X-Git-Url: https://iankelling.org/git/?a=blobdiff_plain;f=conflink;h=f62de8b454c20da5f6867abb02e347c7dd80688c;hb=d454ba0f3f94d45af71e5a1e72a1bbcb63211645;hp=5ac563919661527a7242f42a60b7f37640064662;hpb=4f13ea60bec1126f54b9da543b549d29d5013a69;p=distro-setup

diff --git a/conflink b/conflink
index 5ac5639..f62de8b 100755
--- a/conflink
+++ b/conflink
@@ -11,7 +11,8 @@ lnf() { /a/exe/lnf "$@"; }
 
 
 shopt -s nullglob
-shopt -s extglob # note, already set with bash -l
+shopt -s extglob
+shopt -s dotglob
 
 # If we make a link back to the root, we stop going deeper into subdir_files.
 # This makes it so we can do subdir directories.
@@ -63,25 +64,34 @@ common-file-setup() {
 all_dirs=({/a/c,/p/c}{,/machine_specific/$HOSTNAME})
 # note, we assume a group of hosts does not have the
 # same name as a single host, which is no problem on our scale.
-for x in /p/c/machine_specific/*.hosts; do
+for x in /p/c/machine_specific/*.hosts /a/bin/ds/machine_specific/*.hosts; do
   if grep -qxF $HOSTNAME $x; then all_dirs+=( ${x%.hosts} ); fi
 done
 
 c_dirs=(/a/c{,/machine_specific/$HOSTNAME})
 case $USER in
-  ian|iank)
+  iank)
+    files=(/p/c/machine_specific/*/filesystem/etc/ssh/*_key
+           /p/c/filesystem/etc/openvpn/client/*.key
+           /p/c/filesystem/etc/openvpn/easy-rsa/keys/*.key
+           /p/c/machine_specific/kw/filesystem/etc/openvpn/client/*.key
+          )
+    if [[ -e $files ]]; then
+      chmod 600 ${files[@]}
+    fi
     # p needs to go first so .ssh link is created, then config link inside it
     m common-file-setup ${all_dirs[@]}
 
     #### begin special extra stuff ####
     install -d -m700 ~/gpg-agent-socket
 
-    files=(/var/lib/bind)
-    if [[ -e $files ]]; then
+    f=/var/lib/bind
+    if [[ -e $f ]]; then
       # reset to the original permissions.
-      m s chgrp -R bind ${files[@]}
-      m s chmod g+w ${files[@]}
+      m s chgrp -R bind $f
+      m s chmod g+w $f
     fi
+    sudo bash -c 'shopt -s nullglob; for f in /etc/bind/*.key /etc/bind/*.private /etc/bind/key.*; do chgrp bind $f; done'
     if [[ -e /etc/davpass ]] && getent group www-data &>/dev/null; then
       s chgrp www-data /etc/davpass
     fi
@@ -89,14 +99,22 @@ case $USER in
       s chown -R znc:znc /var/lib/znc
     fi
     /a/exe/lnf -T /p/arbtt-capture.log ~/.arbtt/capture.log
+    f=/etc/prometheus-htpasswd
+    if [[ -e $f ]]; then
+      s chmod 640 $f /etc/prometheus-pass
+      s chown root:www-data $f
+      if getent passwd prometheus; then
+        s chown root:prometheus /etc/prometheus-pass
+      fi
+    fi
+
     ##### end special extra stuff #####
 
-    sudo bash -c 'cd /etc/openvpn; for f in client/* server/*; do ln -sf $f .; done'
-    sudo bash -c 'cd /etc/openvpn; for f in server/*.key client/*.key; do chmod 600 $f; done'
+    sudo bash -c 'shopt -s nullglob; cd /etc/openvpn; for f in client/* server/*; do ln -sf $f .; done'
 
-    m sudo -H -u traci "$BASH_SOURCE"
+    m sudo -H -u user2 "$BASH_SOURCE"
     ;;
-  traci)
+  user2)
     m common-file-setup ${c_dirs[@]}
     ;;
   *)