssh/*_key @@ -182,13 +217,17 @@ case $user in #### begin special extra stuff #### install -d -m700 ~/gpg-agent-socket + if [[ -e /etc/bitcoin ]] && getent group bitcoin &>/dev/null; then + s chown bitcoin:bitcoin /etc/bitcoin + fi + f=/var/lib/bind if [[ -e $f ]]; then # reset to the original permissions. m s chgrp -R bind $f m s chmod g+w $f fi - sudo bash -c 'shopt -s nullglob; for f in /etc/bind/*.key /etc/bind/*.private /etc/bind/key.*; do chgrp bind $f; done' + s bash -c 'shopt -s nullglob; for f in /etc/bind/*.key /etc/bind/*.private /etc/bind/key.*; do chgrp bind $f; done' if [[ -e /etc/caldav-htpasswd ]] && getent group www-data &>/dev/null; then s chgrp www-data /etc/caldav-htpasswd fi @@ -197,6 +236,7 @@ case $user in fi for f in /etc/prometheus-{,export-}htpasswd; do if [[ -e $f ]]; then + # note: this is duplicative of the file's own permissions s chmod 640 $f if getent passwd www-data &>/dev/null; then s chown root:www-data $f @@ -206,15 +246,29 @@ case $user in f=/etc/prometheus-pass if [[ -e $f ]]; then # note: this is duplicative of the file's own permissions - s chmod 640 $f /etc/prometheus-pass + s chmod 640 $f if getent passwd prometheus &>/dev/null; then s chown root:prometheus $f fi fi + f=/etc/nagios4/htdigest.users + if [[ -e $f ]]; then + # note: this is duplicative of the file's own permissions + s chmod 640 $f /etc/prometheus-pass + if getent passwd nagios &>/dev/null; then + s chown nagios:www-data $f + fi + fi + f=/var/lib/bitcoind/settings.json + if [[ -e $f ]]; then + if getent passwd bitcoin &>/dev/null; then + s chown bitcoin:bitcoin $f + fi + fi ##### end special extra stuff ##### if ! $fast; then - m sudo -H -u user2 "${BASH_SOURCE[0]}" + m s -H -u user2 "${BASH_SOURCE[0]}" fi f=/a/bin/distro-setup/system-status