iankelling.org Git - distro-setup/blob - conflink

   1 #!/bin/bash
   2
   3 source /a/bin/errhandle/err
   4 err-cleanup() {
   5   echo 1 >~/.local/conflink
   6 }
   7
   8
   9 usage() {
  10   cat <<EOF
  11 Usage: ${0##*/} [OPTIONS]
  12 Link or otherwise install configuration files.
  13
  14 -f   For fast. Dont use lnf, use ln -sf. Good for updating existing files.
  15 EOF
  16   exit $1
  17 }
  18
  19
  20 m() {
  21   echo "$*"
  22   "$@"
  23 }
  24 s() { sudo "$@"; }
  25
  26 lnf() { /a/exe/lnf "$@"; }
  27
  28 fast=false
  29 if [[ $1 == -f ]]; then # f for fast
  30   fast=true
  31   shift
  32 elif
  33   [[ $1 ]]; then
  34   echo "error: unrecognized arguments" >&2
  35   exit 0
  36 fi
  37
  38 if $fast; then
  39   lnf() { ln -sf "$@"; }
  40 fi
  41
  42 shopt -s nullglob
  43 shopt -s extglob
  44 shopt -s dotglob
  45
  46 # If we make a link back to the root, we stop going deeper into subdir_files.
  47 # This makes it so we can do subdir directories.
  48 #
  49 # Also note, under filesystem/, symlinks are expanded.
  50
  51 subdir-link-r() {
  52   local root="$1"
  53   local targets=()
  54   if [[ $2 ]]; then
  55     targets=( "$2"/!(.git|..|.) )
  56   else
  57     for f in "$1"/!(.git|..|.); do
  58       if [[ -d $f ]]; then targets+=("$f"); fi
  59     done
  60   fi
  61   local below
  62   below="$( readlink -f "$root/..")"
  63   for path in "${targets[@]}"; do
  64     local fullpath
  65     fullpath="$(readlink -f "$path")"
  66     #e $fullpath $below # debug
  67     if [[ -f $path || $(dirname $(readlink -f "$fullpath")) == "$below" ]]; then
  68       m lnf -T "$path" "$HOME/${path#$root/}"
  69     elif [[ -d "$path" ]]; then
  70       subdir-link-r "$root" "$path"
  71     fi
  72   done
  73 }
  74
  75
  76 common-file-setup() {
  77   local dir fs x f reload_systemd
  78   local -a reload_services
  79   local -a restart_services
  80   reload_systemd=false
  81   for dir in "$@"; do
  82     fs=$dir/filesystem
  83     if [[ -e $fs && $user =~ ^iank?$ ]]; then
  84       while read -r line; do
  85         file="${line:12}"
  86         case $file in
  87           etc/systemd/system/*)
  88             reload_systemd=true
  89             ;;
  90           etc/dnsmasq.d/*)
  91             restart_services+=(dnsmasq)
  92             ;;
  93         esac
  94         # Previously did this with tar, but it doesn't
  95         # update directory permissions.
  96         #
  97         # S = do spare files efficiently
  98         # A = preserve acls
  99         # X = preserve extended attributes
 100         # i = itemize
 101       done < <(s rsync -aiSAX --chown=root:root --chmod=g-s \
 102                  --exclude=/etc/dovecot/users \
 103                  --exclude='/etc/exim4/passwd*' \
 104                  --exclude='/etc/exim4/*.pem' \
 105                  $fs/ /)
 106     fi
 107
 108     if [[ -e $dir/subdir_files ]]; then
 109       m subdir-link-r $dir/subdir_files
 110     fi
 111     local x=( $dir/!(binds|subdir_files|filesystem|machine_specific|..|.) )
 112     (( ${#x[@]} >= 1 )) || continue
 113     m lnf ${x[@]} ~
 114   done
 115   if $reload_systemd; then
 116     m s systemctl daemon-reload
 117   fi
 118   for service in ${restart_services[@]}; do
 119     if systemctl is-active $service >/dev/null; then
 120       m s systemctl reload $service
 121     fi
 122   done
 123
 124 }
 125
 126 user=$(id -un)
 127 all_dirs=({/a/bin/ds,/p/c}{,/machine_specific/$HOSTNAME})
 128 # note, we assume a group of hosts does not have the
 129 # same name as a single host, which is no problem on our scale.
 130 for x in /p/c/machine_specific/*.hosts /a/bin/ds/machine_specific/*.hosts; do
 131   if grep -qxF $HOSTNAME $x; then all_dirs+=( ${x%.hosts} ); fi
 132 done
 133
 134 c_dirs=(/a/c{,/machine_specific/$HOSTNAME})
 135 case $user in
 136   iank)
 137     files=(/p/c/machine_specific/*/filesystem/etc/ssh/*_key
 138            /p/c/filesystem/etc/openvpn/client/*.key
 139            /p/c/filesystem/etc/openvpn/easy-rsa/keys/*.key
 140            /p/c/machine_specific/kw/filesystem/etc/openvpn/client/*.key
 141           )
 142     if [[ -e ${files[0]} ]]; then
 143       chmod 600 ${files[@]}
 144     fi
 145     # p needs to go first so .ssh link is created, then config link inside it
 146     m common-file-setup ${all_dirs[@]}
 147
 148     #### begin special extra stuff ####
 149     install -d -m700 ~/gpg-agent-socket
 150
 151     f=/var/lib/bind
 152     if [[ -e $f ]]; then
 153       # reset to the original permissions.
 154       m s chgrp -R bind $f
 155       m s chmod g+w $f
 156     fi
 157     sudo bash -c 'shopt -s nullglob; for f in /etc/bind/*.key /etc/bind/*.private /etc/bind/key.*; do chgrp bind $f; done'
 158     if [[ -e /etc/davpass ]] && getent group www-data &>/dev/null; then
 159       s chgrp www-data /etc/davpass
 160     fi
 161     if [[ -e /var/lib/znc ]] && getent group znc; then
 162       s chown -R znc:znc /var/lib/znc
 163     fi
 164     /a/exe/lnf -T /p/arbtt-capture.log ~/.arbtt/capture.log
 165     f=/etc/prometheus-htpasswd
 166     if [[ -e $f ]]; then
 167       s chmod 640 $f /etc/prometheus-pass
 168       s chown root:www-data $f
 169       if getent passwd prometheus; then
 170         s chown root:prometheus /etc/prometheus-pass
 171       fi
 172     fi
 173
 174     ##### end special extra stuff #####
 175
 176     m sudo -H -u user2 "${BASH_SOURCE[0]}"
 177
 178     f=/a/bin/distro-setup/system-status
 179     if [[ -x $f ]]; then
 180       $f _
 181     fi
 182     mkdir -p ~/.local
 183     echo 0 >~/.local/conflink
 184
 185     ;;
 186   user2)
 187     m common-file-setup ${c_dirs[@]}
 188     ;;
 189   *)
 190     echo "$0: error: unexpected user"; exit 1
 191     ;;
 192 esac