iankelling.org Git - distro-setup/blob - conflink

   1 #!/bin/bash
   2
   3 source /a/bin/errhandle/err
   4
   5 m() {
   6   echo "$*"
   7   "$@"
   8 }
   9 s() { sudo "$@"; }
  10 lnf() { /a/exe/lnf "$@"; }
  11
  12
  13 shopt -s nullglob
  14 shopt -s extglob
  15 shopt -s dotglob
  16
  17 # If we make a link back to the root, we stop going deeper into subdir_files.
  18 # This makes it so we can do subdir directories.
  19 #
  20 # Also note, under filesystem/, symlinks are expanded.
  21
  22 subdir-link-r() {
  23   local root="$1"
  24   local targets=()
  25   if [[ $2 ]]; then
  26     targets=( "$2"/!(.git|..|.) )
  27   else
  28     for f in "$1"/!(.git|..|.); do
  29       [[ -d $f ]] && targets+=("$f") ||:
  30     done
  31   fi
  32   local below="$( readlink -f "$root/..")"
  33   for path in "${targets[@]}"; do
  34     local fullpath="$(readlink -f "$path")"
  35     #e $fullpath $below # debug
  36     if [[ -f $path || $(dirname $(readlink -f "$fullpath")) == "$below" ]]; then
  37       m lnf -T "$path" "$HOME/${path#$root/}"
  38     elif [[ -d "$path" ]]; then
  39       subdir-link-r "$root" "$path"
  40     fi
  41   done
  42 }
  43
  44
  45
  46 common-file-setup() {
  47   local dir fs x bdir f dst
  48   for dir in "$@"; do
  49     fs=$dir/filesystem
  50     if [[ -e $fs && $user =~ ^iank?$ ]]; then
  51       # note, symlinks get resolved, not copied.
  52       s tar --mode=g-s --owner=0 --group=0 -cz -C $fs . | s tar -xz -C /
  53     fi
  54
  55     if [[ -e $dir/subdir_files ]]; then
  56       m subdir-link-r $dir/subdir_files
  57     fi
  58     local x=( $dir/!(binds|subdir_files|filesystem|machine_specific|..|.) )
  59     (( ${#x[@]} >= 1 )) || continue
  60     m lnf ${x[@]} ~
  61   done
  62 }
  63
  64 user=$(id -un)
  65 all_dirs=({/a/c,/p/c}{,/machine_specific/$HOSTNAME})
  66 # note, we assume a group of hosts does not have the
  67 # same name as a single host, which is no problem on our scale.
  68 for x in /p/c/machine_specific/*.hosts /a/bin/ds/machine_specific/*.hosts; do
  69   if grep -qxF $HOSTNAME $x; then all_dirs+=( ${x%.hosts} ); fi
  70 done
  71
  72 c_dirs=(/a/c{,/machine_specific/$HOSTNAME})
  73 case $user in
  74   iank)
  75     files=(/p/c/machine_specific/*/filesystem/etc/ssh/*_key
  76            /p/c/filesystem/etc/openvpn/client/*.key
  77            /p/c/filesystem/etc/openvpn/easy-rsa/keys/*.key
  78            /p/c/machine_specific/kw/filesystem/etc/openvpn/client/*.key
  79           )
  80     if [[ -e $files ]]; then
  81       chmod 600 ${files[@]}
  82     fi
  83     # p needs to go first so .ssh link is created, then config link inside it
  84     m common-file-setup ${all_dirs[@]}
  85
  86     #### begin special extra stuff ####
  87     install -d -m700 ~/gpg-agent-socket
  88
  89     f=/var/lib/bind
  90     if [[ -e $f ]]; then
  91       # reset to the original permissions.
  92       m s chgrp -R bind $f
  93       m s chmod g+w $f
  94     fi
  95     sudo bash -c 'shopt -s nullglob; for f in /etc/bind/*.key /etc/bind/*.private /etc/bind/key.*; do chgrp bind $f; done'
  96     if [[ -e /etc/davpass ]] && getent group www-data &>/dev/null; then
  97       s chgrp www-data /etc/davpass
  98     fi
  99     if [[ -e /var/lib/znc ]] && getent group znc; then
 100       s chown -R znc:znc /var/lib/znc
 101     fi
 102     /a/exe/lnf -T /p/arbtt-capture.log ~/.arbtt/capture.log
 103     f=/etc/prometheus-htpasswd
 104     if [[ -e $f ]]; then
 105       s chmod 640 $f /etc/prometheus-pass
 106       s chown root:www-data $f
 107       if getent passwd prometheus; then
 108         s chown root:prometheus /etc/prometheus-pass
 109       fi
 110     fi
 111
 112     ##### end special extra stuff #####
 113
 114     sudo bash -c 'shopt -s nullglob; cd /etc/openvpn; for f in client/* server/*; do ln -sf $f .; done'
 115
 116     m sudo -H -u user2 "$BASH_SOURCE"
 117     ;;
 118   user2)
 119     m common-file-setup ${c_dirs[@]}
 120     ;;
 121   *)
 122     echo "$0: error: unexpected user"; exit 1
 123     ;;
 124 esac