iankelling.org Git - distro-setup/blob - conflink

   1 #!/bin/bash
   2
   3 source /a/bin/errhandle/err
   4 _errcatch_cleanup() {
   5   echo 1 >~/.local/conflink
   6 }
   7
   8
   9 usage() {
  10   cat <<EOF
  11 Usage: ${0##*/} [OPTIONS]
  12 Link or otherwise install configuration files.
  13
  14 -f   For fast. Dont use lnf, use ln -sf. Good for updating existing files.
  15 EOF
  16   exit $1
  17 }
  18
  19
  20 m() {
  21   echo "$*"
  22   "$@"
  23 }
  24 s() { sudo "$@"; }
  25
  26 lnf() { /a/exe/lnf "$@"; }
  27
  28 # error prone
  29 #f=~/.local/conflink
  30 # fast=false
  31 # if [[ -e $f ]] && (( $(stat -c %Y $f) > $now - 60*60*24 )); then
  32 #   fast=true
  33 # fi
  34 if [[ $1 == -f ]]; then # f for fast
  35   fast=true
  36   shift
  37 elif
  38   [[ $1 ]]; then
  39   echo "error: unrecognized arguments" >&2
  40   exit 0
  41 fi
  42
  43 if $fast; then
  44   lnf() { ln -sf "$@"; }
  45 fi
  46
  47 shopt -s nullglob
  48 shopt -s extglob
  49 shopt -s dotglob
  50
  51 # If we make a link back to the root, we stop going deeper into subdir_files.
  52 # This makes it so we can do subdir directories.
  53 #
  54 # Also note, under filesystem/, symlinks are expanded.
  55
  56 subdir-link-r() {
  57   local root="$1"
  58   local targets=()
  59   if [[ $2 ]]; then
  60     targets=( "$2"/!(.git|..|.) )
  61   else
  62     for f in "$1"/!(.git|..|.); do
  63       if [[ -d $f ]]; then targets+=("$f"); fi
  64     done
  65   fi
  66   local below
  67   below="$( readlink -f "$root/..")"
  68   for path in "${targets[@]}"; do
  69     local fullpath
  70     fullpath="$(readlink -f "$path")"
  71     #e $fullpath $below # debug
  72     if [[ -f $path || $(dirname $(readlink -f "$fullpath")) == "$below" ]]; then
  73       m lnf -T "$path" "$HOME/${path#$root/}"
  74     elif [[ -d "$path" ]]; then
  75       subdir-link-r "$root" "$path"
  76     fi
  77   done
  78 }
  79
  80
  81 common-file-setup() {
  82   local dir fs x f systemd_reload
  83   systemd_reload=false
  84   for dir in "$@"; do
  85     fs=$dir/filesystem
  86     if [[ -e $fs && $user =~ ^iank?$ ]]; then
  87       # this could be done with rsync, something like this,
  88       # but I haven't looked at the symlinks.
  89       # s rsync -n -ahviSAXPH --specials --devices --chown=root:root --chmod=g-s $fs /
  90       # note, symlinks get resolved, not copied.
  91       if s tar --anchored \
  92            --exclude etc/dovecot/users \
  93            --exclude etc/exim4/passwd \
  94            --exclude etc/exim4/*.pem \
  95            --mode=g-s --owner=0 --group=0 -cz -C $fs . | s tar -dz -C / | grep /etc/systemd &>/dev/null; then
  96         systemd_reload=true
  97       fi
  98     fi
  99
 100     if [[ -e $dir/subdir_files ]]; then
 101       m subdir-link-r $dir/subdir_files
 102     fi
 103     local x=( $dir/!(binds|subdir_files|filesystem|machine_specific|..|.) )
 104     (( ${#x[@]} >= 1 )) || continue
 105     m lnf ${x[@]} ~
 106   done
 107   if $systemd_reload; then
 108     m s systemctl daemon-reload
 109   fi
 110 }
 111
 112 user=$(id -un)
 113 all_dirs=({/a/bin/ds,/p/c}{,/machine_specific/$HOSTNAME})
 114 # note, we assume a group of hosts does not have the
 115 # same name as a single host, which is no problem on our scale.
 116 for x in /p/c/machine_specific/*.hosts /a/bin/ds/machine_specific/*.hosts; do
 117   if grep -qxF $HOSTNAME $x; then all_dirs+=( ${x%.hosts} ); fi
 118 done
 119
 120 c_dirs=(/a/c{,/machine_specific/$HOSTNAME})
 121 case $user in
 122   iank)
 123     files=(/p/c/machine_specific/*/filesystem/etc/ssh/*_key
 124            /p/c/filesystem/etc/openvpn/client/*.key
 125            /p/c/filesystem/etc/openvpn/easy-rsa/keys/*.key
 126            /p/c/machine_specific/kw/filesystem/etc/openvpn/client/*.key
 127           )
 128     if [[ -e ${files[0]} ]]; then
 129       chmod 600 ${files[@]}
 130     fi
 131     # p needs to go first so .ssh link is created, then config link inside it
 132     m common-file-setup ${all_dirs[@]}
 133
 134     #### begin special extra stuff ####
 135     install -d -m700 ~/gpg-agent-socket
 136
 137     f=/var/lib/bind
 138     if [[ -e $f ]]; then
 139       # reset to the original permissions.
 140       m s chgrp -R bind $f
 141       m s chmod g+w $f
 142     fi
 143     sudo bash -c 'shopt -s nullglob; for f in /etc/bind/*.key /etc/bind/*.private /etc/bind/key.*; do chgrp bind $f; done'
 144     if [[ -e /etc/davpass ]] && getent group www-data &>/dev/null; then
 145       s chgrp www-data /etc/davpass
 146     fi
 147     if [[ -e /var/lib/znc ]] && getent group znc; then
 148       s chown -R znc:znc /var/lib/znc
 149     fi
 150     /a/exe/lnf -T /p/arbtt-capture.log ~/.arbtt/capture.log
 151     f=/etc/prometheus-htpasswd
 152     if [[ -e $f ]]; then
 153       s chmod 640 $f /etc/prometheus-pass
 154       s chown root:www-data $f
 155       if getent passwd prometheus; then
 156         s chown root:prometheus /etc/prometheus-pass
 157       fi
 158     fi
 159
 160     ##### end special extra stuff #####
 161
 162     if [[ -e /etc/openvpn ]]; then
 163       sudo bash -c 'shopt -s nullglob && cd /etc/openvpn && for f in client/* server/*; do ln -sf $f .; done'
 164     fi
 165
 166     m sudo -H -u user2 "${BASH_SOURCE[0]}"
 167
 168     f=/a/bin/distro-setup/system-status
 169     if [[ -x $f ]]; then
 170       $f _
 171     fi
 172     echo 0 >~/.local/conflink
 173
 174     ;;
 175   user2)
 176     m common-file-setup ${c_dirs[@]}
 177     ;;
 178   *)
 179     echo "$0: error: unexpected user"; exit 1
 180     ;;
 181 esac