iankelling.org Git - distro-setup/blob - conflink

   1 #!/bin/bash
   2
   3 source /a/bin/errhandle/err
   4 _errcatch_cleanup() {
   5   echo 1 >~/.local/conflink
   6 }
   7
   8
   9 usage() {
  10   cat <<EOF
  11 Usage: ${0##*/} [OPTIONS]
  12 Link or otherwise install configuration files.
  13
  14 -f   For fast. Dont use lnf, use ln -sf. Good for updating existing files.
  15 EOF
  16   exit $1
  17 }
  18
  19
  20 m() {
  21   echo "$*"
  22   "$@"
  23 }
  24 s() { sudo "$@"; }
  25
  26 lnf() { /a/exe/lnf "$@"; }
  27 now=$(date +%s)
  28
  29 # error prone
  30 #f=~/.local/conflink
  31 # fast=false
  32 # if [[ -e $f ]] && (( $(stat -c %Y $f) > $now - 60*60*24 )); then
  33 #   fast=true
  34 # fi
  35 if [[ $1 == -f ]]; then # f for fast
  36   fast=true
  37   shift
  38 elif
  39   [[ $1 ]]; then
  40   echo "error: unrecognized arguments" >&2
  41   exit 0
  42 fi
  43
  44 if $fast; then
  45   lnf() { ln -sf "$@"; }
  46 fi
  47
  48 shopt -s nullglob
  49 shopt -s extglob
  50 shopt -s dotglob
  51
  52 # If we make a link back to the root, we stop going deeper into subdir_files.
  53 # This makes it so we can do subdir directories.
  54 #
  55 # Also note, under filesystem/, symlinks are expanded.
  56
  57 subdir-link-r() {
  58   local root="$1"
  59   local targets=()
  60   if [[ $2 ]]; then
  61     targets=( "$2"/!(.git|..|.) )
  62   else
  63     for f in "$1"/!(.git|..|.); do
  64       if [[ -d $f ]]; then targets+=("$f"); fi
  65     done
  66   fi
  67   local below
  68   below="$( readlink -f "$root/..")"
  69   for path in "${targets[@]}"; do
  70     local fullpath
  71     fullpath="$(readlink -f "$path")"
  72     #e $fullpath $below # debug
  73     if [[ -f $path || $(dirname $(readlink -f "$fullpath")) == "$below" ]]; then
  74       m lnf -T "$path" "$HOME/${path#$root/}"
  75     elif [[ -d "$path" ]]; then
  76       subdir-link-r "$root" "$path"
  77     fi
  78   done
  79 }
  80
  81
  82 common-file-setup() {
  83   local dir fs x f systemd_reload
  84   systemd_reload=false
  85   for dir in "$@"; do
  86     fs=$dir/filesystem
  87     if [[ -e $fs && $user =~ ^iank?$ ]]; then
  88       # this could be done with rsync, something like this,
  89       # but I haven't looked at the symlinks.
  90       # s rsync -n -ahviSAXPH --specials --devices --chown=root:root --chmod=g-s $fs /
  91       # note, symlinks get resolved, not copied.
  92       if s tar --mode=g-s --owner=0 --group=0 -cz -C $fs . | s tar -dz -C / | grep /etc/systemd &>/dev/null; then
  93         systemd_reload=true
  94       fi
  95       s tar --mode=g-s --owner=0 --group=0 -cz -C $fs . | s tar -xz -C /
  96     fi
  97
  98     if [[ -e $dir/subdir_files ]]; then
  99       m subdir-link-r $dir/subdir_files
 100     fi
 101     local x=( $dir/!(binds|subdir_files|filesystem|machine_specific|..|.) )
 102     (( ${#x[@]} >= 1 )) || continue
 103     m lnf ${x[@]} ~
 104   done
 105   if $systemd_reload; then
 106     m s systemctl daemon-reload
 107   fi
 108 }
 109
 110 user=$(id -un)
 111 all_dirs=({/a/bin/ds,/p/c}{,/machine_specific/$HOSTNAME})
 112 # note, we assume a group of hosts does not have the
 113 # same name as a single host, which is no problem on our scale.
 114 for x in /p/c/machine_specific/*.hosts /a/bin/ds/machine_specific/*.hosts; do
 115   if grep -qxF $HOSTNAME $x; then all_dirs+=( ${x%.hosts} ); fi
 116 done
 117
 118 c_dirs=(/a/c{,/machine_specific/$HOSTNAME})
 119 case $user in
 120   iank)
 121     files=(/p/c/machine_specific/*/filesystem/etc/ssh/*_key
 122            /p/c/filesystem/etc/openvpn/client/*.key
 123            /p/c/filesystem/etc/openvpn/easy-rsa/keys/*.key
 124            /p/c/machine_specific/kw/filesystem/etc/openvpn/client/*.key
 125           )
 126     if [[ -e ${files[0]} ]]; then
 127       chmod 600 ${files[@]}
 128     fi
 129     # p needs to go first so .ssh link is created, then config link inside it
 130     m common-file-setup ${all_dirs[@]}
 131
 132     #### begin special extra stuff ####
 133     install -d -m700 ~/gpg-agent-socket
 134
 135     f=/var/lib/bind
 136     if [[ -e $f ]]; then
 137       # reset to the original permissions.
 138       m s chgrp -R bind $f
 139       m s chmod g+w $f
 140     fi
 141     sudo bash -c 'shopt -s nullglob; for f in /etc/bind/*.key /etc/bind/*.private /etc/bind/key.*; do chgrp bind $f; done'
 142     if [[ -e /etc/davpass ]] && getent group www-data &>/dev/null; then
 143       s chgrp www-data /etc/davpass
 144     fi
 145     if [[ -e /var/lib/znc ]] && getent group znc; then
 146       s chown -R znc:znc /var/lib/znc
 147     fi
 148     /a/exe/lnf -T /p/arbtt-capture.log ~/.arbtt/capture.log
 149     f=/etc/prometheus-htpasswd
 150     if [[ -e $f ]]; then
 151       s chmod 640 $f /etc/prometheus-pass
 152       s chown root:www-data $f
 153       if getent passwd prometheus; then
 154         s chown root:prometheus /etc/prometheus-pass
 155       fi
 156     fi
 157
 158     ##### end special extra stuff #####
 159
 160     if [[ -e /etc/openvpn ]]; then
 161       sudo bash -c 'shopt -s nullglob && cd /etc/openvpn && for f in client/* server/*; do ln -sf $f .; done'
 162     fi
 163
 164     m sudo -H -u user2 "${BASH_SOURCE[0]}"
 165
 166     f=/a/bin/distro-setup/system-status
 167     if [[ -x $f ]]; then
 168       $f _
 169     fi
 170     echo 0 >~/.local/conflink
 171
 172     ;;
 173   user2)
 174     m common-file-setup ${c_dirs[@]}
 175     ;;
 176   *)
 177     echo "$0: error: unexpected user"; exit 1
 178     ;;
 179 esac