mainly changes to keep systems up to date

[distro-setup] / conflink

#!/bin/bash

source /a/bin/errhandle/err
_errcatch_cleanup() {
  echo 1 >~/.local/conflink
}


usage() {
  cat <<EOF
Usage: ${0##*/} [OPTIONS]
Link or otherwise install configuration files.

-f   For fast. Dont use lnf, use ln -sf. Good for updating existing files.
EOF
  exit $1
}


m() {
  echo "$*"
  "$@"
}
s() { sudo "$@"; }

lnf() { /a/exe/lnf "$@"; }
if [[ $1 == -f ]]; then
  lnf() { ln -sf "$@"; }
fi

shopt -s nullglob
shopt -s extglob
shopt -s dotglob

# If we make a link back to the root, we stop going deeper into subdir_files.
# This makes it so we can do subdir directories.
#
# Also note, under filesystem/, symlinks are expanded.

subdir-link-r() {
  local root="$1"
  local targets=()
  if [[ $2 ]]; then
    targets=( "$2"/!(.git|..|.) )
  else
    for f in "$1"/!(.git|..|.); do
      if [[ -d $f ]]; then targets+=("$f"); fi
    done
  fi
  local below
  below="$( readlink -f "$root/..")"
  for path in "${targets[@]}"; do
    local fullpath
    fullpath="$(readlink -f "$path")"
    #e $fullpath $below # debug
    if [[ -f $path || $(dirname $(readlink -f "$fullpath")) == "$below" ]]; then
      m lnf -T "$path" "$HOME/${path#$root/}"
    elif [[ -d "$path" ]]; then
      subdir-link-r "$root" "$path"
    fi
  done
}



common-file-setup() {
  local dir fs x f
  for dir in "$@"; do
    fs=$dir/filesystem
    if [[ -e $fs && $user =~ ^iank?$ ]]; then
      # note, symlinks get resolved, not copied.
      s tar --mode=g-s --owner=0 --group=0 -cz -C $fs . | s tar -xz -C /
    fi

    if [[ -e $dir/subdir_files ]]; then
      m subdir-link-r $dir/subdir_files
    fi
    local x=( $dir/!(binds|subdir_files|filesystem|machine_specific|..|.) )
    (( ${#x[@]} >= 1 )) || continue
    m lnf ${x[@]} ~
  done
}

user=$(id -un)
all_dirs=({/a/bin/ds,/p/c}{,/machine_specific/$HOSTNAME})
# note, we assume a group of hosts does not have the
# same name as a single host, which is no problem on our scale.
for x in /p/c/machine_specific/*.hosts /a/bin/ds/machine_specific/*.hosts; do
  if grep -qxF $HOSTNAME $x; then all_dirs+=( ${x%.hosts} ); fi
done

c_dirs=(/a/c{,/machine_specific/$HOSTNAME})
case $user in
  iank)
    files=(/p/c/machine_specific/*/filesystem/etc/ssh/*_key
           /p/c/filesystem/etc/openvpn/client/*.key
           /p/c/filesystem/etc/openvpn/easy-rsa/keys/*.key
           /p/c/machine_specific/kw/filesystem/etc/openvpn/client/*.key
          )
    if [[ -e ${files[0]} ]]; then
      chmod 600 ${files[@]}
    fi
    # p needs to go first so .ssh link is created, then config link inside it
    m common-file-setup ${all_dirs[@]}

    #### begin special extra stuff ####
    install -d -m700 ~/gpg-agent-socket

    f=/var/lib/bind
    if [[ -e $f ]]; then
      # reset to the original permissions.
      m s chgrp -R bind $f
      m s chmod g+w $f
    fi
    sudo bash -c 'shopt -s nullglob; for f in /etc/bind/*.key /etc/bind/*.private /etc/bind/key.*; do chgrp bind $f; done'
    if [[ -e /etc/davpass ]] && getent group www-data &>/dev/null; then
      s chgrp www-data /etc/davpass
    fi
    if [[ -e /var/lib/znc ]] && getent group znc; then
      s chown -R znc:znc /var/lib/znc
    fi
    /a/exe/lnf -T /p/arbtt-capture.log ~/.arbtt/capture.log
    f=/etc/prometheus-htpasswd
    if [[ -e $f ]]; then
      s chmod 640 $f /etc/prometheus-pass
      s chown root:www-data $f
      if getent passwd prometheus; then
        s chown root:prometheus /etc/prometheus-pass
      fi
    fi

    ##### end special extra stuff #####

    if [[ -e /etc/openvpn ]]; then
      sudo bash -c 'shopt -s nullglob && cd /etc/openvpn && for f in client/* server/*; do ln -sf $f .; done'
    fi

    m sudo -H -u user2 "${BASH_SOURCE[0]}"
    ;;
  user2)
    m common-file-setup ${c_dirs[@]}
    ;;
  *)
    echo "$0: error: unexpected user"; exit 1
    ;;
esac

echo 0 >~/.local/conflink